RogueKiller V8.6.1 [Jun 19 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : Laptiteblonde [Droits d'admin] Mode : Recherche -- Date : 06/22/2013 10:37:22 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 11 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> TROUVÉ [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> TROUVÉ [DNS] HKLM\[...]\CCSet\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ [DNS] HKLM\[...]\CS001\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ [DNS] HKLM\[...]\CS003\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ [Address] SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D0ED0) [Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE760) [Address] SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D11D0) [Address] SSDT[119] : NtOpenKey @ 0x80625648 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE560) [Address] SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D1580) [Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFE40) [Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFB40) [Address] Shadow SSDT[122] : NtGdiDeleteObjectApp -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF9D0) [Address] Shadow SSDT[191] : NtGdiGetPixel -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFEC0) [Address] Shadow SSDT[227] : NtGdiMaskBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFC90) [Address] Shadow SSDT[233] : NtGdiOpenDCW -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF920) [Address] Shadow SSDT[237] : NtGdiPlgBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFD40) [Address] Shadow SSDT[292] : NtGdiStretchBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFBE0) [Address] Shadow SSDT[298] : NtGdiTransparentBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFDC0) [Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF3D0) [Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF6D0) [Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF620) [Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEF00) [Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF0B0) [Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF240) [Address] Shadow SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF4D0) [Address] Shadow SSDT[502] : NtUserSendInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF780) [Address] Shadow SSDT[509] : NtUserSetClipboardViewer -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF880) [Address] Shadow SSDT[520] : NtUserSetInformationThread -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEBA0) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEC80) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CED60) ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : Mal.Hosts ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 download-winmx-free.com --> Potentially malicious! 127.0.0.1 www.download-winmx-free.com --> Potentially malicious! 127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious! 127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious! 127.0.0.1 free-winmx-downloads.com --> Potentially malicious! 127.0.0.1 www.google.dospop.com --> Potentially malicious! 127.0.0.1 www.mp3winmx.com --> Potentially malicious! 127.0.0.1 mp3winmx.com --> Potentially malicious! 127.0.0.1 winmx.click-new-download.com --> Potentially malicious! 127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious! 127.0.0.1 winmx-d0wnload.com --> Potentially malicious! 127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious! 127.0.0.1 www.winmxfrance.com --> Potentially malicious! 127.0.0.1 winmxfrance.com --> Potentially malicious! 127.0.0.1 winmx-freebie.com --> Potentially malicious! 127.0.0.1 www.winmx-freebie.com --> Potentially malicious! 127.0.0.1 winmx-music-download.com --> Potentially malicious! 127.0.0.1 www.winmx-music-download.com --> Potentially malicious! 127.0.0.1 winmx-usa.com --> Potentially malicious! 127.0.0.1 www.winmx-usa.com --> Potentially malicious! 127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious! 127.0.0.1 www.statcounter.com --> Potentially malicious! 127.0.0.1 secure.statcounter.com --> Potentially malicious! 127.0.0.1 s2.statcounter.com --> Potentially malicious! 127.0.0.1 my8.statcounter.com --> Potentially malicious! 127.0.0.1 my.statcounter.com --> Potentially malicious! 127.0.0.1 c46.statcounter.com --> Potentially malicious! 127.0.0.1 c45.statcounter.com --> Potentially malicious! 127.0.0.1 c43.statcounter.com --> Potentially malicious! 127.0.0.1 c42.statcounter.com --> Potentially malicious! 127.0.0.1 c41.statcounter.com --> Potentially malicious! 127.0.0.1 c40.statcounter.com --> Potentially malicious! 127.0.0.1 c39.statcounter.com --> Potentially malicious! 127.0.0.1 c38.statcounter.com --> Potentially malicious! 127.0.0.1 c37.statcounter.com --> Potentially malicious! 127.0.0.1 c36.statcounter.com --> Potentially malicious! 127.0.0.1 c35.statcounter.com --> Potentially malicious! 127.0.0.1 c34.statcounter.com --> Potentially malicious! 127.0.0.1 c33.statcounter.com --> Potentially malicious! 127.0.0.1 c32.statcounter.com --> Potentially malicious! 127.0.0.1 c31.statcounter.com --> Potentially malicious! 127.0.0.1 c30.statcounter.com --> Potentially malicious! 127.0.0.1 c29.statcounter.com --> Potentially malicious! 127.0.0.1 c28.statcounter.com --> Potentially malicious! 127.0.0.1 c27.statcounter.com --> Potentially malicious! 127.0.0.1 c26.statcounter.com --> Potentially malicious! 127.0.0.1 c25.statcounter.com --> Potentially malicious! 127.0.0.1 c24.statcounter.com --> Potentially malicious! 127.0.0.1 c23.statcounter.com --> Potentially malicious! 127.0.0.1 c22.statcounter.com --> Potentially malicious! 127.0.0.1 c21.statcounter.com --> Potentially malicious! 127.0.0.1 c20.statcounter.com --> Potentially malicious! 127.0.0.1 c19.statcounter.com --> Potentially malicious! 127.0.0.1 c18.statcounter.com --> Potentially malicious! 127.0.0.1 c17.statcounter.com --> Potentially malicious! 127.0.0.1 c16.statcounter.com --> Potentially malicious! 127.0.0.1 c15.statcounter.com --> Potentially malicious! 127.0.0.1 c14.statcounter.com --> Potentially malicious! 127.0.0.1 c13.statcounter.com --> Potentially malicious! 127.0.0.1 c12.statcounter.com --> Potentially malicious! 127.0.0.1 c11.statcounter.com --> Potentially malicious! 127.0.0.1 c10.statcounter.com --> Potentially malicious! 127.0.0.1 c8.statcounter.com --> Potentially malicious! 127.0.0.1 c7.statcounter.com --> Potentially malicious! 127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious! 127.0.0.1 c5.statcounter.com --> Potentially malicious! 127.0.0.1 c4.statcounter.com --> Potentially malicious! 127.0.0.1 c3.statcounter.com --> Potentially malicious! 127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious! 127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious! 127.0.0.1 c.statcounter.com --> Potentially malicious! 127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious! 127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious! 127.0.0.1 doubleclick.shockwave.com --> Potentially malicious! 127.0.0.1 fls.au.doubleclick.net --> Potentially malicious! 127.0.0.1 stats.g.doubleclick.net --> Potentially malicious! 127.0.0.1 cm.g.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious! 127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious! 127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious! 127.0.0.1 gan.doubleclick.net --> Potentially malicious! 127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious! 127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious! 127.0.0.1 www.doubleclick.com --> Potentially malicious! 127.0.0.1 www3.doubleclick.com --> Potentially malicious! 127.0.0.1 www2.doubleclick.com --> Potentially malicious! 127.0.0.1 doubleclick.com --> Potentially malicious! 127.0.0.1 www.doubleclick.net --> Potentially malicious! 127.0.0.1 www3.doubleclick.net --> Potentially malicious! 127.0.0.1 doubleclick.ne.jp --> Potentially malicious! 127.0.0.1 survey.g.doubleclick.net --> Potentially malicious! 127.0.0.1 s2.video.doubleclick.net --> Potentially malicious! 127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious! 127.0.0.1 n479ad.doubleclick.net --> Potentially malicious! 127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious! 127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious! 127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious! 127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious! 127.0.0.1 m.doubleclick.net --> Potentially malicious! 127.0.0.1 iv.doubleclick.net --> Potentially malicious! 127.0.0.1 ir.doubleclick.net --> Potentially malicious! 127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious! 127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious! 127.0.0.1 fls.doubleclick.net --> Potentially malicious! 127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious! 127.0.0.1 dfp.doubleclick.net --> Potentially malicious! 127.0.0.1 creatives.doubleclick.net --> Potentially malicious! 127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.za.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.us.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.th.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.si.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.se.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.no.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.it.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.in.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.es.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious! 127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.br.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.be.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.au.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.at.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious! 127.0.0.1 ad2.doubleclick.net --> Potentially malicious! 127.0.0.1 ad-g.doubleclick.net --> Potentially malicious! 127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious! 127.0.0.1 doubleclick.net --> Potentially malicious! 127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious! 127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious! 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: MAXTOR STM3250310AS +++++ --- User --- [MBR] 0b80b32e6b236e0f7089406e2e4d94f6 [BSP] 6b9e5d78691ad11762ec4fc35128d392 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: MAXTOR STM3250310AS +++++ --- User --- [MBR] ee28ad222bb5eeee20138e04dded8f0b [BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7450 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[0]_S_06222013_103722.txt >>