cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V11.0.7.0 [Jan 11 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8 (6.2.9200) 32 bits version
Démarré en : Mode normal
Utilisateur : hako [Administrateur]
Démarré depuis : C:\Users\hako\Downloads\RogueKiller.exe
Mode : Scan -- Date : 01/12/2016 19:49:39

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 3 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-4147993359-3191228837-674029696-1001\Software\Microsoft\Windows\CurrentVersion\Run | CatalinaGroup Update : "C:\Users\hako\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c [7][x] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpKslf8e0fdf2 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98B59C5D-EDE2-40EB-8A86-A53861A95FAB}\MpKslf8e0fdf2.sys) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKslf8e0fdf2 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98B59C5D-EDE2-40EB-8A86-A53861A95FAB}\MpKslf8e0fdf2.sys) -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-4147993359-3191228837-674029696-1001Core1d1051440ef8300.job -- C:\Users\hako\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe (/c) -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 42 (Driver: Chargé) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwThawTransactions[31] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812edc6 (jmp dword [0x82267030])
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[35] : C:\Windows\System32\Drivers\zamguard32.sys @ 0xffffffff8e5a5ea8
[SSDT:Inl(Hook.SSDT)] ZwSinglePhaseReject[43] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b464 (jmp dword [0x82267110])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransactionManager[69] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812fa92 (jmp dword [0x82267114])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransaction[70] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812ea60 (jmp dword [0x82267034])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationResourceManager[73] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812be54 (jmp dword [0x82267128])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationEnlistment[79] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812ad86 (jmp dword [0x8226703c])
[SSDT:Inl(Hook.SSDT)] ZwRollforwardTransactionManager[100] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812f412 (jmp dword [0x82267118])
[SSDT:Inl(Hook.SSDT)] ZwRollbackTransaction[101] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812e9f8 (jmp dword [0x82267040])
[SSDT:Inl(Hook.SSDT)] ZwRollbackEnlistment[102] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b18c (jmp dword [0x82267044])
[SSDT:Inl(Hook.SSDT)] ZwRollbackComplete[103] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b5cc (jmp dword [0x82267048])
[SSDT:Inl(Hook.SSDT)] ZwRenameTransactionManager[117] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812f2ae (jmp dword [0x8226711c])
[SSDT:Inl(Hook.SSDT)] ZwRegisterProtocolAddressInformation[127] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812fbd2 (jmp dword [0x82267120])
[SSDT:Inl(Hook.SSDT)] ZwRecoverTransactionManager[128] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812f4c8 (jmp dword [0x8226704c])
[SSDT:Inl(Hook.SSDT)] ZwRecoverResourceManager[129] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812bae4 (jmp dword [0x82267050])
[SSDT:Inl(Hook.SSDT)] ZwRecoverEnlistment[130] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812aada (jmp dword [0x82267054])
[SSDT:Inl(Hook.SSDT)] ZwReadOnlyEnlistment[133] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b518 (jmp dword [0x82267058])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransactionManager[171] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812f522 (jmp dword [0x8226705c])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransaction[172] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812e1d8 (jmp dword [0x82267060])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationResourceManager[175] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812bc48 (jmp dword [0x82267064])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationEnlistment[180] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812ab34 (jmp dword [0x822670e0])
[SSDT:Inl(Hook.SSDT)] ZwPropagationFailed[196] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812fe5e (jmp dword [0x8226706c])
[SSDT:Inl(Hook.SSDT)] ZwPropagationComplete[197] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812fd94 (jmp dword [0x82267070])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareEnlistment[202] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b020 (jmp dword [0x8226707c])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareComplete[203] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b2f8 (jmp dword [0x82267080])
[SSDT:Inl(Hook.SSDT)] ZwPrepareEnlistment[204] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812af6a (jmp dword [0x82267074])
[SSDT:Inl(Hook.SSDT)] ZwPrepareComplete[205] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b242 (jmp dword [0x82267078])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransactionManager[208] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812f032 (jmp dword [0x82267084])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransaction[209] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812dfd6 (jmp dword [0x82267088])
[SSDT:Inl(Hook.SSDT)] ZwOpenResourceManager[218] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b92c (jmp dword [0x8226708c])
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[221] : C:\Windows\System32\Drivers\zamguard32.sys @ 0xffffffff8e5a5d5a
[SSDT:Inl(Hook.SSDT)] ZwOpenEnlistment[235] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812a936 (jmp dword [0x82267090])
[SSDT:Inl(Hook.SSDT)] ZwGetNotificationResourceManager[268] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812bb3c (jmp dword [0x82267094])
[SSDT:Inl(Hook.SSDT)] ZwFreezeTransactions[278] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812ecf2 (jmp dword [0x82267098])
[SSDT:Inl(Hook.SSDT)] ZwEnumerateTransactionObject[296] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812e792 (jmp dword [0x8226709c])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransactionManager[326] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812ee1c (jmp dword [0x822670a0])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransaction[327] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812dcba (jmp dword [0x822670a4])
[SSDT:Inl(Hook.SSDT)] ZwCreateResourceManager[337] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b680 (jmp dword [0x822670a8])
[SSDT:Inl(Hook.SSDT)] ZwCreateEnlistment[358] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812a736 (jmp dword [0x822670ac])
[SSDT:Inl(Hook.SSDT)] ZwCommitTransaction[368] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812e990 (jmp dword [0x822670bc])
[SSDT:Inl(Hook.SSDT)] ZwCommitEnlistment[369] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b0d6 (jmp dword [0x822670b8])
[SSDT:Inl(Hook.SSDT)] ZwCommitComplete[370] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8812b3ae (jmp dword [0x822670b4])

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050DLE630 ATA Device +++++
--- User ---
[MBR] 8f870ec8d78b3e87a45e650b673723f8
[BSP] bb93f5d5ce2cb43236e47e5a773ed4a5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité