Rapport avant suppression
madilem972
Messages postés
1
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
RogueKiller V8.5.2 [Feb 23 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : f-lem [Droits d'admin]
Mode : Recherche -- Date : 03/03/2013 20:12:22
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : teeveewatchSA ("C:\Users\f-lem\AppData\Local\teeveewatchSA\bin\1.0.7.0\teeveewatchSA.exe") [-] -> TROUVÉ
[RUN][Rans.Gendarm] HKCU\[...]\Run : SonyAgent (C:\Windows\Temp\temp46.exe) [-] -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : certpher (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : mshtosk (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo64.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : teeveewatchSA ("C:\Users\f-lem\AppData\Local\teeveewatchSA\bin\1.0.7.0\teeveewatchSA.exe") [-] -> TROUVÉ
[RUN][Rans.Gendarm] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : SonyAgent (C:\Windows\Temp\temp46.exe) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : certpher (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : mshtosk (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo64.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 54F241DB0DACDA01000054F1ECEDDEBF (C:\ProgramData\54F241DB0DACDA01000054F1ECEDDEBF\54F241DB0DACDA01000054F1ECEDDEBF.exe) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\RunOnce : 54F241DB0DACDA01000054F1ECEDDEBF (C:\ProgramData\54F241DB0DACDA01000054F1ECEDDEBF\54F241DB0DACDA01000054F1ECEDDEBF.exe) [-] -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\n) [-] -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\L --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 4d125687074a189b6d328ce6bb8f80c0
[BSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 16997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 34812855 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 279000855 | Size: 340706 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_03032013_201222.txt >>
RKreport[1]_S_03032013_201222.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : f-lem [Droits d'admin]
Mode : Recherche -- Date : 03/03/2013 20:12:22
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : teeveewatchSA ("C:\Users\f-lem\AppData\Local\teeveewatchSA\bin\1.0.7.0\teeveewatchSA.exe") [-] -> TROUVÉ
[RUN][Rans.Gendarm] HKCU\[...]\Run : SonyAgent (C:\Windows\Temp\temp46.exe) [-] -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : certpher (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : mshtosk (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo64.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : teeveewatchSA ("C:\Users\f-lem\AppData\Local\teeveewatchSA\bin\1.0.7.0\teeveewatchSA.exe") [-] -> TROUVÉ
[RUN][Rans.Gendarm] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : SonyAgent (C:\Windows\Temp\temp46.exe) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : certpher (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\Run : mshtosk (rundll32 "C:\Users\f-lem\AppData\Local\Temp\dcominfo64.dll",CreateProcessNotify) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 54F241DB0DACDA01000054F1ECEDDEBF (C:\ProgramData\54F241DB0DACDA01000054F1ECEDDEBF\54F241DB0DACDA01000054F1ECEDDEBF.exe) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKUS\S-1-5-21-3583893240-2298955608-2671384347-1001[...]\RunOnce : 54F241DB0DACDA01000054F1ECEDDEBF (C:\ProgramData\54F241DB0DACDA01000054F1ECEDDEBF\54F241DB0DACDA01000054F1ECEDDEBF.exe) [-] -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\n) [-] -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3583893240-2298955608-2671384347-1001\$d795887f46d513594105c8df2b73c821\L --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 4d125687074a189b6d328ce6bb8f80c0
[BSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 16997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 34812855 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 279000855 | Size: 340706 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_03032013_201222.txt >>
RKreport[1]_S_03032013_201222.txt
A voir également:
- Rapport avant suppression
- Forcer suppression fichier - Guide
- Retrouver mon compte copains d'avant - Forum Réseaux sociaux
- Plan rapport de stage - Guide
- Suppression compte gmail - Guide
- Avant browser - Télécharger - Navigateurs
