RogueKiller V12.0.3.0 [Mar 21 2016] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/logiciels/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : Enseignant [Administrateur] Démarré depuis : C:\Users\Enseignant\Downloads\RogueKiller.exe Mode : Scan -- Date : 03/27/2016 00:17:03 ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 8 ¤¤¤ [PUP] HKEY_LOCAL_MACHINE\Software\Iminent -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\Tarma Installer -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {84FF7BD6-B47F-46F8-9130-01B2696B36CB} : -> Trouvé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.cg94.fr -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F75B4328-D459-4522-B5B2-EF9D7F50784B} | DhcpNameServer : 127.0.1.1 ([ZZ]) -> Trouvé(e) [PUM.StartMenu] HKEY_USERS\S-1-5-21-878992117-3660847770-3827289412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 23 (Driver: Chargé) ¤¤¤ [SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff894d6644 [SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff894d6384 [SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffff894cfc84 [SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffff894b9a44 [SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff894d627c [SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff894d6444 [SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff894d6404 [SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffff894cf244 [SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff894d65c4 [SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff894d6504 [SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff894d623c [SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff894d63c4 [SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff894d8104 [SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff894d64c4 [SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff894d6584 [SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff894d6544 [SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff894d6344 [SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff894d6604 [SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff894d80c4 [SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff894d6684 [SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff894d6484 [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[584] : Unknown @ 0xffffffff88ff69fc [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0xffffffff85d7d5ec ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++ --- User --- [MBR] 59ef2623dc8823957980f981acdf1149 [BSP] 9d54dfa93a9b02028bcbfadd81b3a155 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 153000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 314165248 | Size: 151843 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++ --- User --- [MBR] 7a5f95cdc6348269c34acb06df57e0c3 [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8064 | Size: 3741 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive2: SanDisk Cruzer Switch USB Device +++++ --- User --- [MBR] 3b26f26b1c331b6c9d51d9561f42ccf8 [BSP] a0da84cbe5ee6475f329a5bbfc5cef17 : Empty|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive3: SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] ac063c93d9e72f178f5b33a03040233b [BSP] 443a6dd39f936041eeaaefba5a71d2d8 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7691 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive4: Lexar USB Flash Drive USB Device +++++ --- User --- [MBR] 6d7d2dedbb8e25076cc0a68e6e6745ce [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15275 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )