RogueKiller V8.4.3 [Jan 31 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Marina [Droits d'admin]
Mode : Recherche -- Date : 31/01/2013 20:37:48
| ARK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-501777271-2833471655-36502973-1000\$1449c7edf112ca08657edc7468c84268\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-501777271-2833471655-36502973-1000\$1449c7edf112ca08657edc7468c84268\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-501777271-2833471655-36502973-1000\$1449c7edf112ca08657edc7468c84268\L --> TROUVÉ

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[75] : NtCreateSection @ 0x81E31E35 -> HOOKED (Unknown @ 0x8DF9C506)
SSDT[276] : NtRequestWaitReplyPort @ 0x81E43FE0 -> HOOKED (Unknown @ 0x8DF9C510)
SSDT[289] : NtSetContextThread @ 0x81E9310B -> HOOKED (Unknown @ 0x8DF9C50B)
SSDT[314] : NtSetSecurityObject @ 0x81DC003C -> HOOKED (Unknown @ 0x8DF9C515)
SSDT[332] : NtSystemDebugControl @ 0x81DF8EF1 -> HOOKED (Unknown @ 0x8DF9C51A)
SSDT[334] : NtTerminateProcess @ 0x81DF1173 -> HOOKED (Unknown @ 0x8DF9C4A7)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DF9C52E)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DF9C533)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a81f32cb306340cce1d9a72c16207035
[BSP] f38582cb8fa493e99ef3cf6315a112df : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14329980 | Size: 72990 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163814805 | Size: 72637 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_31012013_203748.txt >>
RKreport[1]_S_31012013_203748.txt