cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

{
"header": {
"program": {
"project": "RogueKiller",
"version": "10.10.7.0",
"x64": false,
"date": "Sep 28 2015",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/fr/logiciels/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows XP (5.1.2600 Service Pack 3) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Jigeai",
"user_admin": true,
"program_location": "C:\\Documents and Settings\\Jigeai\\Bureau\\RogueKiller_old.exe",
"x64": false
},
"report": {
"type": 2,
"aborted": false,
"date": "10/03/2015 23:16:17",
"switches": 0,
"debug": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": ""
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": ""
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 548,
"path": "C:\\WINDOWS\\system32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": ""
},
{
"name": "csrss.exe",
"name_parent": "smss.exe",
"pid": 616,
"path": "C:\\WINDOWS\\system32\\csrss.exe",
"command_line": "",
"pid_parent": 548,
"path_parent": "C:\\WINDOWS\\system32\\smss.exe"
},
{
"name": "winlogon.exe",
"name_parent": "smss.exe",
"pid": 644,
"path": "C:\\WINDOWS\\system32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 548,
"path_parent": "C:\\WINDOWS\\system32\\smss.exe"
},
{
"name": "services.exe",
"name_parent": "winlogon.exe",
"pid": 688,
"path": "C:\\WINDOWS\\system32\\services.exe",
"command_line": "C:\\WINDOWS\\system32\\services.exe",
"pid_parent": 644,
"path_parent": "C:\\WINDOWS\\system32\\winlogon.exe"
},
{
"name": "lsass.exe",
"name_parent": "winlogon.exe",
"pid": 700,
"path": "C:\\WINDOWS\\system32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 644,
"path_parent": "C:\\WINDOWS\\system32\\winlogon.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 876,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost -k DcomLaunch",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 944,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 984,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k netsvcs",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1024,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k WudfServiceGroup",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1096,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1140,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "oacat.exe",
"name_parent": "services.exe",
"pid": 1340,
"path": "C:\\Program Files\\Online Armor\\oacat.exe",
"command_line": "\"C:\\Program Files\\Online Armor\\OAcat.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "oasrv.exe",
"name_parent": "services.exe",
"pid": 1380,
"path": "C:\\Program Files\\Online Armor\\oasrv.exe",
"command_line": "\"C:\\Program Files\\Online Armor\\oasrv.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 1500,
"path": "C:\\WINDOWS\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 1480,
"path_parent": ""
},
{
"name": "spoolsv.exe",
"name_parent": "services.exe",
"pid": 1728,
"path": "C:\\WINDOWS\\system32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\system32\\spoolsv.exe",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "acs.exe",
"name_parent": "services.exe",
"pid": 1768,
"path": "C:\\WINDOWS\\system32\\acs.exe",
"command_line": "C:\\WINDOWS\\system32\\acs.exe",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "sched.exe",
"name_parent": "services.exe",
"pid": 1800,
"path": "C:\\Program Files\\Avira\\Antivirus\\sched.exe",
"command_line": "\"C:\\Program Files\\Avira\\Antivirus\\sched.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1840,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "PhotoshopElementsFileAgent.exe",
"name_parent": "services.exe",
"pid": 1972,
"path": "C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\PhotoshopElementsFileAgent.exe",
"command_line": "\"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\PhotoshopElementsFileAgent.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "avguard.exe",
"name_parent": "services.exe",
"pid": 2008,
"path": "C:\\Program Files\\Avira\\Antivirus\\avguard.exe",
"command_line": "\"C:\\Program Files\\Avira\\Antivirus\\avguard.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "AppleMobileDeviceService.exe",
"name_parent": "services.exe",
"pid": 2040,
"path": "C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe",
"command_line": "\"C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "mDNSResponder.exe",
"name_parent": "services.exe",
"pid": 128,
"path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe",
"command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "dfs.exe",
"name_parent": "services.exe",
"pid": 204,
"path": "C:\\Program Files\\Sony\\PlayMemories Home\\dfs.exe",
"command_line": "\"C:\\Program Files\\Sony\\PlayMemories Home\\dfs.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "jqs.exe",
"name_parent": "services.exe",
"pid": 408,
"path": "C:\\Program Files\\Java\\jre7\\bin\\jqs.exe",
"command_line": "\"C:\\Program Files\\Java\\jre7\\bin\\jqs.exe\" -service -config \"C:\\Program Files\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "MFUSNM~1.EXE",
"name_parent": "services.exe",
"pid": 452,
"path": "C:\\Documents and Settings\\Jigeai\\Application Data\\MediaFire Desktop\\MFUsnMonitorService.exe",
"command_line": "C:\\DOCUME~1\\Jigeai\\APPLIC~1\\MEDIAF~1\\MFUSNM~1.EXE",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "PMBDeviceInfoProvider.exe",
"name_parent": "services.exe",
"pid": 108,
"path": "C:\\Program Files\\Sony\\PlayMemories Home\\PMBDeviceInfoProvider.exe",
"command_line": "\"C:\\Program Files\\Sony\\PlayMemories Home\\PMBDeviceInfoProvider.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2212,
"path": "C:\\WINDOWS\\system32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "Avira.ServiceHost.exe",
"name_parent": "services.exe",
"pid": 2368,
"path": "C:\\Program Files\\Avira\\Launcher\\Avira.ServiceHost.exe",
"command_line": "\"C:\\Program Files\\Avira\\Launcher\\Avira.ServiceHost.exe\"",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "avshadow.exe",
"name_parent": "avguard.exe",
"pid": 3876,
"path": "C:\\Program Files\\Avira\\Antivirus\\avshadow.exe",
"command_line": "\"C:\\Program Files\\Avira\\Antivirus\\avshadow.exe\" avshadowcontrol0_000007d8",
"pid_parent": 2008,
"path_parent": "C:\\Program Files\\Avira\\Antivirus\\avguard.exe"
},
{
"name": "wmiapsrv.exe",
"name_parent": "services.exe",
"pid": 3152,
"path": "C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "alg.exe",
"name_parent": "services.exe",
"pid": 2056,
"path": "C:\\WINDOWS\\system32\\alg.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "RTHDCPL.EXE",
"name_parent": "Explorer.EXE",
"pid": 3304,
"path": "C:\\WINDOWS\\RTHDCPL.EXE",
"command_line": "\"C:\\WINDOWS\\RTHDCPL.EXE\" ",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "oaui.exe",
"name_parent": "Explorer.EXE",
"pid": 2648,
"path": "C:\\Program Files\\Online Armor\\oaui.exe",
"command_line": "\"C:\\Program Files\\Online Armor\\OAui.exe\" ",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "avgnt.exe",
"name_parent": "Explorer.EXE",
"pid": 2868,
"path": "C:\\Program Files\\Avira\\Antivirus\\avgnt.exe",
"command_line": "\"C:\\Program Files\\Avira\\Antivirus\\avgnt.exe\" /min",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "oahlp.exe",
"name_parent": "OAui.exe",
"pid": 3236,
"path": "C:\\Program Files\\Online Armor\\oahlp.exe",
"command_line": "\"C:\\Program Files\\Online Armor\\OAhlp.exe\"",
"pid_parent": 2648,
"path_parent": "C:\\Program Files\\Online Armor\\oaui.exe"
},
{
"name": "ctfmon.exe",
"name_parent": "Explorer.EXE",
"pid": 3068,
"path": "C:\\WINDOWS\\system32\\ctfmon.exe",
"command_line": "\"C:\\WINDOWS\\system32\\ctfmon.exe\" ",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "Avira.Systray.exe",
"name_parent": "Avira.ServiceHost.exe",
"pid": 2140,
"path": "C:\\Program Files\\Avira\\Launcher\\Avira.Systray.exe",
"command_line": "\"C:\\Program Files\\Avira\\Launcher\\Avira.Systray.exe\" /connectToHost",
"pid_parent": 2368,
"path_parent": "C:\\Program Files\\Avira\\Launcher\\Avira.ServiceHost.exe"
},
{
"name": "Dropbox.exe",
"name_parent": "Explorer.EXE",
"pid": 2500,
"path": "C:\\Documents and Settings\\Jigeai\\Application Data\\Dropbox\\bin\\Dropbox.exe",
"command_line": "\"C:\\Documents and Settings\\Jigeai\\Application Data\\Dropbox\\bin\\Dropbox.exe\" /systemstartup",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "WPFFontCache_v0400.exe",
"name_parent": "services.exe",
"pid": 3760,
"path": "C:\\WINDOWS\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\WPFFontCache_v0400.exe",
"command_line": "",
"pid_parent": 688,
"path_parent": "C:\\WINDOWS\\system32\\services.exe"
},
{
"name": "RogueKiller_old.exe",
"name_parent": "Explorer.EXE",
"pid": 4864,
"path": "C:\\Documents and Settings\\Jigeai\\Bureau\\RogueKiller_old.exe",
"command_line": "\"C:\\Documents and Settings\\Jigeai\\Bureau\\RogueKiller_old.exe\" ",
"pid_parent": 1500,
"path_parent": "C:\\WINDOWS\\explorer.exe"
},
{
"name": "firefox.exe",
"name_parent": "RogueKiller_old.exe",
"pid": 3756,
"path": "C:\\Program Files\\Mozilla Firefox\\firefox.exe",
"command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" \"http://www.adlice.com/fr/logiciels/roguekiller/merci-telechargement-roguekiller/\"",
"pid_parent": 4864,
"path_parent": "C:\\Documents and Settings\\Jigeai\\Bureau\\RogueKiller_old.exe"
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
5,
6
],
"scan_how_trigger": 6,
"vendors": [
"Suspicious.Path",
"VT.Unknown"
],
"rule_name": "RUN",
"view": 256,
"value": "{5dfbeba9-9f22-463d-8c95-c861911810a2}",
"subkey": "",
"value_old_data": "\"C:\\Documents and Settings\\All Users\\Application Data\\Package Cache\\{5dfbeba9-9f22-463d-8c95-c861911810a2}\\Avira.OE.Setup.Bundle.exe\" /quiet /norestart /burn.log.append \"C:\\WINDOWS\\TEMP\\Avira_Launcher_20151001104414.log\" /install CALLER_PARTNER_ID=avira /burn.runonce",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[7][x][x][x][-][x][x][x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Documents and Settings\\All Users\\Application Data\\Package Cache\\{5dfbeba9-9f22-463d-8c95-c861911810a2}\\Avira.OE.Setup.Bundle.exe",
"path_compressed": "%programdata%\\Package Cache\\{5dfbeba9-9f22-463d-8c95-c861911810a2}\\Avira.OE.Setup.Bundle.exe",
"md5": "E4265F2B039E041E4D9E8E42AE0E41AF",
"exists": true,
"signed": true,
"signer": "Avira Operations GmbH & Co. KG",
"vtscore": 0
},
{
"path_expanded": "/quiet",
"path_compressed": "/quiet",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "/norestart",
"path_compressed": "/norestart",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "/burn.log.append",
"path_compressed": "/burn.log.append",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "C:\\WINDOWS\\Temp\\Avira_Launcher_20151001104414.log",
"path_compressed": "%SystemRoot%\\Temp\\Avira_Launcher_20151001104414.log",
"md5": "D2DF6E7DD3283F8D57258AAB1FC22915",
"exists": true,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "/install",
"path_compressed": "/install",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "CALLER_PARTNER_ID=avira",
"path_compressed": "CALLER_PARTNER_ID=avira",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
},
{
"path_expanded": "/burn.runonce",
"path_compressed": "/burn.runonce",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "SUPPRIMÉ",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 1,
"scan_how": [
11
],
"scan_how_trigger": 11,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "localhost:8080",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-1123561945-1935655697-1801674531-1004\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "SUPPRIMÉ",
"status_choice": 2,
"status_removed": 5
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": [
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 localhost",
"path": "C:\\WINDOWS\\system32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
}
]
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 1,
"browser_str": "FIREFX",
"config": {
"user": "77m3z3k6.default",
"line": "user_pref(\"browser.startup.homepage\", \"http://lafibre.orange.fr/\");",
"key": "browser.startup.homepage",
"value": "http://lafibre.orange.fr/",
"line_count": 55
},
"status_str": "NON SELECTIONNÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: +++++\n--- User ---\n[MBR] 73bc5034a948d284b0cf6bb47ae10741\n[BSP] e7d61bed423d9961c9f5a2a5ee34975a : Linux|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 77000 MB [Windows XP Bootstrap | Windows XP Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 157698048 | Size: 5200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 168347648 | Size: 67000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 305565694 | Size: 156043 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: SCSIDISK SCSI_DISK_1234 USB Device +++++\n--- User ---\n[MBR] 1ea96417d73c766f972f1bfe44dbb22f\n[BSP] e1b6546b754dac1a850095bd1d624e14 : Legit.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8064 | Size: 7492 MB\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )\n\n"
}
}
}

Publicité


Signaler le contenu de ce document

Publicité