rk-E56F.tmp.txt

Document joint : EGElzR1LktM_rk-E56F.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V10.9.3.0 [Jul 21 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : secretariatIDF [Administrateur]
Démarré depuis : C:\Users\secretariatIDF\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/30/2015 13:24:08

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 6 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-1119990523-736087694-3604660907-1000\Software\Microsoft\Windows\CurrentVersion\Run | iQ5L : rundll32.exe C:\Users\SECRET~1\AppData\Roaming\B0B9.tmp kHUAJerGeRYChuGJZY4w [7][x] -> Trouvé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-1119990523-736087694-3604660907-1000\Software\Microsoft\Windows\CurrentVersion\Run | aEil9uvi2e : rundll32.exe C:\Users\SECRET~1\AppData\Roaming\5448.tmp pol15TQGVZIBwB [7][x] -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1119990523-736087694-3604660907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1119990523-736087694-3604660907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1119990523-736087694-3604660907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 21 (Driver: Chargé) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtGdiAlphaBlend[7] : Unknown @ 0x41e1c1593b000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiBitBlt[14] : Unknown @ 0x41e1c1410a000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiGetPixel[200] : Unknown @ 0x41e1c1494d000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiMaskBlt[237] : Unknown @ 0x41e1c14d1d000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiPlgBlt[247] : Unknown @ 0x41e1c1511d000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiStretchBlt[302] : Unknown @ 0x41e1c145cd000000
[ShwSSDT:Addr(Hook.Shadow)] NtGdiTransparentBlt[308] : Unknown @ 0x41e1c15536000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserFindWindowEx[396] : Unknown @ 0x41e1c1b10a000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetClipboardData[408] : Unknown @ 0x41e1c1b956000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserPrintWindow[510] : Unknown @ 0x41e1c15d0a000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserQueryWindow[515] : Unknown @ 0x41e1c1bd66000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x41e1c1b532000000
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x719f0022 (jmp 0xf9f8a3a2|jmp dword [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ rooksbas.dll) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret|jmp dword [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ rooksbas.dll) USER32.dll - TranslateMessage : Unknown @ 0x71530022 (ret|jmp dword [0x7153001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ rooksbas.dll) USER32.dll - DispatchMessageW : Unknown @ 0x71650022 (ret|jmp dword [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ rooksbas.dll) USER32.dll - GetWindowRect : Unknown @ 0x71590022 (ret|jmp dword [0x7159001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ USER32.dll) GDI32.dll - BitBlt : Unknown @ 0x716d0022 (ret|jmp dword [0x716d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ SHELL32.dll) USER32.dll - GetClipboardData : Unknown @ 0x71610022 (ret|jmp dword [0x7161001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x715d0022 (ret|jmp dword [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ SHELL32.dll) USER32.dll - DdeInitializeW : Unknown @ 0x71690022 (ret|jmp dword [0x7169001e]|jmp 0x10)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
\\.\PHYSICALDRIVE0 VT.Trojan:DOS/Alureon.E -> Trouvé(e)

+++++ PhysicalDrive0: WDC WD3200AAJS-08L7A0 ATA Device +++++
--- User ---
[MBR] 00007bb20d790b55e6477a1b69ddf63b
[BSP] fcfad89889cbe5f821a7da19c7da88b2 : Lenovo|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 294042 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 625139712 | Size: 1 MB [VT.Trojan:DOS/Alureon.E Bootstrap (Malware!) | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Signaler le contenu de ce document