cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V10.10.7.0 [Sep 28 2015] (H'37) (1F'E, Adlice
'D(1J/ 'D%DC*1HFJ : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
'DEHB9 : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

F8'E 'D*4:JD : Windows 10 (10.0.10240) 32 bits version
J(/# AJ : 'DH69 'D7(J9J
'DE3*./E : ??? ?????????????? [E3$HD]
Started from : C:\Users\??? ??????????????\Desktop\??? ???? RogueKiller ???? ???????\RogueKiller.exe
'DH69 : -0A -- 'DJHE : 10/01/2015 20:45:31

¤¤¤ 'D9EDJ) : 0 ¤¤¤

¤¤¤ 'DE3,D : 11 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-3628717011-302736890-495936664-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\??? ??????????????\AppData\Local\Microsoft\OneDrive\17.3.5907.0716 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\??? ??????????????\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" [-][x][x][x][x][x][x] -> ERROR [0]
[Suspicious.Path] HKEY_USERS\S-1-5-21-3628717011-302736890-495936664-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\??? ??????????????\AppData\Local\Microsoft\OneDrive\17.3.5930.0814 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\??? ??????????????\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" [-][x][x][x][x][x][-] -> ERROR [0]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpKsl389b55b2 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1813790-EFC1-4549-864B-A5F7B8B25F99}\MpKsl389b55b2.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpKsl40e2a965 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl40e2a965.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpKsl9e400822 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl9e400822.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl389b55b2 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1813790-EFC1-4549-864B-A5F7B8B25F99}\MpKsl389b55b2.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl40e2a965 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl40e2a965.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl9e400822 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl9e400822.sys) -> ERROR [2]
[PUM.Proxy] HKEY_USERS\S-1-5-21-3628717011-302736890-495936664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 213.108.74.236:8081 -> ERROR [0]
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ba86b842-3d2d-4414-ac6f-aa7a5cc04798} | DhcpNameServer : ([X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ba86b842-3d2d-4414-ac6f-aa7a5cc04798} | DhcpNameServer : ([X]) -> %3*(/'D ()

¤¤¤ 'DEG'E : 0 ¤¤¤

¤¤¤ 'DEDA'* : 0 ¤¤¤

¤¤¤ EDA 'DGH3* : 0 ¤¤¤

¤¤¤ Antirootkit : 50 (Driver: E-ED) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHAddToRecentDocs : C:\Windows\system32\windows.storage.dll @ 0x74cb94b0 (jmp dword [0x76054fb8])
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetFolderPathEx : C:\Windows\system32\windows.storage.dll @ 0x74d4e7a0 (jmp dword [0x76055024])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x35a6995b (call 0xbe022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x23a6995b (call 0xac022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetFolderPathEx : C:\Windows\system32\windows.storage.dll @ 0x74d4e7a0 (jmp dword [0x76055024])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x7ca6995b (call 0x5022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffeba6995b (call 0x74022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x44a6995b (call 0xcd022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x4ca6995b (call 0xd5022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x36a6995b (call 0xbf022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffff9ca6995b (call 0x25022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x7ca6995b (call 0x5022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x71a6995b (call 0xfa022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffefa6995b (call 0x78022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffff93a6995b (call 0x1c022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x2ba6995b (call 0xb4022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x2ba6995b (call 0xb4022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0x6ba6995b (call 0xf4022209)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\system32\windows.storage.dll @ 0x74d90f40 (jmp dword [0x76055030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\system32\windows.storage.dll @ 0x74d8d920 (jmp dword [0x7605502c])

¤¤¤ 'DE*5A- : 0 ¤¤¤

¤¤¤ A-5 'D MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
--- User ---
[MBR] 70aeeec6941565fbbb4d8531beafe054
[BSP] e5d371498bfcabda9a94c6ff76ad70cb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 234742 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 480753664 | Size: 480660 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Publicité


Signaler le contenu de ce document

Publicité