Rapport RogueKiller
GiGi-58
-
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
Suite à lenteur et erreurs sur mon portable et après divers passages de Malwarebytes et AdwCleaner qui ont fait du nettoyage, j'ai installé RogueKiller car des problèmes persistent.
Pourriez-vous m'aider à finaliser cette infection ? Merci.
Voici le rapport
RogueKiller V10.0.5.0 (x64) [Nov 11 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : anabel [Administrateur]
Mode : Scan -- Date : 11/12/2014 10:10:22
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 173.242.117.146:8080 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 173.242.117.146:8080 -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 50 (Driver: Chargé) ¤¤¤
[IAT:Inl] (***@***) ntdll.dll - NtCreateSection : Unknown @ 0x2f0310 (jmp 0xffffffff88cbebc0)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateThread : Unknown @ 0x2f03f0 (jmp 0xffffffff88cbec10)
[IAT:Inl] (***@***) ntdll.dll - NtQueryObject : Unknown @ 0x2f0450 (jmp 0xffffffff88cbf0a0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenProcess : Unknown @ 0x2f0370 (jmp 0xffffffff88cbee60)
[IAT:Inl] (***@***) ntdll.dll - NtOpenThread : Unknown @ 0x2f0380 (jmp 0xffffffff88cbe0c0)
[IAT:Inl] (***@***) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x2f03b0 (jmp 0xffffffff88cbed60)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
[IAT:Inl] (***@***) ntdll.dll - NtCreateThreadEx : Unknown @ 0x2f03d0 (jmp 0xffffffff88cbe6a0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateThread : Unknown @ 0x2f03c0 (jmp 0xffffffff88cbec30)
[IAT:Inl] (***@***) ntdll.dll - NtSuspendThread : Unknown @ 0x2f0430 (jmp 0xffffffff88cbd9a0)
[IAT:Inl] (***@***) ntdll.dll - NtSetContextThread : Unknown @ 0x2f0400 (jmp 0xffffffff88cbdc20)
[IAT:Inl] (***@***) ntdll.dll - NtSetBootOptions : Unknown @ 0x2f0270 (jmp 0xffffffff88cbdaa0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenTimer : Unknown @ 0x2f0340 (jmp 0xffffffff88cbe070)
[IAT:Inl] (***@***) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x2f04a0 (jmp 0xffffffff88cbe300)
[IAT:Inl] (***@***) ntdll.dll - NtSuspendProcess : Unknown @ 0x2f0420 (jmp 0xffffffff88cbd9a0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateTimer : Unknown @ 0x2f0330 (jmp 0xffffffff88cbe5f0)
[IAT:Inl] (***@***) ntdll.dll - NtSetSystemInformation : Unknown @ 0x2f01f0 (jmp 0xffffffff88cbd850)
[IAT:Inl] (***@***) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x2f0350 (jmp 0xffffffff88cbe730)
[IAT:Inl] (***@***) ntdll.dll - NtModifyBootEntry : Unknown @ 0x2f0250 (jmp 0xffffffff88cbe0f0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenMutant : Unknown @ 0x2f02a0 (jmp 0xffffffff88cbe060)
[IAT:Inl] (***@***) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x2f0210 (jmp 0xffffffff88cbd860)
[IAT:Inl] (***@***) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x2f0470 (jmp 0xffffffff88cbef10)
[IAT:Inl] (***@***) ntdll.dll - NtShutdownSystem : Unknown @ 0x2f0200 (jmp 0xffffffff88cbd7e0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x2f0360 (jmp 0xffffffff88cbe180)
[IAT:Inl] (***@***) ntdll.dll - NtAddBootEntry : Unknown @ 0x2f0230 (jmp 0xffffffff88cbe8f0)
[IAT:Inl] (***@***) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x2f0460 (jmp 0xffffffff88cbf100)
[IAT:Inl] (***@***) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x2f0240 (jmp 0xffffffff88cbe460)
[IAT:Inl] (***@***) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x2f0260 (jmp 0xffffffff88cbdaa0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenSection : Unknown @ 0x2f0320 (jmp 0xffffffff88cbed00)
[IAT:Inl] (***@***) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x2f0410 (jmp 0xffffffff88cbe660)
[IAT:Inl] (***@***) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x2f03a0 (jmp 0xffffffff88cbe870)
[IAT:Inl] (***@***) ntdll.dll - NtOpenEvent : Unknown @ 0x2f02e0 (jmp 0xffffffff88cbec30)
[IAT:Inl] (***@***) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x2f0480 (jmp 0xffffffff88cbe980)
[IAT:Inl] (***@***) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x2f0490 (jmp 0xffffffff88cbe300)
[IAT:Inl] (***@***) ntdll.dll - NtOpenEventPair : Unknown @ 0x2f0300 (jmp 0xffffffff88cbe130)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEvent : Unknown @ 0x2f02d0 (jmp 0xffffffff88cbeba0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateSemaphore : Unknown @ 0x2f02b0 (jmp 0xffffffff88cbe5a0)
[IAT:Inl] (***@***) ntdll.dll - NtSystemDebugControl : Unknown @ 0x2f0220 (jmp 0xffffffff88cbd780)
[IAT:Inl] (***@***) ntdll.dll - NtCreateMutant : Unknown @ 0x2f0290 (jmp 0xffffffff88cbe610)
[IAT:Inl] (***@***) ntdll.dll - NtLoadDriver : Unknown @ 0x2f01e0 (jmp 0xffffffff88cbe140)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEventPair : Unknown @ 0x2f02f0 (jmp 0xffffffff88cbe6e0)
[IAT:Inl] (***@***) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x2f0440 (jmp 0xffffffff88cbde80)
[IAT:Inl] (***@***) ntdll.dll - NtDuplicateObject : Unknown @ 0x2f0390 (jmp 0xffffffff88cbed20)
[IAT:Inl] (***@***) ntdll.dll - NtOpenSemaphore : Unknown @ 0x2f02c0 (jmp 0xffffffff88cbe030)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
[IAT:Inl] (***@***) ntdll.dll - NtCreateSection : Unknown @ 0x2f0310 (jmp 0xffffffff88cbebc0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEvent : Unknown @ 0x2f02d0 (jmp 0xffffffff88cbeba0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenProcess : Unknown @ 0x2f0370 (jmp 0xffffffff88cbee60)
[IAT:Inl] (***@***) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x2f03b0 (jmp 0xffffffff88cbed60)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 177d7b560f6abc49ce92a2702bfa4364
[BSP] 3a5cce7c31fea63accac8ec4168eea72 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 286415 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 586987520 | Size: 18526 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11042014_134922.log
Suite à lenteur et erreurs sur mon portable et après divers passages de Malwarebytes et AdwCleaner qui ont fait du nettoyage, j'ai installé RogueKiller car des problèmes persistent.
Pourriez-vous m'aider à finaliser cette infection ? Merci.
Voici le rapport
RogueKiller V10.0.5.0 (x64) [Nov 11 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : anabel [Administrateur]
Mode : Scan -- Date : 11/12/2014 10:10:22
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RunSwUSB (C:\Windows\runSW.exe) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 173.242.117.146:8080 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 173.242.117.146:8080 -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-732437088-3997486191-1478223944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 50 (Driver: Chargé) ¤¤¤
[IAT:Inl] (***@***) ntdll.dll - NtCreateSection : Unknown @ 0x2f0310 (jmp 0xffffffff88cbebc0)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateThread : Unknown @ 0x2f03f0 (jmp 0xffffffff88cbec10)
[IAT:Inl] (***@***) ntdll.dll - NtQueryObject : Unknown @ 0x2f0450 (jmp 0xffffffff88cbf0a0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenProcess : Unknown @ 0x2f0370 (jmp 0xffffffff88cbee60)
[IAT:Inl] (***@***) ntdll.dll - NtOpenThread : Unknown @ 0x2f0380 (jmp 0xffffffff88cbe0c0)
[IAT:Inl] (***@***) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x2f03b0 (jmp 0xffffffff88cbed60)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
[IAT:Inl] (***@***) ntdll.dll - NtCreateThreadEx : Unknown @ 0x2f03d0 (jmp 0xffffffff88cbe6a0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateThread : Unknown @ 0x2f03c0 (jmp 0xffffffff88cbec30)
[IAT:Inl] (***@***) ntdll.dll - NtSuspendThread : Unknown @ 0x2f0430 (jmp 0xffffffff88cbd9a0)
[IAT:Inl] (***@***) ntdll.dll - NtSetContextThread : Unknown @ 0x2f0400 (jmp 0xffffffff88cbdc20)
[IAT:Inl] (***@***) ntdll.dll - NtSetBootOptions : Unknown @ 0x2f0270 (jmp 0xffffffff88cbdaa0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenTimer : Unknown @ 0x2f0340 (jmp 0xffffffff88cbe070)
[IAT:Inl] (***@***) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x2f04a0 (jmp 0xffffffff88cbe300)
[IAT:Inl] (***@***) ntdll.dll - NtSuspendProcess : Unknown @ 0x2f0420 (jmp 0xffffffff88cbd9a0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateTimer : Unknown @ 0x2f0330 (jmp 0xffffffff88cbe5f0)
[IAT:Inl] (***@***) ntdll.dll - NtSetSystemInformation : Unknown @ 0x2f01f0 (jmp 0xffffffff88cbd850)
[IAT:Inl] (***@***) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x2f0350 (jmp 0xffffffff88cbe730)
[IAT:Inl] (***@***) ntdll.dll - NtModifyBootEntry : Unknown @ 0x2f0250 (jmp 0xffffffff88cbe0f0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenMutant : Unknown @ 0x2f02a0 (jmp 0xffffffff88cbe060)
[IAT:Inl] (***@***) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x2f0210 (jmp 0xffffffff88cbd860)
[IAT:Inl] (***@***) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x2f0470 (jmp 0xffffffff88cbef10)
[IAT:Inl] (***@***) ntdll.dll - NtShutdownSystem : Unknown @ 0x2f0200 (jmp 0xffffffff88cbd7e0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x2f0360 (jmp 0xffffffff88cbe180)
[IAT:Inl] (***@***) ntdll.dll - NtAddBootEntry : Unknown @ 0x2f0230 (jmp 0xffffffff88cbe8f0)
[IAT:Inl] (***@***) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x2f0460 (jmp 0xffffffff88cbf100)
[IAT:Inl] (***@***) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x2f0240 (jmp 0xffffffff88cbe460)
[IAT:Inl] (***@***) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x2f0260 (jmp 0xffffffff88cbdaa0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenSection : Unknown @ 0x2f0320 (jmp 0xffffffff88cbed00)
[IAT:Inl] (***@***) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x2f0410 (jmp 0xffffffff88cbe660)
[IAT:Inl] (***@***) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x2f03a0 (jmp 0xffffffff88cbe870)
[IAT:Inl] (***@***) ntdll.dll - NtOpenEvent : Unknown @ 0x2f02e0 (jmp 0xffffffff88cbec30)
[IAT:Inl] (***@***) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x2f0480 (jmp 0xffffffff88cbe980)
[IAT:Inl] (***@***) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x2f0490 (jmp 0xffffffff88cbe300)
[IAT:Inl] (***@***) ntdll.dll - NtOpenEventPair : Unknown @ 0x2f0300 (jmp 0xffffffff88cbe130)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEvent : Unknown @ 0x2f02d0 (jmp 0xffffffff88cbeba0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateSemaphore : Unknown @ 0x2f02b0 (jmp 0xffffffff88cbe5a0)
[IAT:Inl] (***@***) ntdll.dll - NtSystemDebugControl : Unknown @ 0x2f0220 (jmp 0xffffffff88cbd780)
[IAT:Inl] (***@***) ntdll.dll - NtCreateMutant : Unknown @ 0x2f0290 (jmp 0xffffffff88cbe610)
[IAT:Inl] (***@***) ntdll.dll - NtLoadDriver : Unknown @ 0x2f01e0 (jmp 0xffffffff88cbe140)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEventPair : Unknown @ 0x2f02f0 (jmp 0xffffffff88cbe6e0)
[IAT:Inl] (***@***) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x2f0440 (jmp 0xffffffff88cbde80)
[IAT:Inl] (***@***) ntdll.dll - NtDuplicateObject : Unknown @ 0x2f0390 (jmp 0xffffffff88cbed20)
[IAT:Inl] (***@***) ntdll.dll - NtOpenSemaphore : Unknown @ 0x2f02c0 (jmp 0xffffffff88cbe030)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
[IAT:Inl] (***@***) ntdll.dll - NtCreateSection : Unknown @ 0x2f0310 (jmp 0xffffffff88cbebc0)
[IAT:Inl] (***@***) ntdll.dll - NtCreateEvent : Unknown @ 0x2f02d0 (jmp 0xffffffff88cbeba0)
[IAT:Inl] (***@***) ntdll.dll - NtOpenProcess : Unknown @ 0x2f0370 (jmp 0xffffffff88cbee60)
[IAT:Inl] (***@***) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x2f03b0 (jmp 0xffffffff88cbed60)
[IAT:Inl] (***@***) ntdll.dll - NtTerminateProcess : Unknown @ 0x2f03e0 (jmp 0xffffffff88cbee70)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 177d7b560f6abc49ce92a2702bfa4364
[BSP] 3a5cce7c31fea63accac8ec4168eea72 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 286415 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 586987520 | Size: 18526 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11042014_134922.log
A voir également:
- Rapport RogueKiller
- Roguekiller - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport erreur windows - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Thème rapport de stage comptabilité - Forum Word
3 réponses
Salut,
Pas l'air infecté :
Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.
Pas l'air infecté :
Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.