cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V11.0.3.0 [Dec 14 2015] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : hp [Administrateur]
Démarré depuis : C:\Users\hp\Desktop\RogueKiller.exe
Mode : Suppression -- Date : 12/19/2015 23:14:46

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 20 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Hola -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Pandora.TV -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll) -> Non sélectionné
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eapihdrv (\??\C:\Users\hp\AppData\Local\Temp\ehdrv.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eapihdrv (\??\C:\Users\hp\AppData\Local\Temp\ehdrv.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eapihdrv (\??\C:\Users\hp\AppData\Local\Temp\ehdrv.sys) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69C87377-34C8-4EF4-8028-8650F97F4B7F} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA7E383E-0C79-44F7-89C2-19CF0B6AA644} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{69C87377-34C8-4EF4-8028-8650F97F4B7F} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA7E383E-0C79-44F7-89C2-19CF0B6AA644} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{69C87377-34C8-4EF4-8028-8650F97F4B7F} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EA7E383E-0C79-44F7-89C2-19CF0B6AA644} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Non sélectionné
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 2 ¤¤¤
[PUP][Répertoire] C:\Program Files\Hola -> ERROR [3]
[PUP][Répertoire] C:\Program Files\Hola\db -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\hola_svc.exe.cid -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\hola_updater.exe.cid -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_031400_perr_svc_media_mp_progress_err_torrent_err.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_031400_perr_svc_media_mp_progress_err_torrent_err.sent -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_031403_perr_svc_media_mp_progress_err_torrent_err.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_031403_perr_svc_media_mp_progress_err_torrent_err.sent -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_144342_uninstall.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\20151122_144342_uninstall.sent -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\install.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\svc.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\ui.log -> Supprimé(e)
[PUP][Fichier] C:\Program Files\Hola\log\updater.log -> Supprimé(e)
[PUP][Répertoire] C:\Program Files\Hola\log -> Supprimé(e)
[PUP][Répertoire] C:\Program Files\Hola\temp -> Supprimé(e)
[PUP][Répertoire] C:\Program Files\PANDORA.TV -> ERROR [3]

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 69 (Driver: Chargé) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff9d9d59bd (call dword [0x82d63d14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff82c0f468 (call dword [0x82c3b0b4])
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_READ[3] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_WRITE[4] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_WRITE[4] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntkrnlpx.exe @ 0xffffffff82cefda3
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32!GetMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604210 (ret)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32!PeekMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604360 (ret)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SHLWAPI.dll) USER32!PeekMessageA : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x756042b0 (ret)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SHLWAPI.dll) USER32!GetMessageA : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604170 (ret)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SHELL32.dll) USER32!IsDialogMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x756040f0 (ret)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ieframe.dll) USER32!IsDialogMessageA : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604070 (ret)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32!GetMessageA : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604170 (ret)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32!PeekMessageA : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x756042b0 (ret)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ WINMM.dll) USER32!PeekMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604360 (ret)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ MSCTF.dll) USER32!GetMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x75604210 (ret)
[IAT:Inl(Hook.IEAT)] (firefox.exe @ SHELL32.dll) USER32!IsDialogMessageW : C:\Program Files\KeyCryptSDK\KeyCrypt32(3).dll @ 0x756040f0 (ret)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1743cacb64a5b9218dcc7f23a42ba9ab
[BSP] bb1307d25a8bb6b17c06203ea11b9850 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HDT721075SLA380 ATA Device +++++
--- User ---
[MBR] 994a2cd9bc32f5288107000ba4a57604
[BSP] 4ab8a4ca7d94424d5b94bd601ec22373 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 717625344 | Size: 364999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité