cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : STAGIAIRE [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/03/2015 01:30:28

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] Moveslink2.exe(2384) -- C:\Users\STAGIAIRE\AppData\Local\Apps\2.0\AMDYTZ21.MZN\PCT9324B.WZ7\move..tion_3ccae3cb2a36e2f5_0001.0002_7e496279a8bddd76\Moveslink2.exe[-] -> Killed [TermProc]
[Suspicious.Path] (SVC) NAVENG -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS[7] -> Stopped
[Suspicious.Path] (SVC) NAVEX15 -- \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS[7] -> Stopped

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-765176427-3258650836-1781174930-1000\Software\Microsoft\Windows\CurrentVersion\Run | Moveslink2 : C:\Users\STAGIAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-765176427-3258650836-1781174930-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 10.127.254.1:80 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-765176427-3258650836-1781174930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Registration -- "C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 23 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x864d5a08
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x864d5ae8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x864d25c8
[SSDT:Addr(Hook.SSDT)] ExpInterlockedPopEntrySListResume[59] : Unknown @ 0x8648cd28
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x864d5758
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x864d2798
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x864d23e8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x864d5848
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x864d5928
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x864d22e8
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x864d5678
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x864d26b8
[SSDT:Addr(Hook.SSDT)] NtOpenThreadToken[199] : Unknown @ 0x864d5fc0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x864d8150
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x864d5ee0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x864d2118
[SSDT:Addr(Hook.SSDT)] NtSetInformationThread[335] : Unknown @ 0x864d5df0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x864d5598
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x864d5c30
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x864d2878
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x864d5d10
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x864d2208
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x864d24d8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST325031 8AS SATA Disk Device +++++
--- User ---
[MBR] d867c89442c4b5f1e14134c13661594b
[BSP] f9843788f170f71da7379ddb5712325e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2047 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4194304 | Size: 228101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471345152 | Size: 8316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HM160HI USB Device +++++
--- User ---
[MBR] 55b414130ca0d1ebc20e83de9ffae89f
[BSP] d090146c01af0d2d8856b3c84dbf020c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 152617 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


Publicité


Signaler le contenu de ce document

Publicité