« previous next »
Pages: [1]

Author Topic: RogueKiller a trouvé 26 Element dans la section AntiRootKit  (Read 3840 times)

0 Members and 1 Guest are viewing this topic.

November 10, 2014, 07:33:04 AM

SworDGenesis

  • Guest
RogueKiller a trouvé 26 Element dans la section AntiRootKit
« on: November 10, 2014, 07:33:04 AM »
Bonjour , Voilà j'ai depuis quelques temps des soucis avec mon pc (pertes de droits admin dans le registre et même dans beaucoup de dossier ... )
J'ai donc installer un gestionnaire de tache (Bill2's) qui ma indiqué 80 processus caché ...
En cherchant un proccesus sur google , je suis tombé sur un cas de décontamination sur ce forum ^^
j'ai donc fait un scan roguekiller qui a trouvé 26 Element dans la section AntiRootKit et une clé de registre qu'il ma supprimé .

Je vous met donc à disposition le rapport et je remercie d'avance toutes personnes qui pourrait me venir en aide :)

Rapport :


RogueKiller V10.0.4.0 [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Démarré en  : Mode normal
Utilisateur : SworD [Administrateur]
Mode : Suppression -- Date : 11/10/2014  07:07:37

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 1 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 -> ERROR [2]

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 26 (Driver: Non chargé [0xc000036b]) ¤¤¤
[IAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\Windows\SYSTEM32\gpapi.dll @ 0x6f637300
[IAT:Inl] (iexplore.exe @ nvinit.dll) USER32.dll - EnumDisplayDevicesA : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42e0 (jmp 0xfffffffff9dc5160)
[IAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x76e570c0
[IAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x76e58410
[IAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-coml2-l1-1-1.dll - Coml2DllGetClassObject : C:\Windows\SYSTEM32\coml2.dll @ 0x75263880
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - CreateWindowExW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d3a40 (jmp 0xfffffffff9dddb80)
[IAT:Addr] (iexplore.exe @ ole32.dll) api-ms-win-core-com-l2-1-1.dll - StgCreateDocfileOnILockBytes : C:\Windows\SYSTEM32\coml2.dll @ 0x752656d0
[IAT:Addr] (iexplore.exe @ ole32.dll) api-ms-win-core-com-l2-1-1.dll - CreateILockBytesOnHGlobal : C:\Windows\SYSTEM32\coml2.dll @ 0x75297460
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - CreateWindowExW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d3a40 (jmp 0xfffffffff9dddb80)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - EnumDisplayDevicesW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4350 (jmp 0xfffffffff9dd83e0)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - DisplayConfigGetDeviceInfo : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42d0 (jmp 0xfffffffff9dd8180)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - EnumDisplayDevicesW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4350 (jmp 0xfffffffff9dd83e0)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - EnumDisplayDevicesW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4350 (jmp 0xfffffffff9dd83e0)
[IAT:Inl] (iexplore.exe @ ieproxy.dll) KERNEL32.dll - RegQueryValueExW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4b10 (jmp 0xfffffffff9e9f270)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - DisplayConfigGetDeviceInfo : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42d0 (jmp 0xfffffffff9dd8180)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - ChangeDisplaySettingsExW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d3850 (jmp 0xfffffffff9d90df0)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - EnumDisplayDevicesW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4350 (jmp 0xfffffffff9dd83e0)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - DisplayConfigGetDeviceInfo : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42d0 (jmp 0xfffffffff9dd8180)
[IAT:Inl] (iexplore.exe @ nvumdshim.dll) USER32.dll - DisplayConfigGetDeviceInfo : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42d0 (jmp 0xfffffffff9dd8180)
[IAT:Inl] (iexplore.exe @ nvumdshim.dll) USER32.dll - EnumDisplayDevicesA : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42e0 (jmp 0xfffffffff9dc5160)
[IAT:Inl] (iexplore.exe @ igd10iumd32.dll) USER32.dll - EnumDisplayDevicesA : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42e0 (jmp 0xfffffffff9dc5160)
[IAT:Addr] (iexplore.exe @ windows.globalization.dll) ext-ms-win-globalization-input-l1-1-0.dll - WGIGetCurrentInputLanguage : C:\Windows\SYSTEM32\globinputhost.dll @ 0x5d7267f0
[IAT:Addr] (iexplore.exe @ coml2.dll) api-ms-win-security-cryptoapi-l1-1-0.dll - CryptAcquireContextW : C:\Windows\SYSTEM32\CRYPTSP.dll @ 0x743c4530
[IAT:Addr] (iexplore.exe @ coml2.dll) api-ms-win-security-cryptoapi-l1-1-0.dll - CryptGenRandom : C:\Windows\SYSTEM32\CRYPTSP.dll @ 0x743c40d0
[IAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - EnumDisplayDevicesW : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d4350 (jmp 0xfffffffff9dd83e0)
[IAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - EnumDisplayDevicesA : C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll @ 0x711d42e0 (jmp 0xfffffffff9dc5160)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-75JJ5T0 +++++
--- User ---
[MBR] 4e8fdcb9061e1036235630dc4b53b3d6
[BSP] 5116f1107891473208f98a46d33a87ce : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 84650 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 174082048 | Size: 220243 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11102014_064424.log - RKreport_DEL_11102014_070659.log
Logged
Reply #1November 10, 2014, 09:35:15 AM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller a trouvé 26 Element dans la section AntiRootKit
« Reply #1 on: November 10, 2014, 09:35:15 AM »
Bonjour,
Il s'agit de faux positifs qui seront corrigés dans la prochaine version.
Logged
Pages: [1]
« previous next »