cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

{
"header": {
"program": {
"project": "RogueKiller",
"version": "10.9.1.0",
"x64": false,
"date": "Jul 9 2015",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/softwares/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7601 Service Pack 1) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Ababil",
"user_admin": true,
"program_location": "C:\\Users\\Ababil\\Desktop\\RogueKiller.exe",
"x64": false
},
"report": {
"type": 1,
"aborted": false,
"date": "07/11/2015 01:24:52",
"switches": 0,
"debug": false
}
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services\\Tcpip\\Parameters",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{0923BF84-B2BB-46ED-9DFE-D1FD6823F011}",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{0923BF84-B2BB-46ED-9DFE-D1FD6823F011}",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
10
],
"scan_how_trigger": 10,
"vendors": [
"PUM.Dns"
],
"rule_name": "DNS",
"view": 256,
"value": "DhcpNameServer",
"subkey": "",
"value_old_data": "",
"value_data": "0.0.0.0",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services\\Tcpip\\Parameters\\Interfaces\\{0923BF84-B2BB-46ED-9DFE-D1FD6823F011}",
"extra": "[X]",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUM.StartMenu"
],
"rule_name": "Explorer Advanced",
"view": 256,
"value": "Start_ShowMyGames",
"subkey": "",
"value_old_data": "",
"value_data": "0",
"path": "HKEY_USERS\\S-1-5-21-1350388338-2237601041-809902029-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "وجد",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": [
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 localhost",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
}
]
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": [
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "explorer.exe",
"pid": 1608,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2000060752,
"code_entrypoint": -885620391,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
}
]
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD3200AVJS-63WDA0 ATA Device +++++\n--- User ---\n[MBR] 2004591f32dc6d4b72fbfe974b66ab4f\n[BSP] 3886ced113b06fe88e63f49e81de064d : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 119041 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 244002816 | Size: 50000 MB\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 346402816 | Size: 136101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}

Publicité


Signaler le contenu de ce document

Publicité