RogueKiller V8.5.4 [Mar 18 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : Poussi-dou [Droits d'admin] Mode : Suppression -- Date : 12/04/2013 20:57:09 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 1 ¤¤¤ [DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\DOCUME~1\POUSSI~1\LOCALS~1\Temp\IadHide4.dll [x] -> DECHARGÉE ¤¤¤ Entrees de registre : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> SUPPRIMÉ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805B1DF8 -> HOOKED (Unknown @ 0xF7B4CA8C) SSDT[41] : NtCreateKey @ 0x8061AEDC -> HOOKED (Unknown @ 0xF7B4CA46) SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (Unknown @ 0xF7B4CA96) SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (Unknown @ 0xF7B4CA3C) SSDT[63] : NtDeleteKey @ 0x8061B378 -> HOOKED (Unknown @ 0xF7B4CA4B) SSDT[65] : NtDeleteValueKey @ 0x8061B548 -> HOOKED (Unknown @ 0xF7B4CA55) SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (Unknown @ 0xF7B4CA87) SSDT[98] : NtLoadKey @ 0x8061D100 -> HOOKED (Unknown @ 0xF7B4CA5A) SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (Unknown @ 0xF7B4CA28) SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (Unknown @ 0xF7B4CA2D) SSDT[193] : NtReplaceKey @ 0x8061CFB0 -> HOOKED (Unknown @ 0xF7B4CA64) SSDT[204] : NtRestoreKey @ 0x8061C8BC -> HOOKED (Unknown @ 0xF7B4CA5F) SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (Unknown @ 0xF7B4CA9B) SSDT[247] : NtSetValueKey @ 0x8061944E -> HOOKED (Unknown @ 0xF7B4CA50) SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (Unknown @ 0xF7B4CA37) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7B4CAA0) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7B4CAA5) ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6L160P0 +++++ --- User --- [MBR] b338965c614f75c13d550193d3ed9e95 [BSP] e60e68451b5042a23767f567a9bb3e99 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156319 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2]_D_12042013_205709.txt >> RKreport[1]_S_12042013_205306.txt ; RKreport[2]_D_12042013_205709.txt