RogueKiller V8.5.2 [Feb 23 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : Jean-Pierre Varnier [Droits d'admin] Mode : Recherche -- Date : 25/02/2013 12:45:55 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AAB94) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB554) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AC3C0) SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ABE88) SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AC9B6) SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB7AA) SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB860) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ABA22) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA504) SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ACB26) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53B041A) SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ACDDE) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AAFA2) SSDT[105] : NtMakeTemporaryObject @ 0x805BC5DC -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AD6E2) SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ABD62) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AFE86) SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB91A) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53B0120) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AAA18) SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB67C) SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AD530) SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AC52E) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53ABFB8) SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AD5BA) SSDT[210] : NtSecureConnectPort @ 0x805A3D6C -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AC846) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA674) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AD48A) SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB14E) SSDT[249] : NtShutdownSystem @ 0x80613018 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AD64C) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA8F0) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA7CA) SSDT[255] : NtSystemDebugControl @ 0x80618134 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AB486) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AFD7E) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53B060C) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA388) S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9FBA) S_SSDT[322] : NtUserCallNoParam -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA1C2) S_SSDT[323] : NtUserCallOneParam -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53AA114) S_SSDT[347] : NtUserDdeSetQualityOfService -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9F20) S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9EBC) S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9D4E) S_SSDT[416] : NtUserGetKeyState -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9CEA) S_SSDT[460] : NtUserMessageCall -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A99FE) S_SSDT[475] : NtUserPostMessage -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9804) S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9884) S_SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9A86) S_SSDT[502] : NtUserSendInput -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A97B2) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A8E8E) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (\??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys @ 0xA53A9316) ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD160JJ +++++ --- User --- [MBR] 4f9aefdbce65d71308af3d4dfc76338e [BSP] 36c129543165576cdb5896f9a3fa32bf : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: SAMSUNG HD160JJ +++++ --- User --- [MBR] 453de9ef971f3b6e361555eb98f6ed16 [BSP] d5203eac3d65f193a35b8b81c1a053d3 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1]_S_25022013_124555.txt >> RKreport[1]_S_25022013_124555.txt