Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.6.12 [Sep 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : JL MH [Droits d'admin]
Mode : Suppression -- Date : 09/29/2013 19:18:55
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D7464C)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D74606)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D74656)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D745FC)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D7460B)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D74615)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D74647)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D7461A)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D745E8)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D745ED)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D7466F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xF7D74624)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D74660)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xF7D7461F)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xF7D7465B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D74665)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D74610)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xF7D7466A)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D745F7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D7467E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D74683)
¤¤¤ Ruches Externes: ¤¤¤
-> D:\Documents and Settings\Au paradis des Jeux\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - Maxtor 6Y080L0 +++++
--- User ---
[MBR] 833f406f0642103ff8dbd38c247660dd
[BSP] aaf7fb6f7f47bf510d9e0ca4455e3236 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - ST380013AS +++++
--- User ---
[MBR] 9b92648f937cfbd1e0990ed1e988784e
[BSP] 640d7615acc84eddb3904aadcbf6418a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Lecteurs de disque standard) - SAMSUNG HD103UI USB Device +++++
--- User ---
[MBR] 27c289e221b1163fa86886e238e2ef36
[BSP] cae98ad479e92e1a027ccf3f8fec54c3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) (Lecteurs de disque standard) - Seagate Desktop USB Device +++++
--- User ---
[MBR] 9a74dacb40b77ababf31a38997e5b9d2
[BSP] 544495ebd93c89340ab71c5d8cbb61ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[0]_D_09292013_191855.txt >>
RKreport[0]_S_09282013_182457.txt;RKreport[0]_S_09292013_191649.txt
mail : tigzyRK
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : JL MH [Droits d'admin]
Mode : Suppression -- Date : 09/29/2013 19:18:55
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7D7464C)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7D74606)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7D74656)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7D745FC)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7D7460B)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7D74615)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7D74647)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7D7461A)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7D745E8)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7D745ED)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7D7466F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xF7D74624)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7D74660)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xF7D7461F)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xF7D7465B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7D74665)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7D74610)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xF7D7466A)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7D745F7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7D7467E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7D74683)
¤¤¤ Ruches Externes: ¤¤¤
-> D:\Documents and Settings\Au paradis des Jeux\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - Maxtor 6Y080L0 +++++
--- User ---
[MBR] 833f406f0642103ff8dbd38c247660dd
[BSP] aaf7fb6f7f47bf510d9e0ca4455e3236 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - ST380013AS +++++
--- User ---
[MBR] 9b92648f937cfbd1e0990ed1e988784e
[BSP] 640d7615acc84eddb3904aadcbf6418a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Lecteurs de disque standard) - SAMSUNG HD103UI USB Device +++++
--- User ---
[MBR] 27c289e221b1163fa86886e238e2ef36
[BSP] cae98ad479e92e1a027ccf3f8fec54c3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) (Lecteurs de disque standard) - Seagate Desktop USB Device +++++
--- User ---
[MBR] 9a74dacb40b77ababf31a38997e5b9d2
[BSP] 544495ebd93c89340ab71c5d8cbb61ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[0]_D_09292013_191855.txt >>
RKreport[0]_S_09282013_182457.txt;RKreport[0]_S_09292013_191649.txt