cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.9.1.0 [Jan 2 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : greg [Administrator]
Started from : C:\Users\Greg_2\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/02/2017 23:29:17 (Duration : 08:13:53)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] spoolsv.exe(1472) -- C:\Windows\System32\spoolsv.exe[7] -> Found

¤¤¤ Registry : 8 ¤¤¤
[VT.Unknown] HKEY_USERS\S-1-5-21-3511603995-3759102385-647382594-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : \AdwCleaner\AdwCleaner[C0].txt [-] -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3511603995-3759102385-647382594-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3511603995-3759102385-647382594-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{D52F811E-11B0-41D3-95C9-129B336F46DE}C:\program files\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9F68E998-6417-40C1-B408-9FDF051D3F15}C:\program files\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{D52F811E-11B0-41D3-95C9-129B336F46DE}C:\program files\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9F68E998-6417-40C1-B408-9FDF051D3F15}C:\program files\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3511603995-3759102385-647382594-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 21 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwCreateSection[84] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec75874
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwCreateThread[87] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec759fa
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwCreateThreadEx[88] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec75a88
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwMakeTemporaryObject[164] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec757ea
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwQueueApcThread[269] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec75b1a
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwQueueApcThreadEx[270] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec75baa
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwSetContextThread[316] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec75c3a
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwSetSystemInformation[350] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec71af4
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwSetSystemTime[352] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec71caa
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwTerminateProcess[370] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec71d38
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwUnmapViewOfSection[385] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec7575c
[SSDT:Addr(Suspicious.Path|Hook.SSDT)] ZwWriteVirtualMemory[399] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec738f6
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserCallTwoParam[335] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec7470a
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserMessageCall[490] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec7149e
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserPostMessage[508] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec71368
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserPostThreadMessage[509] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec70aa4
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserQueryWindow[515] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec708a4
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserSendInput[536] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec746b4
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserSetParent[560] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec71440
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserSetWindowLong[578] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec713cc
[ShwSSDT:Addr(Suspicious.Path|Hook.Shadow)] NtUserSwitchDesktop[594] : C:\Users\greg\AppData\Local\Temp\36B259FD-E6FB684E-5A84F91F-91DDE21E\166332144.sys @ 0xffffffffaec70572

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] f256aa256c1dca350f5d0cde6b1352ce
[BSP] 0fccb63e033589657bff94dacfa2ed28 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102400 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209717248 | Size: 125816 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 467388416 | Size: 10240 MB
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 488359936 | Size: 15 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Single Flash Reader USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Publicité

Signaler le contenu de ce document

Publicité