Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.7.9 [Nov 25 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : DJEDJE [Droits d'admin]
Mode : Recherche -- Date : 12/02/2013 02:20:18
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1214440339-838170752-1177238915-1003\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.rsarabia.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.darwesh.net
127.0.0.1 darwesh.net
127.0.0.1 www.rsarabia.com
127.0.0.1 rsarabia.com
127.0.0.1 www.uaetraders.net
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HDS728080PLA380 40Y9028LEN +++++
--- User ---
[MBR] d03d19a607958f6b3115741e6b7815b3
[BSP] 3518d03f3d4ba4e646cfaae2886117da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 36322 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CARD-READER USB Device +++++
--- User ---
[MBR] f88b70e514c1edfae01ff8f50a59e496
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB DISK 20X USB Device +++++
--- User ---
[MBR] 62e129f0f33858ee2523b4924b4320df
[BSP] 5b011ae5ee3739a967dc2ac8fc5f9e25 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1960 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] ce0595ce6a13c4916dd348a8f4ff0c93
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 368 | Size: 3999 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
Termine : << RKreport[0]_S_12022013_022018.txt >>
mail : tigzyRK
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : DJEDJE [Droits d'admin]
Mode : Recherche -- Date : 12/02/2013 02:20:18
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1214440339-838170752-1177238915-1003\[...]\Run : qKrJBqRp (wscript.exe //B "E:\DOCUME~1\DJEDJE\LOCALS~1\Temp\qKrJBqRp.vbs" [x][-]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.rsarabia.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.darwesh.net
127.0.0.1 darwesh.net
127.0.0.1 www.rsarabia.com
127.0.0.1 rsarabia.com
127.0.0.1 www.uaetraders.net
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HDS728080PLA380 40Y9028LEN +++++
--- User ---
[MBR] d03d19a607958f6b3115741e6b7815b3
[BSP] 3518d03f3d4ba4e646cfaae2886117da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 39900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81922048 | Size: 36322 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB2.0 CARD-READER USB Device +++++
--- User ---
[MBR] f88b70e514c1edfae01ff8f50a59e496
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) USB DISK 20X USB Device +++++
--- User ---
[MBR] 62e129f0f33858ee2523b4924b4320df
[BSP] 5b011ae5ee3739a967dc2ac8fc5f9e25 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1960 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] ce0595ce6a13c4916dd348a8f4ff0c93
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 368 | Size: 3999 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )
Termine : << RKreport[0]_S_12022013_022018.txt >>