cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V10.10.3.0 (x64) [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Java [Administrator]
Started from : C:\Users\Java\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 09/01/2015 20:18:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9a247f6d-2aa0-416f-8ff5-697de01f0d38} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9a247f6d-2aa0-416f-8ff5-697de01f0d38} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x75761501 (jmp 0xfda186a1|jmp 0xffffef9a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x75761599 (jmp 0xfda18719|jmp 0xffffef02|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x75761f19 (jmp 0xfda17939|jmp 0xffffe582|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x75761b89 (jmp 0xfda178b9|jmp 0xffffe912|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x757643e9 (jmp 0xfda1b309|jmp 0xffffc0b2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - RtlEqualSid : Unknown @ 0x75763a69 (jmp 0xfda37759|jmp 0xffffca32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtQueryInformationToken : Unknown @ 0x757639d1 (jmp 0xfda1abe1|jmp 0xffffcaca|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x75762931 (jmp 0xfda19a91|jmp 0xffffdb6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x75765229 (jmp 0xfda1c1a9|jmp 0xffffb272|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x757629c9 (jmp 0xfda19c29|jmp 0xffffdad2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtOpenProcessToken : Unknown @ 0x75763939 (jmp 0xfda19c19|jmp 0xffffcb62|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x75762af9 (jmp 0xfda18639|jmp 0xffffd9a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtSetValueKey : Unknown @ 0x75765359 (jmp 0xfda1c179|jmp 0xffffb142|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) ntdll.dll - NtOpenFile : Unknown @ 0x75763fc1 (jmp 0xfda1b0b1|jmp 0xffffc4da|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalA : Unknown @ 0x75764c39 (jmp 0x83e4c9|jmp 0xffffb862|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x75761a59 (jmp 0x8c3bc9|jmp 0xffffea42|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x75761d51 (jmp 0xfda18db1|jmp 0xffffe74a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x75762fb9 (jmp 0xfda19fc9|jmp 0xffffd4e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x75761af1 (jmp 0xfda18b71|jmp 0xffffe9aa|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x757617f9 (jmp 0xfda180e9|jmp 0xffffeca2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x75761cb9 (jmp 0xfda18c89|jmp 0xffffe7e2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x757650f9 (jmp 0xfda1baa9|jmp 0xffffb3a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x75761c21 (jmp 0xfda18de1|jmp 0xffffe87a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x75765191 (jmp 0xfda1c241|jmp 0xffffb30a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x75762769 (jmp 0xfda5dca9|jmp 0xffffdd32|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ avcuf32.dll) KERNEL32.DLL - CreateToolhelp32Snapshot : Unknown @ 0x75761e81 (jmp 0xfe93a971|jmp 0xffffe61a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ nss3.dll) MSVCR120.dll - fopen : Unknown @ 0x757648a9 (jmp 0xdde2ae5|jmp 0xffffbbf2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x75763e91 (jmp 0xfe617071|jmp 0xffffc60a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x75763f29 (jmp 0xfe628809|jmp 0xffffc572|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x75763d61 (jmp 0xfe617281|jmp 0xffffc73a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x75763c31 (jmp 0xfda19531|jmp 0xffffc86a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x75762a61 (jmp 0xfda18f31|jmp 0xffffda3a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x75763df9 (jmp 0xfe610bc9|jmp 0xffffc6a2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x75762049 (jmp 0xfe6244c9|jmp 0xffffe452|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ xul.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x757616c9 (jmp 0xfe623db9|jmp 0xffffedd2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ xul.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x75763349 (jmp 0xfdda2c19|jmp 0xffffd152|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ xul.dll) ADVAPI32.dll - CryptAcquireContextA : Unknown @ 0x757632b1 (jmp 0xfdda26b1|jmp 0xffffd1ea|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ npcomm.dll) WS2_32.dll - WSASend : Unknown @ 0x75764189 (jmp 0xffde6c59|jmp 0xffffc312|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ npcomm.dll) KERNEL32.DLL - GetStartupInfoA : Unknown @ 0x75763b99 (jmp 0xfe94a469|jmp 0xffffc902|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ IServConfig.dll) ADVAPI32.dll - CryptImportKey : Unknown @ 0x75763809 (jmp 0xfdda3f79|jmp 0xffffcc92|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ idmmkb.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x75761631 (jmp 0xfe60f4c1|jmp 0xffffee6a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ d3dcompiler_47.dll) ADVAPI32.dll - CryptHashData : Unknown @ 0x75763771 (jmp 0xfdda3e21|jmp 0xffffcd2a|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ d3dcompiler_47.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x757635a9 (jmp 0xfdda3c79|jmp 0xffffcef2|call 0x1fe)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ d3dcompiler_47.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x757636d9 (jmp 0xfdda41a9|jmp 0xffffcdc2|call 0x1fe)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] 3dab231439504bec43ad3c87b41e2778
[BSP] b9eb9a94b5b8a389b95df8937d78123c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 348526 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 714500096 | Size: 471614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1680365568 | Size: 133377 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité