Et voici le dernier rapport de Roguekiller dans la foulée. J'ai cliqué sur suppression.
RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees:
http://www.sur-la-toile.com/discussion- ... ntees.htmlBlog:
http://tigzyrk.blogspot.comSysteme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: MadWoffen [Droits d'admin]
Mode: Suppression -- Date: 08/04/2012 20:24:21
¤¤¤ Processus malicieux: 3 ¤¤¤
[ROGUE ST] 2532430.exe -- C:\DOCUME~1\MADWOF~1\LOCALS~1\Temp\RarSFX3\2532430.exe -> KILLED [TermProc]
[ROGUE ST] 2532430.exe -- C:\DOCUME~1\MADWOF~1\LOCALS~1\Temp\7232230\2532430.exe -> NOT KILLED [0x6]
[ROGUE ST] 2532430.exe -- C:\DOCUME~1\MADWOF~1\LOCALS~1\Temp\7232230\2532430.exe -> KILLED [DrvNtTerm]
¤¤¤ Entrees de registre: 2 ¤¤¤
[SUSP PATH] _uninst_.lnk @MadWoffen : C:\Documents and Settings\MadWoffen\Local Settings\Temp\_uninst_.bat -> DELETED
[SUSP PATH] _uninst_00993192.lnk @MadWoffen : C:\Documents and Settings\MadWoffen\Local Settings\Temp\_uninst_00993192.bat -> DELETED
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[FAKED] alcacr.sys : c:\windows\system32\drivers\alcacr.sys --> CANNOT FIX
[FAKED] alcawh.sys : c:\windows\system32\drivers\alcawh.sys --> CANNOT FIX
¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[11] : NtAdjustPrivilegesToken @ 0x805E2876 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F690)
SSDT[25] : NtClose @ 0x805B1D8E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749FF94)
SSDT[31] : NtConnectPort @ 0x80599A14 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A0DC8)
SSDT[35] : NtCreateEvent @ 0x80605B84 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A1312)
SSDT[37] : NtCreateFile @ 0x8056E38C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A0270)
SSDT[41] : NtCreateKey @ 0x8061ACEC -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E500)
SSDT[43] : NtCreateMutant @ 0x8060E210 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A11F8)
SSDT[44] : NtCreateNamedPipeFile @ 0x8056E3C6 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F27E)
SSDT[46] : NtCreatePort @ 0x8059A530 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A10CC)
SSDT[50] : NtCreateSection @ 0x805A0816 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F426)
SSDT[51] : NtCreateSemaphore @ 0x8060BBBA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A1432)
SSDT[53] : NtCreateThread @ 0x805C736A -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749FC1C)
SSDT[56] : NtCreateWaitablePort @ 0x8059A554 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A1162)
SSDT[57] : NtDebugActiveProcess @ 0x8063A75E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2B1A)
SSDT[63] : NtDeleteKey @ 0x8061B188 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749EB0A)
SSDT[65] : NtDeleteValueKey @ 0x8061B358 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749EEBE)
SSDT[66] : NtDeviceIoControlFile @ 0x8056E552 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A06F2)
SSDT[68] : NtDuplicateObject @ 0x805B39A2 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A3D26)
SSDT[71] : NtEnumerateKey @ 0x8061B538 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F00A)
SSDT[73] : NtEnumerateValueKey @ 0x8061B7A2 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F0A2)
SSDT[84] : NtFsControlFile @ 0x8056E586 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A0500)
SSDT[97] : NtLoadDriver @ 0x8057969A -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2C0C)
SSDT[98] : NtLoadKey @ 0x8061CF10 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E4DC)
SSDT[99] : NtLoadKey2 @ 0x8061CB1C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E4EE)
SSDT[108] : NtMapViewOfSection @ 0x805A75C4 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A3374)
SSDT[111] : NtNotifyChangeKey @ 0x8061CEDA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F1CE)
SSDT[114] : NtOpenEvent @ 0x80605C84 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A13A8)
SSDT[116] : NtOpenFile @ 0x8056F4AA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A0016)
SSDT[119] : NtOpenKey @ 0x8061C0CA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E6C0)
SSDT[120] : NtOpenMutant @ 0x8060E2E8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A1288)
SSDT[122] : NtOpenProcess @ 0x805C13F8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F8CC)
SSDT[125] : NtOpenSection @ 0x8059F84C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A310E)
SSDT[126] : NtOpenSemaphore @ 0x8060BCB4 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A14C8)
SSDT[128] : NtOpenThread @ 0x805C1684 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F7BE)
SSDT[160] : NtQueryKey @ 0x8061C40C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F13A)
SSDT[161] : NtQueryMultipleValueKey @ 0x80619E3A -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749ED72)
SSDT[167] : NtQuerySection @ 0x805ADD1E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A36AE)
SSDT[177] : NtQueryValueKey @ 0x80618F10 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E99C)
SSDT[180] : NtQueueApcThread @ 0x805C75C8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2FA0)
SSDT[192] : NtRenameKey @ 0x8061A70E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749EC2C)
SSDT[193] : NtReplaceKey @ 0x8061CDC0 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749DF16)
SSDT[194] : NtReplyPort @ 0x8059A930 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A182C)
SSDT[195] : NtReplyWaitReceivePort @ 0x8059B8F8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A16F2)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981BA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A28B4)
SSDT[204] : NtRestoreKey @ 0x8061C6CC -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E28E)
SSDT[206] : NtResumeThread @ 0x805CAD9E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A3BC8)
SSDT[207] : NtSaveKey @ 0x8061C7C8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749DEAE)
SSDT[210] : NtSecureConnectPort @ 0x805991A8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A0B0E)
SSDT[213] : NtSetContextThread @ 0x805C7A8C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749FE38)
SSDT[230] : NtSetInformationToken @ 0x805F0BD6 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2154)
SSDT[237] : NtSetSecurityObject @ 0x805B6114 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2DAA)
SSDT[240] : NtSetSystemInformation @ 0x806068D6 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A37FE)
SSDT[247] : NtSetValueKey @ 0x8061925E -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749E816)
SSDT[253] : NtSuspendProcess @ 0x805CAE66 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A38F0)
SSDT[254] : NtSuspendThread @ 0x805CACD8 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A3A2A)
SSDT[255] : NtSystemDebugControl @ 0x8060EC2C -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A2A3E)
SSDT[257] : NtTerminateProcess @ 0x805C8DA6 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749FA68)
SSDT[258] : NtTerminateThread @ 0x805C8FA0 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749F9C8)
SSDT[267] : NtUnmapViewOfSection @ 0x805A83DA -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74A3552)
SSDT[277] : NtWriteVirtualMemory @ 0x805A9964 -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA749FB52)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B0118)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B01EE)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B025E)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B0182)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B07E6)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B02C6)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFF3C)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFD4A)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B004A)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFD96)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFE8E)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFDE2)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFE36)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFFD2)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFEEE)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74B0698)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFC90)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2532430drv.sys @ 0xA74AFCE8)
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 0f897fd93667c68a4638c7b2162af103
[BSP] 41c08c588ca4e2beabd5a66da602f1c7 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: Maxtor 6L300S0 +++++
--- User ---
[MBR] 4474ec69df5c03e02c110ee3566e6157
[BSP] 1a31c6e198c07ae4fde6f1b9e53b97ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286173 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[11].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt