cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.6.0.0 [Apr 17 2015] بواسطة برنامج Adlice
البريد الإلكتروني : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
الموقع : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

نظام التشغيل : Windows 8.1 (6.3.9200 ) 32 bits version
يبدأ في : الوضع الطبيعي
المستخدم : sarabi [مسؤول]
Started from : C:\Users\sarabi\Desktop\RogueKiller.exe
الوضع : فحص -- اليوم : 04/22/2015 22:35:11

¤¤¤ العملية : 0 ¤¤¤

¤¤¤ المسجل : 10 ¤¤¤
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\sarabi\AppData\Local\Temp\mbr.sys) -> وجد
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\sarabi\AppData\Local\Temp\mbr.sys) -> وجد
[PUM.Proxy] HKEY_USERS\S-1-5-21-1125477855-3676448715-544904394-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 165.21.83.140:80 -> وجد
[VT.Unknown|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08B163FC-A0B9-4EEA-9269-B5C3678D69D7} | NameServer : 41.214.140.5 8.8.8.8 [(Unknown Country?) (XX)][-] -> وجد
[VT.Unknown|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED82B902-16AF-4666-AD67-8BBBB8122C81} | NameServer : 41.214.140.5 8.8.8.8 [(Unknown Country?) (XX)][-] -> وجد
[VT.Unknown|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08B163FC-A0B9-4EEA-9269-B5C3678D69D7} | NameServer : 41.214.140.5 8.8.8.8 [(Unknown Country?) (XX)][-] -> وجد
[VT.Unknown|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ED82B902-16AF-4666-AD67-8BBBB8122C81} | NameServer : 41.214.140.5 8.8.8.8 [(Unknown Country?) (XX)][-] -> وجد
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> وجد
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> وجد
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> وجد

¤¤¤ المهام : 0 ¤¤¤

¤¤¤ الملفات : 0 ¤¤¤

¤¤¤ ملف الهوست : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: محمل) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffb5fd9b69 (call 0x3f000009)

¤¤¤ المتصفح : 0 ¤¤¤

¤¤¤ فحص ال MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JD-60LSA0 ATA Device +++++
--- User ---
[MBR] 47a5ac9f2efe17f849d51eed217fd69a
[BSP] 0048602e7a4c825b57d6f572d76e4427 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81922048 | Size: 36317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HUAWEI SD Storage USB Device +++++
Error reading User MBR! ([15] ???????? ??? ????. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??????? ??? ?????. )

+++++ PhysicalDrive2: Kingston DataTraveler 108 USB Device +++++
--- User ---
[MBR] f09a0b714470eec18577c4bcb6f56bd4
[BSP] 2868247bdd505b6dc9db68bc5ccf55e6 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 7441 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8|VT.Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] ??????? ??? ?????. )


Publicité


Signaler le contenu de ce document

Publicité