API tools faq
paste
SofianeLasri

RogueKiller

SofianeLasri
Oct 22nd, 2015
445
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.15 KB | None | 0 0
raw download clone embed print report
  1. RogueKiller V10.10.1.0 [Aug 17 2015] par Adlice Software
  2. email : http://www.adlice.com/contact/
  3. Remontées : http://forum.adlice.com
  4. Site web : http://www.adlice.com/fr/logiciels/roguekiller/
  5. Blog : http://www.adlice.com
  6.  
  7. Système d'exploitation : Windows 10 (10.0.10240) 32 bits version
  8. Démarré en : Mode normal
  9. Utilisateur : sofiane [Administrateur]
  10. Démarré depuis : I:\RogueKiller.exe
  11. Mode : Suppression -- Date : 10/22/2015 13:45:39
  12.  
  13. ¤¤¤ Processus : 0 ¤¤¤
  14.  
  15. ¤¤¤ Registre : 5 ¤¤¤
  16. [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> ERROR [2]
  17. [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | TosVolRegulator : C:\Windows\TosVolRegulator.exe [7] -> ERROR [0]
  18. [PUM.HomePage] HKEY_USERS\S-1-5-21-2064816246-1144685700-3444163818-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
  19. [PUM.SearchPage] HKEY_USERS\S-1-5-21-2064816246-1144685700-3444163818-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Remplacé(e) (http://search.msn.com/spbasic.htm)
  20. [PUM.StartMenu] HKEY_USERS\S-1-5-21-2064816246-1144685700-3444163818-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Remplacé(e) (1)
  21.  
  22. ¤¤¤ Tâches : 3 ¤¤¤
  23. [Suspicious.Path] %WINDIR%\Tasks\ToolMaker.job -- c:\programdata\{76a66823-8392-7e66-76a6-66823839a08e}\5959190735731141875b.exe (--startup=1 --single) -> ERROR [0]
  24. [Suspicious.Path] \ToolMaker -- c:\programdata\{76a66823-8392-7e66-76a6-66823839a08e}\5959190735731141875b.exe (--startup=1 --single) -> Supprimé(e)
  25. [Suspicious.Path] \Microsoft\Windows\orangeinside -- C:\Users\Admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe -> Supprimé(e)
  26.  
  27. ¤¤¤ Fichiers : 0 ¤¤¤
  28.  
  29. ¤¤¤ Fichier Hosts : 0 ¤¤¤
  30.  
  31. ¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
  32. [IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHAddToRecentDocs : C:\WINDOWS\system32\windows.storage.dll @ 0x74c494b0 (jmp dword [0x75884fb8])
  33. [IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\system32\windows.storage.dll @ 0x74d20f40 (jmp dword [0x75885030])
  34. [IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\system32\windows.storage.dll @ 0x74d1d920 (jmp dword [0x7588502c])
  35. [IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetFolderPathEx : C:\WINDOWS\system32\windows.storage.dll @ 0x74cde7a0 (jmp dword [0x75885024])
  36.  
  37. ¤¤¤ Navigateurs web : 0 ¤¤¤
  38.  
  39. ¤¤¤ Vérification MBR : ¤¤¤
  40. +++++ PhysicalDrive0: +++++
  41. --- User ---
  42. [MBR] 8f9f33397a7759163447eafc9a57bbe6
  43. [BSP] 04de73fb5b0611c68c281a5194b83770 : Windows Vista/7/8 MBR Code
  44. Partition table:
  45. 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  46. 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  47. 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 101480448 | Size: 450 MB
  48. 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102402048 | Size: 140780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  49. User = LL1 ... OK
  50. User = LL2 ... OK
  51.  
  52. +++++ PhysicalDrive1: +++++
  53. --- User ---
  54. [MBR] 170c4bf6f50b3c2a2000f3200f8bfb1f
  55. [BSP] df5b3ca87cb7abf3ed1be0b82d76f43d : HP MBR Code
  56. Partition table:
  57. 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  58. User = LL1 ... OK
  59. Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
  60.  
  61. +++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++
  62. --- User ---
  63. [MBR] ee28ad222bb5eeee20138e04dded8f0b
  64. [BSP] ef3177ea6997481f5647d45aa222b26f : Unknown MBR Code
  65. Partition table:
  66. 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7450 MB
  67. User = LL1 ... OK
  68. Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!