Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.6.1 [Jun 19 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Laptiteblonde [Droits d'admin]
Mode : Recherche -- Date : 06/22/2013 10:37:22
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 11 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> TROUVÉ
[DNS] HKLM\[...]\CCSet\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[DNS] HKLM\[...]\CS001\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[DNS] HKLM\[...]\CS003\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D0ED0)
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE760)
[Address] SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D11D0)
[Address] SSDT[119] : NtOpenKey @ 0x80625648 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE560)
[Address] SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D1580)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFE40)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFB40)
[Address] Shadow SSDT[122] : NtGdiDeleteObjectApp -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF9D0)
[Address] Shadow SSDT[191] : NtGdiGetPixel -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFEC0)
[Address] Shadow SSDT[227] : NtGdiMaskBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFC90)
[Address] Shadow SSDT[233] : NtGdiOpenDCW -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF920)
[Address] Shadow SSDT[237] : NtGdiPlgBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFD40)
[Address] Shadow SSDT[292] : NtGdiStretchBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFBE0)
[Address] Shadow SSDT[298] : NtGdiTransparentBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFDC0)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF3D0)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF6D0)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF620)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEF00)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF0B0)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF240)
[Address] Shadow SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF4D0)
[Address] Shadow SSDT[502] : NtUserSendInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF780)
[Address] Shadow SSDT[509] : NtUserSetClipboardViewer -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF880)
[Address] Shadow SSDT[520] : NtUserSetInformationThread -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEBA0)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEC80)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CED60)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : Mal.Hosts ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
127.0.0.1 www.statcounter.com --> Potentially malicious!
127.0.0.1 secure.statcounter.com --> Potentially malicious!
127.0.0.1 s2.statcounter.com --> Potentially malicious!
127.0.0.1 my8.statcounter.com --> Potentially malicious!
127.0.0.1 my.statcounter.com --> Potentially malicious!
127.0.0.1 c46.statcounter.com --> Potentially malicious!
127.0.0.1 c45.statcounter.com --> Potentially malicious!
127.0.0.1 c43.statcounter.com --> Potentially malicious!
127.0.0.1 c42.statcounter.com --> Potentially malicious!
127.0.0.1 c41.statcounter.com --> Potentially malicious!
127.0.0.1 c40.statcounter.com --> Potentially malicious!
127.0.0.1 c39.statcounter.com --> Potentially malicious!
127.0.0.1 c38.statcounter.com --> Potentially malicious!
127.0.0.1 c37.statcounter.com --> Potentially malicious!
127.0.0.1 c36.statcounter.com --> Potentially malicious!
127.0.0.1 c35.statcounter.com --> Potentially malicious!
127.0.0.1 c34.statcounter.com --> Potentially malicious!
127.0.0.1 c33.statcounter.com --> Potentially malicious!
127.0.0.1 c32.statcounter.com --> Potentially malicious!
127.0.0.1 c31.statcounter.com --> Potentially malicious!
127.0.0.1 c30.statcounter.com --> Potentially malicious!
127.0.0.1 c29.statcounter.com --> Potentially malicious!
127.0.0.1 c28.statcounter.com --> Potentially malicious!
127.0.0.1 c27.statcounter.com --> Potentially malicious!
127.0.0.1 c26.statcounter.com --> Potentially malicious!
127.0.0.1 c25.statcounter.com --> Potentially malicious!
127.0.0.1 c24.statcounter.com --> Potentially malicious!
127.0.0.1 c23.statcounter.com --> Potentially malicious!
127.0.0.1 c22.statcounter.com --> Potentially malicious!
127.0.0.1 c21.statcounter.com --> Potentially malicious!
127.0.0.1 c20.statcounter.com --> Potentially malicious!
127.0.0.1 c19.statcounter.com --> Potentially malicious!
127.0.0.1 c18.statcounter.com --> Potentially malicious!
127.0.0.1 c17.statcounter.com --> Potentially malicious!
127.0.0.1 c16.statcounter.com --> Potentially malicious!
127.0.0.1 c15.statcounter.com --> Potentially malicious!
127.0.0.1 c14.statcounter.com --> Potentially malicious!
127.0.0.1 c13.statcounter.com --> Potentially malicious!
127.0.0.1 c12.statcounter.com --> Potentially malicious!
127.0.0.1 c11.statcounter.com --> Potentially malicious!
127.0.0.1 c10.statcounter.com --> Potentially malicious!
127.0.0.1 c8.statcounter.com --> Potentially malicious!
127.0.0.1 c7.statcounter.com --> Potentially malicious!
127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 c5.statcounter.com --> Potentially malicious!
127.0.0.1 c4.statcounter.com --> Potentially malicious!
127.0.0.1 c3.statcounter.com --> Potentially malicious!
127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c.statcounter.com --> Potentially malicious!
127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
127.0.0.1 gan.doubleclick.net --> Potentially malicious!
127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
127.0.0.1 www.doubleclick.com --> Potentially malicious!
127.0.0.1 www3.doubleclick.com --> Potentially malicious!
127.0.0.1 www2.doubleclick.com --> Potentially malicious!
127.0.0.1 doubleclick.com --> Potentially malicious!
127.0.0.1 www.doubleclick.net --> Potentially malicious!
127.0.0.1 www3.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
127.0.0.1 m.doubleclick.net --> Potentially malicious!
127.0.0.1 iv.doubleclick.net --> Potentially malicious!
127.0.0.1 ir.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.doubleclick.net --> Potentially malicious!
127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 doubleclick.net --> Potentially malicious!
127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3250310AS +++++
--- User ---
[MBR] 0b80b32e6b236e0f7089406e2e4d94f6
[BSP] 6b9e5d78691ad11762ec4fc35128d392 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: MAXTOR STM3250310AS +++++
--- User ---
[MBR] ee28ad222bb5eeee20138e04dded8f0b
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7450 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[0]_S_06222013_103722.txt >>
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Laptiteblonde [Droits d'admin]
Mode : Recherche -- Date : 06/22/2013 10:37:22
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 11 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> TROUVÉ
[DNS] HKLM\[...]\CCSet\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[DNS] HKLM\[...]\CS001\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[DNS] HKLM\[...]\CS003\[...]\{BAB6C0CF-E121-42E0-A282-D4CA821E014C} : NameServer (178.33.41.181,88.191.223.122) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D0ED0)
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE760)
[Address] SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D11D0)
[Address] SSDT[119] : NtOpenKey @ 0x80625648 -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CE560)
[Address] SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62D1580)
[Address] Shadow SSDT[7] : NtGdiAlphaBlend -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFE40)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFB40)
[Address] Shadow SSDT[122] : NtGdiDeleteObjectApp -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF9D0)
[Address] Shadow SSDT[191] : NtGdiGetPixel -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFEC0)
[Address] Shadow SSDT[227] : NtGdiMaskBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFC90)
[Address] Shadow SSDT[233] : NtGdiOpenDCW -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF920)
[Address] Shadow SSDT[237] : NtGdiPlgBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFD40)
[Address] Shadow SSDT[292] : NtGdiStretchBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFBE0)
[Address] Shadow SSDT[298] : NtGdiTransparentBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CFDC0)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF3D0)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF6D0)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF620)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEF00)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF0B0)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF240)
[Address] Shadow SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF4D0)
[Address] Shadow SSDT[502] : NtUserSendInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF780)
[Address] Shadow SSDT[509] : NtUserSetClipboardViewer -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CF880)
[Address] Shadow SSDT[520] : NtUserSetInformationThread -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEBA0)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CEC80)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (C:\WINDOWS\system32\DRIVERS\pwipf6.sys @ 0xB62CED60)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : Mal.Hosts ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
127.0.0.1 www.statcounter.com --> Potentially malicious!
127.0.0.1 secure.statcounter.com --> Potentially malicious!
127.0.0.1 s2.statcounter.com --> Potentially malicious!
127.0.0.1 my8.statcounter.com --> Potentially malicious!
127.0.0.1 my.statcounter.com --> Potentially malicious!
127.0.0.1 c46.statcounter.com --> Potentially malicious!
127.0.0.1 c45.statcounter.com --> Potentially malicious!
127.0.0.1 c43.statcounter.com --> Potentially malicious!
127.0.0.1 c42.statcounter.com --> Potentially malicious!
127.0.0.1 c41.statcounter.com --> Potentially malicious!
127.0.0.1 c40.statcounter.com --> Potentially malicious!
127.0.0.1 c39.statcounter.com --> Potentially malicious!
127.0.0.1 c38.statcounter.com --> Potentially malicious!
127.0.0.1 c37.statcounter.com --> Potentially malicious!
127.0.0.1 c36.statcounter.com --> Potentially malicious!
127.0.0.1 c35.statcounter.com --> Potentially malicious!
127.0.0.1 c34.statcounter.com --> Potentially malicious!
127.0.0.1 c33.statcounter.com --> Potentially malicious!
127.0.0.1 c32.statcounter.com --> Potentially malicious!
127.0.0.1 c31.statcounter.com --> Potentially malicious!
127.0.0.1 c30.statcounter.com --> Potentially malicious!
127.0.0.1 c29.statcounter.com --> Potentially malicious!
127.0.0.1 c28.statcounter.com --> Potentially malicious!
127.0.0.1 c27.statcounter.com --> Potentially malicious!
127.0.0.1 c26.statcounter.com --> Potentially malicious!
127.0.0.1 c25.statcounter.com --> Potentially malicious!
127.0.0.1 c24.statcounter.com --> Potentially malicious!
127.0.0.1 c23.statcounter.com --> Potentially malicious!
127.0.0.1 c22.statcounter.com --> Potentially malicious!
127.0.0.1 c21.statcounter.com --> Potentially malicious!
127.0.0.1 c20.statcounter.com --> Potentially malicious!
127.0.0.1 c19.statcounter.com --> Potentially malicious!
127.0.0.1 c18.statcounter.com --> Potentially malicious!
127.0.0.1 c17.statcounter.com --> Potentially malicious!
127.0.0.1 c16.statcounter.com --> Potentially malicious!
127.0.0.1 c15.statcounter.com --> Potentially malicious!
127.0.0.1 c14.statcounter.com --> Potentially malicious!
127.0.0.1 c13.statcounter.com --> Potentially malicious!
127.0.0.1 c12.statcounter.com --> Potentially malicious!
127.0.0.1 c11.statcounter.com --> Potentially malicious!
127.0.0.1 c10.statcounter.com --> Potentially malicious!
127.0.0.1 c8.statcounter.com --> Potentially malicious!
127.0.0.1 c7.statcounter.com --> Potentially malicious!
127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 c5.statcounter.com --> Potentially malicious!
127.0.0.1 c4.statcounter.com --> Potentially malicious!
127.0.0.1 c3.statcounter.com --> Potentially malicious!
127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c.statcounter.com --> Potentially malicious!
127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
127.0.0.1 gan.doubleclick.net --> Potentially malicious!
127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
127.0.0.1 www.doubleclick.com --> Potentially malicious!
127.0.0.1 www3.doubleclick.com --> Potentially malicious!
127.0.0.1 www2.doubleclick.com --> Potentially malicious!
127.0.0.1 doubleclick.com --> Potentially malicious!
127.0.0.1 www.doubleclick.net --> Potentially malicious!
127.0.0.1 www3.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
127.0.0.1 m.doubleclick.net --> Potentially malicious!
127.0.0.1 iv.doubleclick.net --> Potentially malicious!
127.0.0.1 ir.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.doubleclick.net --> Potentially malicious!
127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 doubleclick.net --> Potentially malicious!
127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3250310AS +++++
--- User ---
[MBR] 0b80b32e6b236e0f7089406e2e4d94f6
[BSP] 6b9e5d78691ad11762ec4fc35128d392 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: MAXTOR STM3250310AS +++++
--- User ---
[MBR] ee28ad222bb5eeee20138e04dded8f0b
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7450 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[0]_S_06222013_103722.txt >>