Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
help me! I want understand
« previous
next »
Print
Pages: [
1
]
Author
Topic: help me! I want understand (Read 10019 times)
0 Members and 1 Guest are viewing this topic.
July 22, 2014, 02:01:54 PM
yuri86
Guest
help me! I want understand
«
on:
July 22, 2014, 02:01:54 PM »
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato
¤¤¤ Le attività pianificate : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 88 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerAddExcludedApplication : C:\Windows\System32\wer.dll @ 0x71b79cda
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerRemoveExcludedApplication : C:\Windows\System32\wer.dll @ 0x71b79e1e
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportAddDump : C:\Windows\System32\wer.dll @ 0x71b60805
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportAddFile : C:\Windows\System32\wer.dll @ 0x71b79c25
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportCloseHandle : C:\Windows\System32\wer.dll @ 0x71b5a882
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportCreate : C:\Windows\System32\wer.dll @ 0x71b60b51
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportSetParameter : C:\Windows\System32\wer.dll @ 0x71b5e726
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportSetUIOption : C:\Windows\System32\wer.dll @ 0x71b6073d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerReportSubmit : C:\Windows\System32\wer.dll @ 0x71b5b761
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerSysprepCleanup : C:\Windows\System32\wer.dll @ 0x71b79c4a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerSysprepGeneralize : C:\Windows\System32\wer.dll @ 0x71b79f4a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerSysprepSpecialize : C:\Windows\System32\wer.dll @ 0x71b79fca
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerUnattendedSetup : C:\Windows\System32\wer.dll @ 0x71b79fde
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddAppCompatData : C:\Windows\System32\wer.dll @ 0x71b7c3a4
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddFile : C:\Windows\System32\wer.dll @ 0x71b7ac8a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddMemoryBlock : C:\Windows\System32\wer.dll @ 0x71b7ad24
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddRegisteredDataToReport : C:\Windows\System32\wer.dll @ 0x71b60e70
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddSecondaryParameter : C:\Windows\System32\wer.dll @ 0x71b7b571
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpAddTextToReport : C:\Windows\System32\wer.dll @ 0x71b7aef6
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpArchiveReport : C:\Windows\System32\wer.dll @ 0x71b7ccfd
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpCancelResponseDownload : C:\Windows\System32\wer.dll @ 0x71b7a6ae
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpCancelUpload : C:\Windows\System32\wer.dll @ 0x71b7b30a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpCloseStore : C:\Windows\System32\wer.dll @ 0x71b57843
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpCreateIntegratorReportId : C:\Windows\System32\wer.dll @ 0x71b60e01
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpCreateMachineStore : C:\Windows\System32\wer.dll @ 0x71b6aaf4
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpDeleteReport : C:\Windows\System32\wer.dll @ 0x71b7a4c7
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpDestroyWerString : C:\Windows\System32\wer.dll @ 0x71b687a8
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpDownloadResponse : C:\Windows\System32\wer.dll @ 0x71b681d1
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpDownloadResponseTemplate : C:\Windows\System32\wer.dll @ 0x71b7c2f9
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpEnumerateStoreNext : C:\Windows\System32\wer.dll @ 0x71b57a2b
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpEnumerateStoreStart : C:\Windows\System32\wer.dll @ 0x71b579ef
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpExtractReportFiles : C:\Windows\System32\wer.dll @ 0x71b7b4e3
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpFreeString : C:\Windows\System32\wer.dll @ 0x71b63951
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetBucketId : C:\Windows\System32\wer.dll @ 0x71b7a821
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetBucketString : C:\Windows\System32\wer.dll @ 0x71b69ef9
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetDynamicParameter : C:\Windows\System32\wer.dll @ 0x71b7ae2a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetEventType : C:\Windows\System32\wer.dll @ 0x71b7a51d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetFileByIndex : C:\Windows\System32\wer.dll @ 0x71b7abb6
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetFilePathByIndex : C:\Windows\System32\wer.dll @ 0x71b7aa6f
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetIntegratorReportId : C:\Windows\System32\wer.dll @ 0x71b7bb77
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetLoadedModuleByIndex : C:\Windows\System32\wer.dll @ 0x71b7ab24
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetNumFiles : C:\Windows\System32\wer.dll @ 0x71b7a97b
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetNumLoadedModules : C:\Windows\System32\wer.dll @ 0x71b7aa0f
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetNumSecParams : C:\Windows\System32\wer.dll @ 0x71b7a88a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetNumSigParams : C:\Windows\System32\wer.dll @ 0x71b7a57f
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportConsent : C:\Windows\System32\wer.dll @ 0x71b7b1c5
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportFinalConsent : C:\Windows\System32\wer.dll @ 0x71b7b2a8
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportFlags : C:\Windows\System32\wer.dll @ 0x71b7b9d3
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportInformation : C:\Windows\System32\wer.dll @ 0x71b7afec
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportSettings : C:\Windows\System32\wer.dll @ 0x71b7bae7
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportTime : C:\Windows\System32\wer.dll @ 0x71b7a707
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetReportType : C:\Windows\System32\wer.dll @ 0x71b7b15c
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetResponseId : C:\Windows\System32\wer.dll @ 0x71b697e7
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetResponseUrl : C:\Windows\System32\wer.dll @ 0x71b69e85
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetSecParamByIndex : C:\Windows\System32\wer.dll @ 0x71b7a8e7
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetSigParamByIndex : C:\Windows\System32\wer.dll @ 0x71b7a5e1
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetStoreLocation : C:\Windows\System32\wer.dll @ 0x71b64a43
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetStorePath : C:\Windows\System32\wer.dll @ 0x71b56aaf
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetStoreType : C:\Windows\System32\wer.dll @ 0x71b7b0bf
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetTextFromReport : C:\Windows\System32\wer.dll @ 0x71b7af8e
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetUIParamByIndex : C:\Windows\System32\wer.dll @ 0x71b7a649
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetUploadTime : C:\Windows\System32\wer.dll @ 0x71b7a765
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetWerStringData : C:\Windows\System32\wer.dll @ 0x71b68772
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpGetWow64Process : C:\Windows\System32\wer.dll @ 0x71b7bd72
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpIsDisabled : C:\Windows\System32\wer.dll @ 0x71b569cd
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpIsTransportAvailable : C:\Windows\System32\wer.dll @ 0x71b6060a
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpLaunchResponse : C:\Windows\System32\wer.dll @ 0x71b7bdd0
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpLoadReport : C:\Windows\System32\wer.dll @ 0x71b69f82
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpOpenMachineArchive : C:\Windows\System32\wer.dll @ 0x71b68790
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpOpenMachineQueue : C:\Windows\System32\wer.dll @ 0x71b578ad
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpOpenUserArchive : C:\Windows\System32\wer.dll @ 0x71b5ae39
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpOpenUserQueue : C:\Windows\System32\wer.dll @ 0x71b57924
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpPromtUser : C:\Windows\System32\wer.dll @ 0x71b7b1b5
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpReportCancel : C:\Windows\System32\wer.dll @ 0x71b7ba5d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpRestartApplication : C:\Windows\System32\wer.dll @ 0x71b7c74b
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetCallBack : C:\Windows\System32\wer.dll @ 0x71b60d4d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetDefaultUserConsent : C:\Windows\System32\wer.dll @ 0x71b7bbdf
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetDynamicParameter : C:\Windows\System32\wer.dll @ 0x71b5d56d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetEventName : C:\Windows\System32\wer.dll @ 0x71b7b92d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetIntegratorReportId : C:\Windows\System32\wer.dll @ 0x71b60d99
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetReportFlags : C:\Windows\System32\wer.dll @ 0x71b7b97f
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetReportInformation : C:\Windows\System32\wer.dll @ 0x71b7b047
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetReportTime : C:\Windows\System32\wer.dll @ 0x71b7a7c3
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSetReportUploadContextToken : C:\Windows\System32\wer.dll @ 0x71b7ada8
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpShowUpsellUI : C:\Windows\System32\wer.dll @ 0x71b7ba4d
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSubmitReportFromStore : C:\Windows\System32\wer.dll @ 0x71b7bfd8
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpSvcReportFromMachineQueue : C:\Windows\System32\wer.dll @ 0x71b7b6e5
[EAT:Addr] (explorer.exe) PortableDeviceApi.dll - WerpUpdateReportResponse : C:\Windows\System32\wer.dll @ 0x71b7be21
¤¤¤ I browser Web : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9120822AS ATA Device +++++
--- User ---
[MBR] 73071902b6ac90c52efb9bebf789ae8a
[BSP] 76baf7085090bcf31ae572d7abcfa15f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
Logged
Reply #1
July 24, 2014, 10:50:34 AM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: help me! I want understand
«
Reply #1 on:
July 24, 2014, 10:50:34 AM »
Hello
Please use courtesy and ask a question.
Logged
Reply #2
July 24, 2014, 01:40:57 PM
yuri86
Guest
Re: help me! I want understand
«
Reply #2 on:
July 24, 2014, 01:40:57 PM »
Hello
Excuse me, I was hoping you could help me understand the antirootkit results, Thanks
Logged
Reply #3
July 24, 2014, 02:08:55 PM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: help me! I want understand
«
Reply #3 on:
July 24, 2014, 02:08:55 PM »
Ok.
Looks like Wer.dll is Windows Error Reporting DLL, and is legit.
It will be whitelisted for next release.
Logged
Reply #4
July 25, 2014, 10:10:36 AM
yuri86
Guest
Re: help me! I want understand
«
Reply #4 on:
July 25, 2014, 10:10:36 AM »
Hello
Merci Tzigi pour la reponse, Je voulex savoir aussi Que est ce que signifique 'driver loaded' parce que je jamais charge c'est drive ou c'est logiciel wer.dll?
Et que est ce que fait wer.dell?
Et que est ce que signifique EAT exploere.exe( hook.IEAT)?
Enfin je suis enfecte?
Merci a l avance pour l attention
Logged
Reply #5
July 28, 2014, 11:34:38 AM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: help me! I want understand
«
Reply #5 on:
July 28, 2014, 11:34:38 AM »
1/ Driver loaded signifie que le driver de RogueKiller a été chargé en mémoire
2/ Aucune idée, wer.dll est une DLL de Microsoft, elle est très probablement utile.
3/ Hook IAT/EAT:
http://0vercl0k.blogspot.fr/2007/11/api-hooking-iat-patching.html
4/ Probablement pas.
Logged
Reply #6
July 29, 2014, 10:32:04 AM
yuri86
Guest
Re: help me! I want understand
«
Reply #6 on:
July 29, 2014, 10:32:04 AM »
Hello
Merci Tigzy, pour la reponse
Mais, Je comprend pas parce que c' est ''88 driver loaded'' dans la session rootkit sont remarque en orange ce sont legitime?
Wer.dll c'est microsoft, et utilizze c'est tecnologie pour crèe des files dump(avec tous les information sur la ram) pour comprend la raison des crash et des problem de l ordinateur
Peu etre que c'est une malware\hacker que utilize cette tecnologie(microsoft) pour prendre des information?
Excuse moi pour le francaise pas terrible
Merci a l avance pour l attention
Logged
Reply #7
July 29, 2014, 02:58:19 PM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: help me! I want understand
«
Reply #7 on:
July 29, 2014, 02:58:19 PM »
Non pas de souci, c'est juste une DLL légitime qui se branche sur une processus pour filtrer les appels.
Logged
Reply #8
July 29, 2014, 05:50:32 PM
yuri86
Guest
Re: help me! I want understand
«
Reply #8 on:
July 29, 2014, 05:50:32 PM »
Ok
Grand merci
Ca fait plaisir d avoir une personne qui t explique de chose qui t arrive pas a comprendre tout seul.
Copliments pour le forum!
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
help me! I want understand