cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V10.10.5.0 [Sep 14 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600) 32 bits version
Démarré en : Mode normal
Utilisateur : MOHAMED [Administrateur]
Démarré depuis : C:\Users\MOHAMED\Desktop\RogueKiller.exe
Mode : Suppression -- Date : 09/15/2015 00:54:21

¤¤¤ Processus : 2 ¤¤¤
[Proc.Injected] spoolsv.exe(1396) -- C:\Windows\System32\spoolsv.exe[x] -> [NoKill]
[VT.Unknown] Modem HDM EC156.exe(1544) -- C:\Program Files\Modem HDM EC156\Modem HDM EC156.exe[-] -> Tué(e) [TermProc]

¤¤¤ Registre : 4 ¤¤¤
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> ERROR [0]
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> ERROR [0]
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> ERROR [0]
[PUM.StartMenu] HKEY_USERS\S-1-5-21-331152101-495197419-3503789598-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Remplacé(e) (1)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 19 (Driver: Chargé) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d981b000000
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d984bc00000
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d985d800000
[SSDT:Addr(Hook.SSDT)] NtMakeTemporaryObject[164] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d9809c00000
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d986fc00000
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d9881c00000
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d9893c00000
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d90b6000000
[SSDT:Addr(Hook.SSDT)] NtSetSystemTime[352] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d90ecc00000
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d90fe800000
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d97f8000000
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d9471800000
[ShwSSDT:Addr(Hook.Shadow)] NtUserCallTwoParam[335] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d9618c00000
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d8feb400000
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d8fdec00000
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d8f63000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserQueryWindow[515] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d8f23000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserSendInput[536] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d960e000000
[ShwSSDT:Addr(Hook.Shadow)] NtUserSwitchDesktop[594] : C:\Users\MOHAMED\AppData\Local\Temp\B1DE0A69-7C17DB6C-8629158-C58355AC\153b419497.sys @ 0x41e27d8ebcc00000

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e84261b3c37d355f39d06a3ebeb55b89
[BSP] 4e8ca65792a94f4994d4cd7ef06a12af : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 219900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 450562048 | Size: 85243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité