cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V11.0.9.0 [Jan 24 2016] (Free) (H'37) (1F'E, Adlice
'D(1J/ 'D%DC*1HFJ : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
'DEHB9 : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

F8'E 'D*4:JD : Windows 8.1 (6.3.9600) 32 bits version
J(/# AJ : 'DH69 'D7(J9J
'DE3*./E : moner [E3$HD]
Started from : C:\Users\moner ali\Desktop\RogueKiller.exe
'DH69 : -0A -- 'DJHE : 01/29/2016 16:31:24

¤¤¤ 'D9EDJ) : 1 ¤¤¤
[Proc.RunPE] WmiPrvSE.exe(1736) -- C:\Windows\System32\wbem\WmiPrvSE.exe[-] -> *E -0A) [TermProc]

¤¤¤ 'DE3,D : 10 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B1E629C-6971-4051-817A-08C71E358712} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{45C4DEF9-837D-423E-911A-FE15138888DF} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C22F8-D03E-4790-900F-6EBBF0C6F5F8} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D467897B-4579-48E8-AF99-A2C1E373CA9F} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1B1E629C-6971-4051-817A-08C71E358712} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45C4DEF9-837D-423E-911A-FE15138888DF} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB7C22F8-D03E-4790-900F-6EBBF0C6F5F8} | DhcpNameServer : ([X][X]) -> %3*(/'D ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D467897B-4579-48E8-AF99-A2C1E373CA9F} | DhcpNameServer : ([X][X]) -> %3*(/'D ()

¤¤¤ 'DEG'E : 0 ¤¤¤

¤¤¤ 'DEDA'* : 0 ¤¤¤

¤¤¤ EDA 'DGH3* : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 41 (Driver: E-ED) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwThawTransactions[31] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae800e (jmp dword [0x8167e244])
[SSDT:Inl(Hook.SSDT)] ZwSinglePhaseReject[43] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4694 (jmp dword [0x8167e354])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransactionManager[72] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae8cdc (jmp dword [0x8167e324])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransaction[73] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7cd2 (jmp dword [0x8167e248])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationResourceManager[76] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae5094 (jmp dword [0x8167e24c])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationEnlistment[82] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae3fa6 (jmp dword [0x8167e250])
[SSDT:Inl(Hook.SSDT)] ZwRollforwardTransactionManager[103] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae8656 (jmp dword [0x8167e2e4])
[SSDT:Inl(Hook.SSDT)] ZwRollbackTransaction[104] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7c68 (jmp dword [0x8167e254])
[SSDT:Inl(Hook.SSDT)] ZwRollbackEnlistment[105] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae43b4 (jmp dword [0x8167e258])
[SSDT:Inl(Hook.SSDT)] ZwRollbackComplete[106] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4800 (jmp dword [0x8167e25c])
[SSDT:Inl(Hook.SSDT)] ZwRenameTransactionManager[120] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae84ee (jmp dword [0x8167e2dc])
[SSDT:Inl(Hook.SSDT)] ZwRegisterProtocolAddressInformation[130] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae8e1a (jmp dword [0x8167e2d8])
[SSDT:Inl(Hook.SSDT)] ZwRecoverTransactionManager[131] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae870e (jmp dword [0x8167e260])
[SSDT:Inl(Hook.SSDT)] ZwRecoverResourceManager[132] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4d20 (jmp dword [0x8167e358])
[SSDT:Inl(Hook.SSDT)] ZwRecoverEnlistment[133] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae3cf6 (jmp dword [0x8167e268])
[SSDT:Inl(Hook.SSDT)] ZwReadOnlyEnlistment[136] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae474a (jmp dword [0x8167e26c])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransactionManager[174] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae876a (jmp dword [0x8167e270])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransaction[175] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7446 (jmp dword [0x8167e274])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationResourceManager[178] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4e86 (jmp dword [0x8167e278])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationEnlistment[183] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae3d52 (jmp dword [0x8167e27c])
[SSDT:Inl(Hook.SSDT)] ZwPropagationFailed[199] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae90a8 (jmp dword [0x8167e280])
[SSDT:Inl(Hook.SSDT)] ZwPropagationComplete[200] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae8fde (jmp dword [0x8167e284])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareEnlistment[205] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4244 (jmp dword [0x8167e31c])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareComplete[206] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4524 (jmp dword [0x8167e294])
[SSDT:Inl(Hook.SSDT)] ZwPrepareEnlistment[207] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae418c (jmp dword [0x8167e288])
[SSDT:Inl(Hook.SSDT)] ZwPrepareComplete[208] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae446c (jmp dword [0x8167e28c])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransactionManager[211] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae827c (jmp dword [0x8167e308])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransaction[212] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7248 (jmp dword [0x8167e29c])
[SSDT:Inl(Hook.SSDT)] ZwOpenResourceManager[221] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4b6c (jmp dword [0x8167e2a0])
[SSDT:Inl(Hook.SSDT)] ZwOpenEnlistment[238] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae3b52 (jmp dword [0x8167e2a4])
[SSDT:Inl(Hook.SSDT)] ZwGetNotificationResourceManager[271] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae4d7a (jmp dword [0x8167e2a8])
[SSDT:Inl(Hook.SSDT)] ZwFreezeTransactions[282] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7f36 (jmp dword [0x8167e2ac])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[286] : C:\Windows\System32\halmacpi.dll @ 0xffffffff81426ca2 (call dword [0x8167e080])
[SSDT:Inl(Hook.SSDT)] ZwEnumerateTransactionObject[300] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae79fe (jmp dword [0x8167e2b0])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransactionManager[330] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae8064 (jmp dword [0x8167e2b4])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransaction[331] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae6f2c (jmp dword [0x8167e2b8])
[SSDT:Inl(Hook.SSDT)] ZwCreateResourceManager[341] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae48b6 (jmp dword [0x8167e2bc])
[SSDT:Inl(Hook.SSDT)] ZwCreateEnlistment[363] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae3950 (jmp dword [0x8167e2c0])
[SSDT:Inl(Hook.SSDT)] ZwCommitTransaction[373] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae7bfe (jmp dword [0x8167e2c4])
[SSDT:Inl(Hook.SSDT)] ZwCommitEnlistment[374] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae42fc (jmp dword [0x8167e2c8])
[SSDT:Inl(Hook.SSDT)] ZwCommitComplete[375] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff82ae45dc (jmp dword [0x8167e2cc])

¤¤¤ 'DE*5A- : 1 ¤¤¤
[FIREFX:Addon] hclnOhG6.default : Avira Browser Safety [abs@avira.com] -> E-0HA

¤¤¤ A-5 'D MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++
--- User ---
[MBR] 34cc0afdc990ffe8d46780b03a323866
[BSP] e1508925c676769716e5b5ff614287bd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 16065 | Size: 86 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 123260 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 252643328 | Size: 181883 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] ???????? ??? ????. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??????? ??? ?????. )


Publicité


Signaler le contenu de ce document

Publicité