Publicité
Publicité
Format du document : text/plain
Prévisualisation
{
"header": {
"program": {
"project": "RogueKiller",
"version": "10.9.0.0",
"x64": false,
"date": "Jul 6 2015",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/softwares/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7600 ) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Win7",
"user_admin": true,
"program_location": "C:\\Users\\Win7\\Downloads\\Programs\\RogueKiller.exe",
"x64": false
},
"report": {
"type": 1,
"aborted": false,
"date": "07/09/2015 11:50:30",
"switches": 0,
"debug": false
}
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 256,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "",
"value_data": "0",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Ùجد",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": [
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 tonec.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 www.tonec.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 internetdownloadmanager.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
}
]
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": [
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "explorer.exe",
"pid": 1984,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 3392,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 3280,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 2264,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 4368,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 4436,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "explorer.exe",
"pid": 1112,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
}
]
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: +++++\n--- User ---\n[MBR] 335aa158b099158f7da7fc3fa8f66e23\n[BSP] 7f09747448eee5d9f451ca5e7c39ec33 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 68825 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 140970370 | Size: 408104 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}
"header": {
"program": {
"project": "RogueKiller",
"version": "10.9.0.0",
"x64": false,
"date": "Jul 6 2015",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/softwares/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7600 ) 32 bits version",
"boot": 0,
"winpe": false,
"user": "Win7",
"user_admin": true,
"program_location": "C:\\Users\\Win7\\Downloads\\Programs\\RogueKiller.exe",
"x64": false
},
"report": {
"type": 1,
"aborted": false,
"date": "07/09/2015 11:50:30",
"switches": 0,
"debug": false
}
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 256,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "",
"value_data": "0",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Ùجد",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": [
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 tonec.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 www.tonec.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [],
"vendors": [],
"line": "127.0.0.1 internetdownloadmanager.com",
"path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
"status_str": "",
"status_malicious": false,
"status_choice": 1,
"status_removed": 0
}
]
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": [
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "explorer.exe",
"pid": 1984,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 3392,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 3280,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 2264,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 4368,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "chrome.exe",
"pid": 4436,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 5,
"scan_how": [],
"vendors": [
"Hook.IEAT"
],
"type": 5,
"type_str": "IAT",
"detour": 2,
"detour_str": "Inl",
"import_table": {
"type": 2,
"process": "explorer.exe",
"pid": 1112,
"module_memory": "USER32.dll",
"import": "NlsAnsiCodePage",
"import_module": "ntdll.dll",
"module_table": "ntdll.dll",
"detour_module": "",
"entrypoint": 2010870096,
"code_entrypoint": -874811047,
"stack_trace": "call 0x54000009",
"stack_hextrace": "e8 04 00 00 54"
},
"status_str": "",
"status_choice": 1,
"status_removed": 0
}
]
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: +++++\n--- User ---\n[MBR] 335aa158b099158f7da7fc3fa8f66e23\n[BSP] 7f09747448eee5d9f451ca5e7c39ec33 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 68825 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 140970370 | Size: 408104 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}