cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V12.0.3.0 [Mar 21 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : Enseignant [Administrateur]
Démarré depuis : C:\Users\Enseignant\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/27/2016 00:17:03

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 8 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Iminent -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Tarma Installer -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {84FF7BD6-B47F-46F8-9130-01B2696B36CB} : -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.cg94.fr -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 23 (Driver: Chargé) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff894d6644
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff894d6384
[SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffff894cfc84
[SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffff894b9a44
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff894d627c
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff894d6444
[SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff894d6404
[SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffff894cf244
[SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff894d65c4
[SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff894d6504
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff894d623c
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff894d63c4
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff894d8104
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff894d64c4
[SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff894d6584
[SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff894d6544
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff894d6344
[SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff894d6604
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff894d80c4
[SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff894d6684
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff894d6484
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[584] : Unknown @ 0xffffffff88ff69fc
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0xffffffff85d7d5ec

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++
--- User ---
[MBR] 59ef2623dc8823957980f981acdf1149
[BSP] 9d54dfa93a9b02028bcbfadd81b3a155 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 153000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 314165248 | Size: 151843 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 7a5f95cdc6348269c34acb06df57e0c3
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8064 | Size: 3741 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 3b26f26b1c331b6c9d51d9561f42ccf8
[BSP] a0da84cbe5ee6475f329a5bbfc5cef17 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] ac063c93d9e72f178f5b33a03040233b
[BSP] 443a6dd39f936041eeaaefba5a71d2d8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7691 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 6d7d2dedbb8e25076cc0a68e6e6745ce
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15275 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Publicité

Signaler le contenu de ce document

Publicité