cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

{
"header": {
"program": {
"project": "RogueKiller",
"version": "10.9.4.0",
"x64": false,
"date": "Jul 30 2015",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/fr/logiciels/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows XP (5.1.2600 Service Pack 3) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Jo\u00ebl",
"user_admin": true,
"program_location": "C:\\Documents and Settings\\Jo\u00ebl\\Mes documents\\T\u00e9l\u00e9chargements\\RogueKiller.exe",
"x64": false
},
"report": {
"type": 2,
"aborted": false,
"date": "07/31/2015 13:25:26",
"switches": 0,
"debug": false
}
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
12
],
"scan_how_trigger": 12,
"vendors": [
"PUM.SearchPage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Search Bar",
"subkey": "",
"value_old_data": "http://search.msn.com/spbasic.htm",
"value_data": "http://search.msn.com/spbasic.htm",
"path": "HKEY_USERS\\S-1-5-21-776561741-527237240-682003330-1003\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://search.msn.com/spbasic.htm)",
"status_choice": 2,
"status_removed": 6
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": [
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 localhost",
"path": "C:\\WINDOWS\\system32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
}
]
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": [
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtClose",
"index": 25,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930935826
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtCreateKey",
"index": 41,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930935304
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtDeleteKey",
"index": 63,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934960
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtDeleteValueKey",
"index": 65,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930935030
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtEnumerateKey",
"index": 71,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934774
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtEnumerateValueKey",
"index": 73,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934610
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtFlushKey",
"index": 79,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934858
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtLoadKey",
"index": 98,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930936182
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtOpenKey",
"index": 119,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930935764
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtQueryKey",
"index": 160,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930933826
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtQueryValueKey",
"index": 177,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934122
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtSetValueKey",
"index": 247,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930934414
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [],
"vendors": [
"Hook.SSDT"
],
"type": 1,
"type_str": "SSDT",
"detour": 1,
"detour_str": "Addr",
"ssdt": {
"api": "NtUnloadKey",
"index": 263,
"detour_module": "C:\\WINDOWS\\system32\\Drivers\\PROCMON20.SYS",
"detour_address": 2930936518
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
}
]
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 +++++\n--- User ---\n[MBR] 37b04981043c7221cef038911a1c902e\n[BSP] 081f7939a5fae4636fd6a86e5fc739d6 : Windows XP|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 242921 MB [Windows XP Bootstrap | Windows XP Bootloader]\n1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 497504256 | Size: 710947 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: WDC WD10EZRX-00A8LB0 +++++\n--- User ---\n[MBR] 6b57415ccbd780ac50771224f237d7f6\n[BSP] 20de8a68cc98dfde4dec162f7d49944c : Windows XP|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 10001 MB\n1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482875 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81915435 | Size: 400001 MB [Windows XP Bootstrap | Windows XP Bootloader]\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 901117980 | Size: 513868 MB [Windows XP Bootstrap | Windows XP Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}

Publicité


Signaler le contenu de ce document

Publicité