gabriel,
voici le rapport :
RogueKiller V8.8.8 [Feb 19 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees :
http://forum.adlice.com
Site Web :
http://www.sur-la-toile.com/RogueKiller/
Blog :
http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : pinkpanther [Droits d'admin]
Mode : Suppression -- Date : 02/20/2014 23:01:00
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 14 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 72632131 (C:\Windows\system32\DRIVERS\72632131.sys [7]) - SUPPRIMÉ
[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 72632131 (C:\Windows\system32\DRIVERS\72632131.sys [7]) - [0x2] Le fichier spécifié est introuvable.
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) - REMPLACÉ (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) - REMPLACÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) - REMPLACÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) - REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) - REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[12] : NtAdjustPrivilegesToken @ 0x82A5A875 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6642E36)
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82AA0821 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6645074)
[Address] SSDT[23] : NtAlpcCreatePort @ 0x82A3B3BE - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66452EE)
[Address] SSDT[39] : NtAlpcSendWaitReceivePort @ 0x82AC20A3 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6645564)
[Address] SSDT[50] : NtClose @ 0x82A9409C - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA664374A)
[Address] SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x82AC5894 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA664457E)
[Address] SSDT[64] : NtCreateEvent @ 0x82AAE5D9 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644AC8)
[Address] SSDT[66] : NtCreateFile @ 0x82A97E82 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643A26)
[Address] SSDT[74] : NtCreateMutant @ 0x82ACBC15 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66449AE)
[Address] SSDT[75] : NtCreateNamedPipeFile @ 0x82AD7086 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6642A24)
[Address] SSDT[77] : NtCreatePort @ 0x82A42156 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644882)
[Address] SSDT[84] : NtCreateSection @ 0x82A7DCE3 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6642BCC)
[Address] SSDT[85] : NtCreateSemaphore @ 0x82ACE009 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644BE8)
[Address] SSDT[87] : NtCreateThread @ 0x82B27C0E - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66433D0)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82A85D51 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66434CE)
[Address] SSDT[93] : NtCreateUserProcess @ 0x82AA2DE0 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66457AE)
[Address] SSDT[94] : NtCreateWaitablePort @ 0x829ED38B - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644918)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82AFD150 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66462D6)
[Address] SSDT[107] : NtDeviceIoControlFile @ 0x82AAA482 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643EA8)
[Address] SSDT[111] : NtDuplicateObject @ 0x82AC90C2 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66474E4)
[Address] SSDT[134] : NtFsControlFile @ 0x82AB0CDE - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643CB6)
[Address] SSDT[155] : NtLoadDriver @ 0x829EE279 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66463C8)
[Address] SSDT[168] : NtMapViewOfSection @ 0x82ACBED7 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646B30)
[Address] SSDT[177] : NtOpenEvent @ 0x82ACE567 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644B5E)
[Address] SSDT[179] : NtOpenFile @ 0x82AC75C4 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66437CC)
[Address] SSDT[187] : NtOpenMutant @ 0x82A696E1 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644A3E)
[Address] SSDT[190] : NtOpenProcess @ 0x82ACE531 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643074)
[Address] SSDT[194] : NtOpenSection @ 0x82ACC1BA - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66468CA)
[Address] SSDT[195] : NtOpenSemaphore @ 0x82A313CA - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644C7E)
[Address] SSDT[198] : NtOpenThread @ 0x82ACCE88 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6642F64)
[Address] SSDT[224] : NtQueryDirectoryObject @ 0x82AD587A - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6645868)
[Address] SSDT[254] : NtQuerySection @ 0x82AB8F04 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646E6A)
[Address] SSDT[269] : NtQueueApcThread @ 0x82A39AF1 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA664675C)
[Address] SSDT[292] : NtReplaceKey @ 0x82AEA0BA - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66416DE)
[Address] SSDT[294] : NtReplyPort @ 0x82A3E338 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644FE2)
[Address] SSDT[295] : NtReplyWaitReceivePort @ 0x82AC3B2D - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6644EA8)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x82AC3ACB - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646070)
[Address] SSDT[302] : NtRestoreKey @ 0x82AE2F4F - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6641A56)
[Address] SSDT[304] : NtResumeThread @ 0x82ABEFCF - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6647386)
[Address] SSDT[309] : NtSaveKey @ 0x82AE1060 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6641676)
[Address] SSDT[312] : NtSecureConnectPort @ 0x82AACA01 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66442C4)
[Address] SSDT[316] : NtSetContextThread @ 0x82B28D13 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66435EC)
[Address] SSDT[336] : NtSetInformationToken @ 0x82A66F42 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA664590A)
[Address] SSDT[347] : NtSetSecurityObject @ 0x82A63025 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646566)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82AD7DF5 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646FBA)
[Address] SSDT[366] : NtSuspendProcess @ 0x82B298B3 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66470AC)
[Address] SSDT[367] : NtSuspendThread @ 0x82AE6650 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66471E6)
[Address] SSDT[368] : NtSystemDebugControl @ 0x82A562FC - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66461FA)
[Address] SSDT[370] : NtTerminateProcess @ 0x82AAEB3D - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA664321A)
[Address] SSDT[371] : NtTerminateThread @ 0x82AC18E4 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643170)
[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82AC8CDC - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6646D0E)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82AD45B5 - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6643306)
[Address] Shadow SSDT[14] : NtGdiBitBlt - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66556D0)
[Address] Shadow SSDT[237] : NtGdiMaskBlt - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66557A6)
[Address] Shadow SSDT[247] : NtGdiPlgBlt - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655816)
[Address] Shadow SSDT[302] : NtGdiStretchBlt - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA665573A)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655D9E)
[Address] Shadow SSDT[323] : NtUserBuildHwndList - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA665587E)
[Address] Shadow SSDT[396] : NtUserFindWindowEx - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66554F4)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655302)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655602)
[Address] Shadow SSDT[436] : NtUserGetKeyState - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA665534E)
[Address] Shadow SSDT[490] : NtUserMessageCall - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655446)
[Address] Shadow SSDT[508] : NtUserPostMessage - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA665539A)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66553EE)
[Address] Shadow SSDT[524] : NtUserRegisterRawInputDevices - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA665558A)
[Address] Shadow SSDT[536] : NtUserSendInput - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66554A6)
[Address] Shadow SSDT[560] : NtUserSetParent - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655C50)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA6655248)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook - HOOKED (C:\Windows\system32\DRIVERS\4323098drv.sys @ 0xA66552A0)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
-- %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[MBR] 06f60d0cc84a1799f94da4810db600ba
[BSP] 708c75d30321ff071cac2e33986de7a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine :
RKreport[0]_S_02202014_225821.txt
petite precision mon clavier commence a reagir avec retardement entre le moment ou je frappe au clavier et le moment ou cela s ecrit effectivement
a priori cela fait la meme chse que sur mon autre pc objet de l autre sujet poste "rogue killer plante"
serais ce la meme infection? cela y ressemble en tout cas.
merci encore je suis un peu en stress car je prends des precautions pur la securite mais on nest pas a l abri
j ai peur en plus que comme je mets mes documents sur disque dur externe et forcement quand ca a commence mo DD externe etait branche et mes docs personnels et sauvegarde pour le boulot sont dessus
au secours!!!!!
