RogueKiller V8.6.12 [Sep 18 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : JL MH [Droits d'admin] Mode : Suppression -- Date : 09/29/2013 19:18:55 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ [Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D7464C) [Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D74606) [Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D74656) [Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D745FC) [Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D7460B) [Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D74615) [Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D74647) [Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D7461A) [Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D745E8) [Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D745ED) [Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D7466F) [Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xF7D74624) [Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D74660) [Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xF7D7461F) [Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xF7D7465B) [Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D74665) [Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D74610) [Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xF7D7466A) [Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D745F7) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D7467E) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D74683) ¤¤¤ Ruches Externes: ¤¤¤ -> D:\Documents and Settings\Au paradis des Jeux\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - Maxtor 6Y080L0 +++++ --- User --- [MBR] 833f406f0642103ff8dbd38c247660dd [BSP] aaf7fb6f7f47bf510d9e0ca4455e3236 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - ST380013AS +++++ --- User --- [MBR] 9b92648f937cfbd1e0990ed1e988784e [BSP] 640d7615acc84eddb3904aadcbf6418a : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Lecteurs de disque standard) - SAMSUNG HD103UI USB Device +++++ --- User --- [MBR] 27c289e221b1163fa86886e238e2ef36 [BSP] cae98ad479e92e1a027ccf3f8fec54c3 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) (Lecteurs de disque standard) - Seagate Desktop USB Device +++++ --- User --- [MBR] 9a74dacb40b77ababf31a38997e5b9d2 [BSP] 544495ebd93c89340ab71c5d8cbb61ad : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[0]_D_09292013_191855.txt >> RKreport[0]_S_09282013_182457.txt;RKreport[0]_S_09292013_191649.txt