Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.5.1 [Feb 12 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : HP_Administrateur [Droits d'admin]
Mode : Recherche -- Date : 13/02/2013 17:44:34
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\n [-] --> TROUVÉ
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-21-3774222849-2177217567-962541664-1007\$ae3c42f35f395c757c05eefa3af9066b\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\U --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\WINDOWS\Assembly\GAC\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8940DA)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894CA6)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys @ 0xED253670)
SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894EB8)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898714)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898756)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8988FA)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894DCA)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894282)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894482)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8945C2)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89885E)
SSDT[192] : NtRenameKey @ 0x80623B18 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8987A8)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8987EA)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898824)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894068)
SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894F6A)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89869C)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893FE6)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893EEE)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893F46)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B128)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AF56)
S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AFAC)
S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B04A)
S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B0A0)
S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AFE8)
S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B0E4)
S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8953FC)
S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B16C)
S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC895366)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST3200827AS +++++
--- User ---
[MBR] c6c5725745e87dba0f5d7add1710f702
[BSP] 7c54f9ebaaa8e86ecadcf9cdbee8c064 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 183531 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 375872805 | Size: 7248 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_13022013_174434.txt >>
RKreport[1]_S_13022013_174434.txt
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : HP_Administrateur [Droits d'admin]
Mode : Recherche -- Date : 13/02/2013 17:44:34
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\n [-] --> TROUVÉ
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-21-3774222849-2177217567-962541664-1007\$ae3c42f35f395c757c05eefa3af9066b\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$ae3c42f35f395c757c05eefa3af9066b\U --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\WINDOWS\Assembly\GAC\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8940DA)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894CA6)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys @ 0xED253670)
SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894EB8)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898714)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898756)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8988FA)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894DCA)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894282)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894482)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8945C2)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89885E)
SSDT[192] : NtRenameKey @ 0x80623B18 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8987A8)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8987EA)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC898824)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894068)
SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC894F6A)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89869C)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893FE6)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893EEE)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC893F46)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B128)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AF56)
S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AFAC)
S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B04A)
S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B0A0)
S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89AFE8)
S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B0E4)
S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC8953FC)
S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC89B16C)
S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xEC895366)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST3200827AS +++++
--- User ---
[MBR] c6c5725745e87dba0f5d7add1710f702
[BSP] 7c54f9ebaaa8e86ecadcf9cdbee8c064 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 183531 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 375872805 | Size: 7248 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_13022013_174434.txt >>
RKreport[1]_S_13022013_174434.txt