Virus Trojan, qui ne lache pas l'affaire !
Fermé
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
-
24 oct. 2013 à 19:50
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 24 oct. 2013 à 23:07
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 24 oct. 2013 à 23:07
A voir également:
- Virus Trojan, qui ne lache pas l'affaire !
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Svchost.exe virus - Guide
- Altruistic virus ✓ - Forum Antivirus
- Trojan spyware ✓ - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
9 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
24 oct. 2013 à 19:51
24 oct. 2013 à 19:51
Salut,
T'as mis quoi en quarantaine?
T'as mis quoi en quarantaine?
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
24 oct. 2013 à 19:52
24 oct. 2013 à 19:52
Je suis pour la premiere fois sur se forum, il est possible d'insérer des photos ?
j'ais le screen des virus dans le rappor de la quarantaine .
j'ais le screen des virus dans le rappor de la quarantaine .
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
24 oct. 2013 à 19:56
24 oct. 2013 à 19:56
Sinon les virus mis en quarantaine sont:
-Trojan.Generic.9651310
-Trojan.Generic.9603711
-Trojan.Sirefef.HU
-Trojan.Generic.9140419
-Trojan.Generic.9651310
-Trojan.Generic.9603711
-Trojan.Sirefef.HU
-Trojan.Generic.9140419
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
24 oct. 2013 à 19:57
24 oct. 2013 à 19:57
[*] Télécharger sur le bureau https://forum.malekal.com/viewtopic.php?t=29444&start= (suivre le lien officiel)
[*] !!! ATTENTION !! Sur la page de RogueKiller - "Prendre Lien de téléchargement" - avec les cercles violets. En cliquant sur ces cercles le programme se télécharge.
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
[*] Copie/colle le contenu du rapport ici.
!!! Je répète bien faire Suppression à droite et poster le rapport. !!!
[*] !!! ATTENTION !! Sur la page de RogueKiller - "Prendre Lien de téléchargement" - avec les cercles violets. En cliquant sur ces cercles le programme se télécharge.
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
[*] Copie/colle le contenu du rapport ici.
!!! Je répète bien faire Suppression à droite et poster le rapport. !!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
24 oct. 2013 à 20:07
24 oct. 2013 à 20:07
Je vais faire tous cela sur le champ et je poste le rapport !
Merci
Merci
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
24 oct. 2013 à 20:24
24 oct. 2013 à 20:24
Voici le rapport complet =
RogueKiller V8.7.5 [Oct 22 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Peter [Droits d'admin]
Mode : Suppression -- Date : 10/24/2013 20:16:30
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SERVICE] IBUpdaterService -- "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x] -> STOPPÉ
¤¤¤ Entrees de registre : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Peter\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> SUPPRIMÉ
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe" >) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : SearchProtect (C:\Users\Peter\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][ZeroAccess] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : Google Update ("C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Peter\AppData\Roaming\cache.dat [x][x]) -> SUPPRIMÉ
[SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Peter\AppData\Roaming\cache.dat [x][x]) -> [0x2] Le fichier spécifié est introuvable.
[SERVICE][BLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> SUPPRIMÉ
[SERVICE][BLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> [0x3] Le chemin d???accès spécifié est introuvable.
[SERVICE][BLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> SUPPRIMÉ
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowRun (0) -> REMPLACÉ (1)
¤¤¤ Tâches planifiées : 3 ¤¤¤
[V1][ROGUE ST] Plus-HD-2.6-chromeinstaller.job : C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.6' /extensionfilepath='C:\Program Files\Plus-HD-2.6\33440.crx' /appid=33440 /srcid='000455' /subid='0' /zdata='0' /bic=94F876F7215D428697A52EFB0308F69DIE /verifier=1278b0387b995ee846eb27f62638477d /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1381417585 /statsdomain=hxxp://stats.ourstatssrv.com /errorsdomain=hxxp://errors.ourstatssrv.com /waitforbrowser=300 /extensionid=mpfeggemggokijeahnacacopejaabljl /extensionversion=1.24.74 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHPT5QD37DnL7GJHG77iGzvpLejxGdXHZvBKOu5hJqGvfi5WaFIsSf/uvNgjX+8psTKWdn8dMrva7GaCccB7ACl0GBsRWxp8A9mQ22mTxGvKch6geQQE/0UlevUa0CnlpcnD6D2Rq8WMXhSW2W4h762cbn0slwvjJ+KV1i9SaKuwIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> SUPPRIMÉ
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\system32\Rundll32.exe" - "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> SUPPRIMÉ
[V2][ROGUE ST] Plus-HD-2.6-chromeinstaller : C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.6' /extensionfilepath='C:\Program Files\Plus-HD-2.6\33440.crx' /appid=33440 /srcid='000455' /subid='0' /zdata='0' /bic=94F876F7215D428697A52EFB0308F69DIE /verifier=1278b0387b995ee846eb27f62638477d /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1381417585 /statsdomain=hxxp://stats.ourstatssrv.com /errorsdomain=hxxp://errors.ourstatssrv.com /waitforbrowser=300 /extensionid=mpfeggemggokijeahnacacopejaabljl /extensionversion=1.24.74 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHPT5QD37DnL7GJHG77iGzvpLejxGdXHZvBKOu5hJqGvfi5WaFIsSf/uvNgjX+8psTKWdn8dMrva7GaCccB7ACl0GBsRWxp8A9mQ22mTxGvKch6geQQE/0UlevUa0CnlpcnD6D2Rq8WMXhSW2W4h762cbn0slwvjJ+KV1i9SaKuwIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 1 ¤¤¤
[Peter][SUSP PATH] rlfqqtfr.lnk : C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlfqqtfr.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~2\rftqqflr.dss,XL200 [-][7][-] -> SUPPRIMÉ
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Repertoire] Install : C:\Users\Peter\AppData\Local\Google\Desktop\Install [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Fichier] @ : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\@ [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Fichier] GoogleUpdate.exe : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 76603ac3 : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L\76603ac3 [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {6873fee0-2fba-0c72-8567-020f1ffc313d} : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d} [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\????????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\????????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] {6873fee0-2fba-0c72-8567-020f1ffc313d} : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d} [-] --> SUPPRIMÉ AU REBOOT
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6E021E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C190)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (RegSetValueW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C2E0)
[Inline] EAT @iexplore.exe (CreateDialogParamA) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65CA70)
[Inline] EAT @iexplore.exe (CreateDialogParamW) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C940)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65B7C0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65B8F0)
[Inline] EAT @iexplore.exe (D3DKMTGetDisplayModeList) : GDI32.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D1950)
[Inline] EAT @iexplore.exe (D3DKMTQueryAdapterInfo) : GDI32.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D19D0)
[Inline] EAT @iexplore.exe (Direct3DCreate8) : d3d8.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D12B0)
[Inline] EAT @iexplore.exe (Direct3DCreate9) : d3d9.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D1800)
[Inline] EAT @iexplore.exe (CreateDXGIFactory) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF1460)
[Inline] EAT @iexplore.exe (CreateDXGIFactory1) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF14C0)
[Inline] EAT @iexplore.exe (DXGID3D10CreateDevice) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF12D0)
[Inline] EAT @iexplore.exe (D3D10CreateDevice) : d3d10.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF1530)
[Inline] EAT @iexplore.exe (D3D11CreateDevice) : d3d11.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF16C0)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x069501B0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x069502E0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x06951C40)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x063801B0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x063802E0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x06381C40)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM641JI +++++
--- User ---
[MBR] a51fd5ad5acfed76ea10ae918c48c86b
[BSP] 504fc63b733c6a2c45824a69d1ab3a66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 578632 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1185245184 | Size: 30720 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1248159744 | Size: 1026 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_10242013_201630.txt >>
RKreport[0]_S_10242013_201510.txt
Est-ce tous se qu'il fallait faire ?
RogueKiller V8.7.5 [Oct 22 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Peter [Droits d'admin]
Mode : Suppression -- Date : 10/24/2013 20:16:30
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SERVICE] IBUpdaterService -- "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x] -> STOPPÉ
¤¤¤ Entrees de registre : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Peter\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> SUPPRIMÉ
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe" >) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : SearchProtect (C:\Users\Peter\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][ZeroAccess] HKUS\S-1-5-21-2597414690-4188566680-2566582721-1001\[...]\Run : Google Update ("C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Peter\AppData\Roaming\cache.dat [x][x]) -> SUPPRIMÉ
[SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Peter\AppData\Roaming\cache.dat [x][x]) -> [0x2] Le fichier spécifié est introuvable.
[SERVICE][BLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> SUPPRIMÉ
[SERVICE][BLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> [0x3] Le chemin d???accès spécifié est introuvable.
[SERVICE][BLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]) -> SUPPRIMÉ
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowRun (0) -> REMPLACÉ (1)
¤¤¤ Tâches planifiées : 3 ¤¤¤
[V1][ROGUE ST] Plus-HD-2.6-chromeinstaller.job : C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.6' /extensionfilepath='C:\Program Files\Plus-HD-2.6\33440.crx' /appid=33440 /srcid='000455' /subid='0' /zdata='0' /bic=94F876F7215D428697A52EFB0308F69DIE /verifier=1278b0387b995ee846eb27f62638477d /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1381417585 /statsdomain=hxxp://stats.ourstatssrv.com /errorsdomain=hxxp://errors.ourstatssrv.com /waitforbrowser=300 /extensionid=mpfeggemggokijeahnacacopejaabljl /extensionversion=1.24.74 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHPT5QD37DnL7GJHG77iGzvpLejxGdXHZvBKOu5hJqGvfi5WaFIsSf/uvNgjX+8psTKWdn8dMrva7GaCccB7ACl0GBsRWxp8A9mQ22mTxGvKch6geQQE/0UlevUa0CnlpcnD6D2Rq8WMXhSW2W4h762cbn0slwvjJ+KV1i9SaKuwIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> SUPPRIMÉ
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\system32\Rundll32.exe" - "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> SUPPRIMÉ
[V2][ROGUE ST] Plus-HD-2.6-chromeinstaller : C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.6' /extensionfilepath='C:\Program Files\Plus-HD-2.6\33440.crx' /appid=33440 /srcid='000455' /subid='0' /zdata='0' /bic=94F876F7215D428697A52EFB0308F69DIE /verifier=1278b0387b995ee846eb27f62638477d /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1381417585 /statsdomain=hxxp://stats.ourstatssrv.com /errorsdomain=hxxp://errors.ourstatssrv.com /waitforbrowser=300 /extensionid=mpfeggemggokijeahnacacopejaabljl /extensionversion=1.24.74 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHPT5QD37DnL7GJHG77iGzvpLejxGdXHZvBKOu5hJqGvfi5WaFIsSf/uvNgjX+8psTKWdn8dMrva7GaCccB7ACl0GBsRWxp8A9mQ22mTxGvKch6geQQE/0UlevUa0CnlpcnD6D2Rq8WMXhSW2W4h762cbn0slwvjJ+KV1i9SaKuwIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 1 ¤¤¤
[Peter][SUSP PATH] rlfqqtfr.lnk : C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rlfqqtfr.lnk @C:\Windows\System32\rundll32.exe C:\PROGRA~2\rftqqflr.dss,XL200 [-][7][-] -> SUPPRIMÉ
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Repertoire] Install : C:\Users\Peter\AppData\Local\Google\Desktop\Install [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Fichier] @ : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\@ [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Fichier] GoogleUpdate.exe : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\GoogleUpdate.exe [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 00000004.@ : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L\00000004.@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] 76603ac3 : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L\76603ac3 [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\L [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {6873fee0-2fba-0c72-8567-020f1ffc313d} : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\?????\{6873fee0-2fba-0c72-8567-020f1ffc313d} [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\?????????\????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\?????????\????????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] ????????? : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d}\????????? [-] --> SUPPRIMÉ AU REBOOT
[ZeroAccess][Repertoire] {6873fee0-2fba-0c72-8567-020f1ffc313d} : C:\Users\Peter\AppData\Local\Google\Desktop\Install\{6873fee0-2fba-0c72-8567-020f1ffc313d} [-] --> SUPPRIMÉ AU REBOOT
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6E021E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C190)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (RegSetValueW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C2E0)
[Inline] EAT @iexplore.exe (CreateDialogParamA) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65CA70)
[Inline] EAT @iexplore.exe (CreateDialogParamW) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C940)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65B7C0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65B8F0)
[Inline] EAT @iexplore.exe (D3DKMTGetDisplayModeList) : GDI32.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D1950)
[Inline] EAT @iexplore.exe (D3DKMTQueryAdapterInfo) : GDI32.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D19D0)
[Inline] EAT @iexplore.exe (Direct3DCreate8) : d3d8.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D12B0)
[Inline] EAT @iexplore.exe (Direct3DCreate9) : d3d9.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x6E2D1800)
[Inline] EAT @iexplore.exe (CreateDXGIFactory) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF1460)
[Inline] EAT @iexplore.exe (CreateDXGIFactory1) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF14C0)
[Inline] EAT @iexplore.exe (DXGID3D10CreateDevice) : dxgi.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF12D0)
[Inline] EAT @iexplore.exe (D3D10CreateDevice) : d3d10.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF1530)
[Inline] EAT @iexplore.exe (D3D11CreateDevice) : d3d11.dll -> HOOKED (C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrap.dll @ 0x70AF16C0)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x069501B0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x069502E0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x06951C40)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B60E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B6469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76B646AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768A46E9)
[Inline] EAT @iexplore.exe (RegSetValueExW) : kernel32.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C6D0)
[Inline] EAT @iexplore.exe (RegSetValueExA) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C3C0)
[Inline] EAT @iexplore.exe (RegSetValueExW) : advapi32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\hktbapp0.dll @ 0x6A65C510)
[Inline] EAT @iexplore.exe (TrackPopupMenu) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x063801B0)
[Inline] EAT @iexplore.exe (TrackPopupMenuEx) : user32.DLL -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x063802E0)
[Inline] EAT @iexplore.exe (HttpQueryInfoA) : WININET.dll -> HOOKED (C:\Users\Peter\AppData\LocalLow\appbarioFR\tbapp0.dll @ 0x06381C40)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM641JI +++++
--- User ---
[MBR] a51fd5ad5acfed76ea10ae918c48c86b
[BSP] 504fc63b733c6a2c45824a69d1ab3a66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 578632 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1185245184 | Size: 30720 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1248159744 | Size: 1026 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_10242013_201630.txt >>
RKreport[0]_S_10242013_201510.txt
Est-ce tous se qu'il fallait faire ?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
24 oct. 2013 à 21:17
24 oct. 2013 à 21:17
Télécharge et installe Malwarebyte MBAR : https://www.malekal.com/malwarebytes-anti-rootkit-mbar-beta/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
Enregistre le rapport sur http://pjjoint.malekal.com
Donne le lien pjjoint ici.
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
Enregistre le rapport sur http://pjjoint.malekal.com
Donne le lien pjjoint ici.
Peter68210
Messages postés
8
Date d'inscription
jeudi 24 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
24 oct. 2013 à 23:03
24 oct. 2013 à 23:03
Je finit le travail demain, je n'ais pas le temp, Merci encore pour l'aide!
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
24 oct. 2013 à 23:07
24 oct. 2013 à 23:07
pas de prb :)
