Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.9 [Feb 24 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : François [Droits d'admin]
Mode : Suppression -- Date : 03/01/2014 22:19:18
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\FRANOI~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
[V2][SUSP PATH] Digital Sites : C:\Users\FRANOI~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CD4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CD4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CF2B62)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CDFA79)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 activation.guitar-pro.com
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 1423aa323df4d344bb9071960ceb30b7
[BSP] 4dca765259ce27c99ab56ca4007213d3 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 291931 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_03012014_221918.txt >>
RKreport[0]_S_02272014_192655.txt;RKreport[0]_S_03012014_221816.txt
mail : tigzyRK
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : François [Droits d'admin]
Mode : Suppression -- Date : 03/01/2014 22:19:18
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\FRANOI~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
[V2][SUSP PATH] Digital Sites : C:\Users\FRANOI~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CD4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CD4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CF2B62)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x61CDFA79)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 activation.guitar-pro.com
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 1423aa323df4d344bb9071960ceb30b7
[BSP] 4dca765259ce27c99ab56ca4007213d3 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 291931 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_03012014_221918.txt >>
RKreport[0]_S_02272014_192655.txt;RKreport[0]_S_03012014_221816.txt