bonjour lepanache,merci pour ton aide
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees :
http://www.sur-la-toile.com/discussion- ... ntees.htmlSite Web :
http://www.sur-la-toile.com/RogueKiller/Blog :
http://tigzyrk.blogspot.com/Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Raf [Droits d'admin]
Mode : Recherche -- Date : 12/05/2013 21:15:08
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] DomaIQ10.exe -- C:\Users\Raf\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe [-] -> TUÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> STOPPÉ
¤¤¤ Entrees de registre : 8 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> TROUVÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> TROUVÉ
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-4287901200-1826466481-1550556040-1000\$8166ef42b4771c09791b47ffbaad6836\n.) [x] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\n) [-] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\n) [-] -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\@ [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-4287901200-1826466481-1550556040-1000\$8166ef42b4771c09791b47ffbaad6836\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-4287901200-1826466481-1550556040-1000\$8166ef42b4771c09791b47ffbaad6836\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$8166ef42b4771c09791b47ffbaad6836\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-4287901200-1826466481-1550556040-1000\$8166ef42b4771c09791b47ffbaad6836\L --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SJ +++++
--- User ---
[MBR] a28cd05dca7bfe88512ea7cea2b26f62
[BSP] 6b92749420efd468cec61cde58cb2559 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 939602 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924511744 | Size: 14165 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_12052013_211508.txt >>
RKreport[1]_S_12052013_211508.txt