RogueKiller V8.7.9 [Nov 25 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : DJEDJE [Droits d'admin] Mode : Recherche -- Date : 12/02/2013 02:20:18 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ [RUN][SUSP PATH] HKLM\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1214440339-838170752-1177238915-1003\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 tonec.com 127.0.0.1 www.tonec.com 127.0.0.1 registeridm.com 127.0.0.1 www.registeridm.com 127.0.0.1 secure.registeridm.com 127.0.0.1 internetdownloadmanager.com 127.0.0.1 www.internetdownloadmanager.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 mirror.internetdownloadmanager.com 127.0.0.1 mirror2.internetdownloadmanager.com 127.0.0.1 mirror3.internetdownloadmanager.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 www.rsarabia.com 127.0.0.1 secure.internetdownloadmanager.com 127.0.0.1 www.darwesh.net 127.0.0.1 darwesh.net 127.0.0.1 www.rsarabia.com 127.0.0.1 rsarabia.com 127.0.0.1 www.uaetraders.net 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HDS728080PLA380 40Y9028LEN +++++ --- User --- [MBR] d03d19a607958f6b3115741e6b7815b3 [BSP] 3518d03f3d4ba4e646cfaae2886117da : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 36322 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CARD-READER USB Device +++++ --- User --- [MBR] f88b70e514c1edfae01ff8f50a59e496 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB DISK 20X USB Device +++++ --- User --- [MBR] 62e129f0f33858ee2523b4924b4320df [BSP] 5b011ae5ee3739a967dc2ac8fc5f9e25 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1960 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic Flash Disk USB Device +++++ --- User --- [MBR] ce0595ce6a13c4916dd348a8f4ff0c93 [BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 368 | Size: 3999 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. ) Termine : << RKreport[0]_S_12022013_022018.txt >>