cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V10.11.2.0 (x64) [Oct 20 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Attaya [Administrator]
Started from : C:\Users\Attaya\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 10/25/2015 01:50:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-006E-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-0044-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-006E-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-0044-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-006E-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-0044-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-006E-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90150000-0044-0401-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BdApiUtil (\??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil64.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BdCameraProtect (\??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect64.sys) -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \060184C3-9766-46a0-B258-F4518A0B2633 -- C:\Windows\system32\CScript.exe ("C:\ProgramData\Baidu Security\Duplicaterecord.js") -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992e15 (jmp 0xfffffffffd0a2d9d)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ imm32.dll) user32!CreateWindowExW : C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavUm.dll @ 0x525030 (jmp dword [0x71aa001e]|jmp 0x6|jmp 0x8ea74ffa)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ shell32.dll) user32!SetWindowsHookExW : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992ecd (jmp 0xfe00b8ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ BavCommon.dll) shell32!SHFileOperationW : C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavUm.dll @ 0x525bd0 (jmp dword [0x71a7001e]|jmp 0x6|jmp 0x8eaa5b9a)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ idmmkb.dll) user32!SetWindowsHookExA : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992e92 (jmp 0xfe00ab36)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992e15 (jmp 0xfffffffffd0a2d9d)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ user32.dll) ntdll!NlsAnsiCodePage : Unknown @ 0x159d3f19 (call 0xffffffff9e003f09)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ imm32.dll) user32!CreateWindowExW : C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavUm.dll @ 0xf65030 (jmp dword [0x71aa001e]|jmp 0x6|jmp 0x8f4b4ffa)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ shell32.dll) user32!SetWindowsHookExW : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992ecd (jmp 0xfe00b8ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992e15 (jmp 0xfffffffffd0a2d9d)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ imm32.dll) user32!CreateWindowExW : C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavUm.dll @ 0x1285030 (jmp dword [0x71aa001e]|jmp 0x6|jmp 0x8f7d4ffa)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ shell32.dll) user32!SetWindowsHookExW : C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll @ 0x74992ecd (jmp 0xfe00b8ca)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 593445b863e3b97f6465f0808648eab6
[BSP] f63fd714b2c8952c900fbd8c7ec837fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 178176 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 364906496 | Size: 178176 MB [Windows XP Bootstrap | Unknown Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 729810944 | Size: 178176 MB [Windows XP Bootstrap | Unknown Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1094715392 | Size: 180875 MB [Windows XP Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité