cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.6.4.0 [May 18 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : André [Administrateur]
Démarré depuis : C:\Users\André\Downloads\RogueKiller(3).exe
Mode : Scan -- Date : 05/19/2015 00:08:03

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 5 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\internetControllerService (C:\Users\André\AppData\Roaming\Internet-Controller\internet-controllerservice.exe) -> Trouvé(e)
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\ANDR~1\AppData\Local\Temp\mbr.sys) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\internetControllerService (C:\Users\André\AppData\Roaming\Internet-Controller\internet-controllerservice.exe) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\ANDR~1\AppData\Local\Temp\mbr.sys) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\internetControllerService (C:\Users\André\AppData\Roaming\Internet-Controller\internet-controllerservice.exe) -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 86 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x73f92859 (jmp 0xfec6f25d|jmp 0xffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x73f92431 (jmp 0xfec75a45|jmp 0xffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x73f93699 (jmp 0xfec757e5|jmp 0xffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x73f93861 (jmp 0xfec75973|jmp 0xffffcd2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptHashData : Unknown @ 0x73f93a29 (jmp 0xfec75b53|jmp 0xffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x73f93991 (jmp 0xfec75a73|jmp 0xffffcbfa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73f917b9 (jmp 0xfd5634ad|jmp 0xffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - GetMessageW : Unknown @ 0x73f94019 (jmp 0xfd557231|jmp 0xffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - PostMessageW : Unknown @ 0x73f94149 (jmp 0xfd55fcce|jmp 0xffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73f921d1 (jmp 0xfd55fcf5|jmp 0xffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73f92be9 (jmp 0xfd18c514|jmp 0xffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcessToken : Unknown @ 0x73f93bf1 (jmp 0xfd18ddfc|jmp 0xffffc99a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73f92d19 (jmp 0xfd18c534|jmp 0xffffd872|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryInformationToken : Unknown @ 0x73f93c89 (jmp 0xfd18dbb4|jmp 0xffffc902|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73f91ed9 (jmp 0xfd18c5e4|jmp 0xffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73f92b51 (jmp 0xfd18c22c|jmp 0xffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73f915f1 (jmp 0xfd18b96c|jmp 0xffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73f91689 (jmp 0xfd18ac74|jmp 0xffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73f91d11 (jmp 0xfd18b74c|jmp 0xffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - RtlEqualSid : Unknown @ 0x73f93d21 (jmp 0xfd1658ed|jmp 0xffffc86a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73f91da9 (jmp 0xfd18bfc4|jmp 0xffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateFile : Unknown @ 0x73f933a1 (jmp 0xfd18dd7c|jmp 0xffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73f92989 (jmp 0xfd16b838|jmp 0xffffdc02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73f91c79 (jmp 0xfd18b184|jmp 0xffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73f920a1 (jmp 0xfd18b7ac|jmp 0xffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73f91e41 (jmp 0xfd18bb6c|jmp 0xffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73f918e9 (jmp 0xfd18c164|jmp 0xffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x73f93309 (jmp 0xfd18e044|jmp 0xffffd282|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73f92009 (jmp 0xfd312217|jmp 0xffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73f93ee9 (jmp 0xfd18d4c4|jmp 0xffffc6a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - GetMessageA : Unknown @ 0x73f93f81 (jmp 0xfd5626e8|jmp 0xffffc60a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - PostMessageA : Unknown @ 0x73f940b1 (jmp 0xfd568c6b|jmp 0xffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - MoveFileExW : Unknown @ 0x73f93011 (jmp 0xfd30a151|jmp 0xffffd57a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x73f92ab9 (jmp 0xfec5b965|jmp 0xffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x73f927c1 (jmp 0xfec3f3f5|jmp 0xffffddca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - DeleteService : Unknown @ 0x73f92691 (jmp 0xfec5b50d|jmp 0xffffdefa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - ControlService : Unknown @ 0x73f925f9 (jmp 0xfec5b48d|jmp 0xffffdf92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73f92c81 (jmp 0xfd18d0cc|jmp 0xffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptGenKey : Unknown @ 0x73f93731 (jmp 0xfec7a8a8|jmp 0xffffce5a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptExportKey : Unknown @ 0x73f938f9 (jmp 0xfec7a773|jmp 0xffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - CryptImportKey : Unknown @ 0x73f93ac1 (jmp 0xfec775ef|jmp 0xffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionClass : Unknown @ 0xffffffffdd6a1039 (call 0x8d505010)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - GetStartupInfoA : Unknown @ 0x73f93e51 (jmp 0xfd352041|jmp 0xffffc73a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Classes@TReader@ : Unknown @ 0xffffffffb45933bc (call 0x64500a34)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Wincodec@GUID_ContainerFormatTiff : Unknown @ 0xffffffffe667d20b (jmp 0x964f0be7)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Jcl150.bpl - @Jclansistrings@TJclAnsiStringList@ : Unknown @ 0x6c4ac960 (call 0x24480048)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionAcquired : Unknown @ 0xffffffffdd6a1039 (call 0x8d505010)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73f91ed9 (jmp 0xfd18c5e4|jmp 0xffffe6b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73f92ab9 (jmp 0xfd18c194|jmp 0xffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73f915f1 (jmp 0xfd18b96c|jmp 0xffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73f91689 (jmp 0xfd18ac74|jmp 0xffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73f91d11 (jmp 0xfd18b74c|jmp 0xffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x73f94609 (jmp 0xfd18e694|jmp 0xffffbf82|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueryInformationToken : Unknown @ 0x73f93bf1 (jmp 0xfd18db1c|jmp 0xffffc99a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - RtlEqualSid : Unknown @ 0x73f93c89 (jmp 0xfd165855|jmp 0xffffc902|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenProcessToken : Unknown @ 0x73f93b59 (jmp 0xfd18dd64|jmp 0xffffca32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73f92b51 (jmp 0xfd18c47c|jmp 0xffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73f91da9 (jmp 0xfd18bfc4|jmp 0xffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73f92c81 (jmp 0xfd18c49c|jmp 0xffffd90a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenFile : Unknown @ 0x73f941e1 (jmp 0xfd18e4ac|jmp 0xffffc3aa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73f928f1 (jmp 0xfd16b7a0|jmp 0xffffdc9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73f91c79 (jmp 0xfd18b184|jmp 0xffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73f920a1 (jmp 0xfd18b7ac|jmp 0xffffe4ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73f91e41 (jmp 0xfd18bb6c|jmp 0xffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73f918e9 (jmp 0xfd18c164|jmp 0xffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x73f93271 (jmp 0xfd18dfac|jmp 0xffffd31a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) kernel32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73f92009 (jmp 0xfd312217|jmp 0xffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) kernel32.dll - MoveFileExW : Unknown @ 0x73f92f79 (jmp 0xfd30a0b9|jmp 0xffffd612|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) MSVCR120.dll - fopen : Unknown @ 0x73f94ac9 (jmp 0x6652d05|jmp 0xffffbac2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageA : Unknown @ 0x73f93f81 (jmp 0xfd5626e8|jmp 0xffffc60a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - PostMessageA : Unknown @ 0x73f940b1 (jmp 0xfd568c6b|jmp 0xffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - PostMessageW : Unknown @ 0x73f94149 (jmp 0xfd55fcce|jmp 0xffffc442|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73f93e51 (jmp 0xfd18d42c|jmp 0xffffc73a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73f92be9 (jmp 0xfd18d034|jmp 0xffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageW : Unknown @ 0x73f94019 (jmp 0xfd557231|jmp 0xffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73f921d1 (jmp 0xfd55fcf5|jmp 0xffffe3ba|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73f917b9 (jmp 0xfd5634ad|jmp 0xffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x73f93601 (jmp 0xfec7574d|jmp 0xffffcf8a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptAcquireContextA : Unknown @ 0x73f93569 (jmp 0xfec7a3f0|jmp 0xffffd022|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x73f92431 (jmp 0xfec75a45|jmp 0xffffe15a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x73f92859 (jmp 0xfec6f25d|jmp 0xffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x73f91721 (jmp 0xfd53aa15|jmp 0xffffee6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x73f938f9 (jmp 0xfec759db|jmp 0xffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptImportKey : Unknown @ 0x73f93a29 (jmp 0xfec77557|jmp 0xffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x73f937c9 (jmp 0xfec758db|jmp 0xffffcdc2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ADVAPI32.dll - CryptHashData : Unknown @ 0x73f93991 (jmp 0xfec75abb|jmp 0xffffcbfa|call 0x1fe)

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 4f1418zp.default : user_pref("browser.startup.homepage", "http://www.bing.com/?pc=COSP&ptag=D051515-AC4ABBB0CABFB4D1B84F&form=CONMHP&conlogo=CT3332031"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAJS-22TKA SCSI Disk Device +++++
--- User ---
[MBR] a0dd5729daf2e9c10b40f19bb971fcf9
[BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows XP Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST500DM0 02-1BD142 SCSI Disk Device +++++
--- User ---
[MBR] 9d7f91b8c3b09665586c8d3e9fe02770
[BSP] 72194db4cc149f72cade6a473736d86e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03242015_170047.log - RKreport_DEL_03242015_170325.log - RKreport_DEL_03242015_170348.log - RKreport_SCN_04172015_024530.log
RKreport_SCN_04202015_112958.log - RKreport_DEL_04202015_113711.log - RKreport_DEL_04202015_113819.log - RKreport_DEL_04202015_113853.log
RKreport_DEL_04202015_113916.log - RKreport_DEL_04202015_113937.log - RKreport_DEL_04202015_113951.log - RKreport_DEL_04202015_114021.log
RKreport_DEL_04202015_114055.log - RKreport_SCN_04272015_022337.log - RKreport_SCN_04282015_175912.log - RKreport_DEL_04282015_180048.log
RKreport_DEL_04282015_180157.log - RKreport_DEL_04282015_180225.log - RKreport_SCN_05042015_074218.log - RKreport_DEL_05042015_074843.log
RKreport_DEL_05042015_074905.log - RKreport_SCN_05112015_111050.log - RKreport_DEL_05112015_111229.log - RKreport_SCN_05152015_193803.log
RKreport_DEL_05152015_193907.log - RKreport_DEL_05152015_194027.log - RKreport_DEL_05152015_194058.log

Publicité


Signaler le contenu de ce document

Publicité