rk-284.tmp.txt

Document joint : FEsoN7yQKNM_rk-284.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.2.1.0 [May 16 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Démarré en : Mode normal
Utilisateur : jmarie [Administrateur]
Démarré depuis : C:\Documents and Settings\jmarie\Bureau\RogueKiller.exe
Mode : Scan -- Date : 05/18/2016 16:15:59

¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path|VT.Unknown] dbghelp.dll(3328) -- C:\Documents and Settings\All Users\Application Data\{0AD3E795-7EF0-4177-8A06-05D4F8A4DEBB}\dbghelp.dll[x] -> Trouvé(e)

¤¤¤ Registre : 12 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Uniblue -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll) -> Trouvé(e)
[Suspicious.Path|VT.Unknown] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DNS7reminder : "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking12\Ereg.ini" [7][x][-] -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-21-3309714079-3231832298-1253283779-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http://127.0.0.1:8080 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=fr&pid=NIS&pvid=21.6.0.32 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=fr&pid=NIS&pvid=21.6.0.32 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=fr&pid=NIS&pvid=21.6.0.32 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3309714079-3231832298-1253283779-1008\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.orange.fr/portail -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=fr&pid=NIS&pvid=21.6.0.32 -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path|VT.PUA.Win32.UniBlue.UnSy] %WINDIR%\Tasks\RegistryBooster Startup.job -- C:\Documents and Settings\jmarie\Application Data\ZHP\Quarantine\Uniblue\RegistryBooster\registrybooster.exe -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 43 (Driver: Chargé) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwAlertResumeThread[12] : Unknown @ 0xffffffff87d68cf0
[SSDT:Addr(Hook.SSDT)] ZwAlertThread[13] : Unknown @ 0xffffffff87d68d88
[SSDT:Addr(Hook.SSDT)] ZwAllocateVirtualMemory[17] : Unknown @ 0xffffffff87d5aa18
[SSDT:Addr(Hook.SSDT)] ZwAssignProcessToJobObject[19] : Unknown @ 0xffffffff87d55d68
[SSDT:Addr(Hook.SSDT)] ZwConnectPort[31] : Unknown @ 0xffffffff887f3608
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[43] : Unknown @ 0xffffffff87d5ed18
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[52] : Unknown @ 0xffffffff87d55c18
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[53] : Unknown @ 0xffffffff87d39d60
[SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[57] : Unknown @ 0xffffffff87d54c00
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[68] : Unknown @ 0xffffffff87d5ab58
[SSDT:Addr(Hook.SSDT)] ZwFreeVirtualMemory[83] : Unknown @ 0xffffffff87d4bc90
[SSDT:Addr(Hook.SSDT)] ZwImpersonateAnonymousToken[89] : Unknown @ 0xffffffff87d68c00
[SSDT:Addr(Hook.SSDT)] ZwImpersonateThread[91] : Unknown @ 0xffffffff87d68c58
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[97] : Unknown @ 0xffffffff8a5b0250
[SSDT:Addr(Hook.SSDT)] unknown[108] : Unknown @ 0xffffffff87d48fb0
[SSDT:Addr(Hook.SSDT)] ZwOpenEvent[114] : Unknown @ 0xffffffff87d5ec80
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : Unknown @ 0xffffffff87d39cb8
[SSDT:Addr(Hook.SSDT)] ZwOpenProcessToken[123] : Unknown @ 0xffffffff87d5aac0
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[125] : Unknown @ 0xffffffff87d54d50
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : Unknown @ 0xffffffff87d39c10
[SSDT:Addr(Hook.SSDT)] ZwProtectVirtualMemory[137] : Unknown @ 0xffffffff87d55cc0
[SSDT:Addr(Hook.SSDT)] ZwQueueApcThread[180] : Unknown @ 0xffffffff87d42d58
[SSDT:Addr(Hook.SSDT)] ZwReadVirtualMemory[186] : Unknown @ 0xffffffff87d42cb0
[SSDT:Addr(Hook.SSDT)] ZwResumeThread[206] : Unknown @ 0xffffffff87d43e28
[SSDT:Addr(Hook.SSDT)] ZwSetContextThread[213] : Unknown @ 0xffffffff87d43fd0
[SSDT:Addr(Hook.SSDT)] ZwSetInformationProcess[228] : Unknown @ 0xffffffff87d48e90
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[240] : Unknown @ 0xffffffff87d54c98
[SSDT:Addr(Hook.SSDT)] ZwSuspendProcess[253] : Unknown @ 0xffffffff87d54dc8
[SSDT:Addr(Hook.SSDT)] ZwSuspendThread[254] : Unknown @ 0xffffffff87d43ec0
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[257] : Unknown @ 0xffffffff87d64a10
[SSDT:Addr(Hook.SSDT)] unknown[258] : Unknown @ 0xffffffff87d43f58
[SSDT:Addr(Hook.SSDT)] ZwUnmapViewOfSection[267] : Unknown @ 0xffffffff87d48f38
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[277] : Unknown @ 0xffffffff87d4bd38
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[307] : Unknown @ 0xffffffff87c49e10
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[383] : Unknown @ 0xffffffff87c49ef0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[414] : Unknown @ 0xffffffff87c49f60
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[416] : Unknown @ 0xffffffff87c49e80
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[428] : Unknown @ 0xffffffff87d5c9d8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[460] : Unknown @ 0xffffffff8a60c3c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[475] : Unknown @ 0xffffffff87d5ca20
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[476] : Unknown @ 0xffffffff87d4f998
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xffffffff8a688210
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xffffffff87c20a50

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP][CHROME:Addon] Default : Freemake Video Converter [jbolfgndggfhhpbnkgnpjkfhinclbigj] -> Trouvé(e)
[PUM.HomePage][FIREFX:Config] 5xmvgdgd.default : user_pref("browser.startup.homepage", "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST3160318AS +++++
--- User ---
[MBR] 7d7e3c87689721944a6f08108ebc5026
[BSP] 789c0b2c5c5e31a919e28920f5738698 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 136229 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 279019520 | Size: 16385 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Book 1230 USB Device +++++
--- User ---
[MBR] 91bd5ae25a00bc98695717aa0b17f2e8
[BSP] ccd98f140b32ddf5786963dbdeea8eed : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 9b6e62b343e303cac520e8432e8f0366
[BSP] a01e55968f2563079f33146e7be47fc3 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )

+++++ PhysicalDrive3: Canon MP640 series USB Device +++++
Error reading User MBR! ([15] Le périphérique n'est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )

Signaler le contenu de ce document