Publicité invisible sur mon bureau.
Fermé
lolcats
-
20 déc. 2014 à 04:54
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 21 déc. 2014 à 17:21
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 21 déc. 2014 à 17:21
A voir également:
- Publicité invisible sur mon bureau.
- Clé usb invisible - Guide
- Bureau virtuel windows 10 - Guide
- Youtube sans publicité - Accueil - Streaming
- Bug snap message invisible - Forum Snapchat
- Un bloqueur de publicité empêche la lecture. veuillez le désactiver pour démarrer la vidéo. ✓ - Forum Mozilla Firefox
8 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
20 déc. 2014 à 07:41
20 déc. 2014 à 07:41
Salut,
Commence par un nettoyage adwcleaner : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
--
Commence par un nettoyage adwcleaner : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
--
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
20 déc. 2014 à 16:36
20 déc. 2014 à 16:36
Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.
1: http://pjjoint.malekal.com/files.php?id=20141220_o13f11u9x14f11
2: http://pjjoint.malekal.com/files.php?id=20141220_q7k12q11f9m8
Voila les deux rapports.
PS: le mot de passe est banane1997, j'ai oublié de mettre les deux fichier public.
2: http://pjjoint.malekal.com/files.php?id=20141220_q7k12q11f9m8
Voila les deux rapports.
PS: le mot de passe est banane1997, j'ai oublié de mettre les deux fichier public.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
Modifié par Malekal_morte- le 20/12/2014 à 17:56
Modifié par Malekal_morte- le 20/12/2014 à 17:56
Panneau de configuration, puis programmes et fonctionnalités.
Désinstalle :
Allmyapps
Google Toolbar
McAfee Security Scan
Pokki (sauf si tu t'en sers)
Symantec Backup Online
Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Supprime :
Metacrawler
ytbclick B4
PDFssoftware
FileConverter
Protected2
WebexpEnhancedV1
VideoPlayerV3
Supprime Conduit du démarrage de Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
Apparemment tu as mis les DNS de LookSafe
c'est volontaire ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Désinstalle :
Allmyapps
Google Toolbar
McAfee Security Scan
Pokki (sauf si tu t'en sers)
Symantec Backup Online
Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Supprime :
Metacrawler
ytbclick B4
PDFssoftware
FileConverter
Protected2
WebexpEnhancedV1
VideoPlayerV3
Supprime Conduit du démarrage de Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
Apparemment tu as mis les DNS de LookSafe
c'est volontaire ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Toute les extensions de google chrome ont déjà été désinstaller, vue que je n'y vais plus depuis presque un ans. Au sinon je vois pas pour les DNS de LookSafe.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
21 déc. 2014 à 10:59
21 déc. 2014 à 10:59
Supprime les PUM.DNS avec RogueKiller : https://forum.malekal.com/viewtopic.php?t=48312&start=
Donne le rapport de suppression RogueKiller ici.
Donne le rapport de suppression RogueKiller ici.
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mab [Administrator]
Mode : Scan -- Date : 12/21/2014 09:43:36
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]
[Suspicious.Path] explorer.exe -- C:\Users\mab\AppData\Local\Pokki\ocdeskband_0.dll[7] -> Unloaded
¤¤¤ Registry : 28 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844} -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49611;https=127.0.0.1:49611 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49611;https=127.0.0.1:49611 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 5 ¤¤¤
[Suspicious.Path] \\{42C378BD-7825-4F6F-8FB7-27E3992A525D} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{4CD9DA0C-B466-4C3B-BFE1-9B51C6898F5F} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{B5E3DB57-6D40-4CAC-9BA8-8C1A50D63243} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{C9B6AC11-0B03-461D-81D7-C888711707EE} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \Hewlett-Packard\HP Assistant\HPSA Upgrade -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe -> Found
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path?Suspicious.Startup][File] PowerReg Scheduler V3.exe -- C:\Users\mab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Found
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 32 (Driver: Loaded) ¤¤¤
[IAT:Inl] (firefox.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (firefox.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (firefox.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (firefox.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (firefox.exe) xul.dll - NS_Alloc : C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll @ 0x74191310 (jmp dword near [0x575baa28])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (iexplore.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x719bc0d (jmp 0xffffffff919080d5|call 0x2ae6)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x719a776 (jmp 0xffffffff90a4e740)
[IAT:Inl] (iexplore.exe) ADVAPI32.dll - RegQueryValueExW : Unknown @ 0x719a43c (jmp 0xffffffff8ff15e0f)
[IAT:Inl] (iexplore.exe) USER32.dll - SetWindowPos : Unknown @ 0x719bc73 (jmp 0xffffffff90a602fd|call 0x2aea|jmp 0x25)
[IAT:Inl] (iexplore.exe) USER32.dll - ShowWindow : Unknown @ 0x719bc73 (jmp 0xffffffff90a58395|call 0x2aa5|jmp 0x25)
[IAT:Inl] (iexplore.exe) USER32.dll - SetForegroundWindow : Unknown @ 0x719bc73 (jmp 0xffffffff90a39fd6|call 0x2aea|jmp 0x25)
[IAT:Inl] (iexplore.exe) WINMM.dll - waveOutWrite : Unknown @ 0x7181d36 (jmp 0xffffffff9bc4580d|jmp 0xd6|call 0xfffffffffffe74a6)
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jv1a2r03.default : user_pref("browser.startup.homepage", "https://qc.yahoo.com/"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
--- User ---
[MBR] 490b9a3a93f8164dcf54723d0d60bc0f
[BSP] dccb89bf8cde556b78b350e7626a690c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941318 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928026112 | Size: 12449 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 6e2911192352a7235d55c067687ecfd7
[BSP] d3f8f9afcf191819644cd2cbfe1d271a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_12212014_094111.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mab [Administrator]
Mode : Scan -- Date : 12/21/2014 09:43:36
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]
[Suspicious.Path] explorer.exe -- C:\Users\mab\AppData\Local\Pokki\ocdeskband_0.dll[7] -> Unloaded
¤¤¤ Registry : 28 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844} -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\mab\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\mab\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater13.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49611;https=127.0.0.1:49611 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1418097088-3766512694-1387031347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49611;https=127.0.0.1:49611 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{769786CF-B2DC-4A61-B978-17D1C8638313} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3D11D2D-C446-4100-86B7-21C384753362} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E1519AC2-A856-4447-8D26-A3D9F26B6B08} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECAF2C1F-DFA6-4D7A-BE66-9446DD2AE141} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 5 ¤¤¤
[Suspicious.Path] \\{42C378BD-7825-4F6F-8FB7-27E3992A525D} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{4CD9DA0C-B466-4C3B-BFE1-9B51C6898F5F} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{B5E3DB57-6D40-4CAC-9BA8-8C1A50D63243} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \\{C9B6AC11-0B03-461D-81D7-C888711707EE} -- C:\Users\mab\Desktop\AgeOfConan.exe -> Found
[Suspicious.Path] \Hewlett-Packard\HP Assistant\HPSA Upgrade -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe -> Found
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path?Suspicious.Startup][File] PowerReg Scheduler V3.exe -- C:\Users\mab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Found
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 32 (Driver: Loaded) ¤¤¤
[IAT:Inl] (firefox.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (firefox.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (firefox.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (firefox.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (firefox.exe) xul.dll - NS_Alloc : C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll @ 0x74191310 (jmp dword near [0x575baa28])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (iexplore.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x719bc0d (jmp 0xffffffff919080d5|call 0x2ae6)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffffb264f (jmp dword near [0xfffb264f])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffffb2b68 (jmp dword near [0xfffb2b68])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffffb2859 (jmp dword near [0xfffb2859])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffffb245a (jmp dword near [0xfffb245a])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffffb2b31 (jmp dword near [0xfffb2b31])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffffb21ab (jmp dword near [0xfffb21ab])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffffb1890 (jmp dword near [0xfffb1890])
[IAT:Inl] (iexplore.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffffb261d (jmp dword near [0xfffb261d])
[IAT:Inl] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x719a776 (jmp 0xffffffff90a4e740)
[IAT:Inl] (iexplore.exe) ADVAPI32.dll - RegQueryValueExW : Unknown @ 0x719a43c (jmp 0xffffffff8ff15e0f)
[IAT:Inl] (iexplore.exe) USER32.dll - SetWindowPos : Unknown @ 0x719bc73 (jmp 0xffffffff90a602fd|call 0x2aea|jmp 0x25)
[IAT:Inl] (iexplore.exe) USER32.dll - ShowWindow : Unknown @ 0x719bc73 (jmp 0xffffffff90a58395|call 0x2aa5|jmp 0x25)
[IAT:Inl] (iexplore.exe) USER32.dll - SetForegroundWindow : Unknown @ 0x719bc73 (jmp 0xffffffff90a39fd6|call 0x2aea|jmp 0x25)
[IAT:Inl] (iexplore.exe) WINMM.dll - waveOutWrite : Unknown @ 0x7181d36 (jmp 0xffffffff9bc4580d|jmp 0xd6|call 0xfffffffffffe74a6)
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jv1a2r03.default : user_pref("browser.startup.homepage", "https://qc.yahoo.com/"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
--- User ---
[MBR] 490b9a3a93f8164dcf54723d0d60bc0f
[BSP] dccb89bf8cde556b78b350e7626a690c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941318 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928026112 | Size: 12449 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 6e2911192352a7235d55c067687ecfd7
[BSP] d3f8f9afcf191819644cd2cbfe1d271a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_12212014_094111.log
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
21 déc. 2014 à 17:21
21 déc. 2014 à 17:21
C'est un rapport de recherche, faut faire supprimer sur les PUM.DNS en les cochant dans l'onglet registre.
