cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V10.8.6.0 [Jun 22 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : Usuario [Administrateur]
Démarré depuis : C:\Users\Usuario\Desktop\RogueKiller (4).exe
Mode : Suppression -- Date : 06/28/2015 19:22:26

¤¤¤ Processus : 8 ¤¤¤
[AV.Killer] QQPCRTP.exe(808) -- C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe[7] -> ERROR [5]
[Suspicious.Path] explorer.exe(2432) -- C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT[7] -> Déchargé(e)
[PUP] (SVC) QMUdisk -- \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys[7] -> ERROR [41c]
[PUP] (SVC) QQPCRTP -- "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r[7] -> ERROR [6]
[PUP] (SVC) TAOAccelerator -- \??\C:\Windows\system32\Drivers\TAOAccelerator.sys[7] -> Arrêté(e)
[PUP] (SVC) TS888 -- \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TS888.sys[7] -> Arrêté(e)
[PUP] (SVC) TSDefenseBt -- system32\DRIVERS\TSDefenseBt.sys[7] -> Arrêté(e)
[PUP] (SVC) TSSysKit -- \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys[7] -> ERROR [6]

¤¤¤ Registre : 24 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TS888.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TS888.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMUdisk.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TS888.sys) -> ERROR [2]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> ERROR [5]
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys) -> ERROR [5]
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hao123.com/?tn=91284697_hao_pg -> ERROR [5]
[PUM.HomePage] HKEY_USERS\S-1-5-21-1539507423-729811589-3848484628-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hao123.com/?tn=91284697_hao_pg -> ERROR [5]
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : [X][X] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FEC4E5C0-D959-448F-817D-8B1F3F7688EC} | DhcpNameServer : [X][X] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FEC4E5C0-D959-448F-817D-8B1F3F7688EC} | DhcpNameServer : [X][X] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FEC4E5C0-D959-448F-817D-8B1F3F7688EC} | DhcpNameServer : [X][X] -> Remplacé(e) ()

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Chargé) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\EMSC.SYS)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - ExitProcess : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x6c0083b0 (jmp 0xf428c7ce)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - ShowWindow : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x6c008dfe (jmp 0xf46f9b55)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHLWAPI.dll - SHRegGetValueW : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMBrowserSafe.dll @ 0x71dd3d42 (jmp 0xfb7b8488)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMIEsafeDll.dll @ 0x71d96e6c (jmp 0xfb4c6a54)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - ShellExecuteExW : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMIEsafeDll.dll @ 0x71d96f17 (jmp 0xfb4c5121)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - RtlCreateProcessParametersEx : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMIEsafeDll.dll @ 0x71d972a2 (jmp 0xfa1603e9)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateUserProcess : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QMBrowserSafe.dll @ 0x71dd405e (jmp 0xfa1be8e6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - ExitProcess : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x6c0083b0 (jmp 0xf428c7ce)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSARecv : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSWebMon.dat @ 0x69fe08f5 (jmp 0xf3c3986c)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASocketW : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSWebMon.dat @ 0x69fe05ab (jmp 0xf3c3c8d8)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteExW : C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSWebMon.dat @ 0x6a0060bc (jmp 0xf37342c6)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9160310AS ATA Device +++++
--- User ---
[MBR] 9ff40770d891bdaa53fb89a1612d012e
[BSP] 21c6d3a8eb788d37ff1606810b54f561 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )


============================================
RKreport_SCN_06282015_133058.log - RKreport_DEL_06282015_133231.log - RKreport_DEL_06282015_133246.log - RKreport_DEL_06282015_133255.log
RKreport_DEL_06282015_133424.log - RKreport_DEL_06282015_133436.log - RKreport_DEL_06282015_133447.log - RKreport_DEL_06282015_133454.log
RKreport_DEL_06282015_133506.log - RKreport_DEL_06282015_133534.log - RKreport_DEL_06282015_133547.log - RKreport_DEL_06282015_133621.log
RKreport_SCN_06282015_191918.log - RKreport_DEL_06282015_192007.log - RKreport_DEL_06282015_192030.log - RKreport_DEL_06282015_192052.log
RKreport_DEL_06282015_192100.log - RKreport_DEL_06282015_192118.log - RKreport_DEL_06282015_192131.log - RKreport_DEL_06282015_192133.log

Publicité


Signaler le contenu de ce document

Publicité