cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : STAGIAIRE [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/03/2015 01:58:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\STAGIA~1\AppData\Local\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\STAGIA~1\AppData\Local\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVENG.SYS) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 (\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20150105.019\NAVEX15.SYS) -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-21-765176427-3258650836-1781174930-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 10.127.254.1:80 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-765176427-3258650836-1781174930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 23 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x864d5a08
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x864d5ae8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x864d25c8
[SSDT:Addr(Hook.SSDT)] ExpInterlockedPopEntrySListResume[59] : Unknown @ 0x8648cd28
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x864d5758
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x864d2798
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x864d23e8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x864d5848
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x864d5928
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x864d22e8
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x864d5678
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x864d26b8
[SSDT:Addr(Hook.SSDT)] NtOpenThreadToken[199] : Unknown @ 0x864d5fc0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x864d8150
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x864d5ee0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x864d2118
[SSDT:Addr(Hook.SSDT)] NtSetInformationThread[335] : Unknown @ 0x864d5df0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x864d5598
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x864d5c30
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x864d2878
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x864d5d10
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x864d2208
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x864d24d8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST325031 8AS SATA Disk Device +++++
--- User ---
[MBR] d867c89442c4b5f1e14134c13661594b
[BSP] f9843788f170f71da7379ddb5712325e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2047 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4194304 | Size: 228101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471345152 | Size: 8316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HM160HI USB Device +++++
--- User ---
[MBR] 55b414130ca0d1ebc20e83de9ffae89f
[BSP] d090146c01af0d2d8856b3c84dbf020c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 152617 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_DEL_04032015_013647.log - RKreport_SCN_04032015_013028.log - RKreport_SCN_04032015_015757.log

Publicité


Signaler le contenu de ce document

Publicité