cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : hp.21 [Admin rights]
Mode : Remove -- Date : 06/06/2014 19:46:26

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\Windows\RACHook36.DLL[-] -> UNLOADED

¤¤¤ Registry Entries : 5 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-1634012864-2999947893-1038358580-1000\Software\Microsoft\Windows\CurrentVersion\Run | Serviecs.vbs : "C:\Users\hp.21\AppData\Local\Temp\Serviecs.vbs" [x] -> DELETED
[PUM.Policies] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | disabletaskmgr : 0 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | disabletaskmgr : 0 -> NOT SELECTED

¤¤¤ Scheduled tasks : 2 ¤¤¤
[Suspicious.Path] \\{0989EEC4-9D04-4121-ACBB-0D9094ECAFB4} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\hp.21\Desktop\Adobe® Photoshop® 7 FR\Setup.exe" -d "C:\Users\hp.21\Desktop\Adobe® Photoshop® 7 FR") -> DELETED
[Suspicious.Path] \\{D65EF72E-B15B-4D7F-8D00-E165AC85D896} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\hp.21\Desktop\Adobe® Photoshop® 7 FR\Setup.exe" -d "C:\Users\hp.21\Desktop\Adobe® Photoshop® 7 FR") -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 12 ¤¤¤
[SSDT:Addr] NtAlpcConnectPort[22] : Unknown @ 0x85f88c80
[SSDT:Addr] NtLoadDriver[155] : Unknown @ 0x85f78ab0
[ShwSSDT:Addr] NtUserAttachThreadInput[318] : Unknown @ 0x882452f0
[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : Unknown @ 0x871f7ad0
[ShwSSDT:Addr] NtUserGetKeyboardState[434] : Unknown @ 0x881ccdf0
[ShwSSDT:Addr] NtUserGetKeyState[436] : Unknown @ 0x88247a08
[ShwSSDT:Addr] NtUserGetRawInputData[448] : Unknown @ 0x871f7b48
[ShwSSDT:Addr] NtUserMessageCall[490] : Unknown @ 0x85906370
[ShwSSDT:Addr] NtUserPostMessage[508] : Unknown @ 0x881ccd68
[ShwSSDT:Addr] NtUserPostThreadMessage[509] : Unknown @ 0x881ccce0
[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : Unknown @ 0x882458e0
[ShwSSDT:Addr] NtUserSetWinEventHook[588] : Unknown @ 0x8824d890

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 ATA Device +++++
--- User ---
[MBR] 55fb7eca62fcf7e1059fdee1d03f6de8
[BSP] cf1777255641dd37c8879396e3aec529 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102402048 | Size: 426938 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] 42b2ffdadd0456ec68f53197cbfdd1b8
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30955 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_06052014_222836.log - RKreport_SCN_06062014_194416.log

Publicité


Signaler le contenu de ce document

Publicité