Adlice forum
Software feedback => RogueKiller => Topic started by: ROUGEXIII on October 26, 2014, 05:23:19 PM
-
Hi,
I need some help to make good decisions:
RogueKiller V10.0.3.0 [Oct 22 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Démarré en : Mode normal
Utilisateur : Nous [Administrateur]
Mode : Scan -- Date : 10/25/2014 19:32:24
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 17 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-1957994488-1425521274-682003330-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1957994488-1425521274-682003330-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A2E286A-785D-49A1-A636-8F7D7F1F4386} | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A2E286A-785D-49A1-A636-8F7D7F1F4386} | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0A2E286A-785D-49A1-A636-8F7D7F1F4386} | DhcpNameServer : 208.67.220.220 208.122.23.23 208.122.23.22 -> Trouvé(e)
[PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Trouvé(e)
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Trouvé(e)
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> Trouvé(e)
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\kbdclass.sys - IRP_MJ_READ[3] : C:\WINDOWS\system32\DRIVERS\ETD.sys @ 0xb8cc0232
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Reenumerate_DevNode : C:\WINDOWS\system32\SETUPAPI.dll @ 0x779526a5
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_DevNode_Status : C:\WINDOWS\system32\SETUPAPI.dll @ 0x778ec6eb
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_Parent : C:\WINDOWS\system32\SETUPAPI.dll @ 0x77957a5d
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Seri +++++
--- User ---
[MBR] 208f510a80af32364f8196da8cedcbea
[BSP] 0afb9cfab2278a3298fd112f205eb557 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 15629 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 32010240 | Size: 228568 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST9500325AS +++++
--- User ---
[MBR] 24060d8113abc9930276cd2d7ece5a9d
[BSP] 8507159843d684491861c95d35f79b6f : Linux|Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 15262 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 31260670 | Size: 461676 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_09172014_161943.log - RKreport_SCN_10252014_183030.log
THis computer is a laptop initially under windows 7 i formated and work now from 6 month under windows xp (yes yes...) So some driver were hard to find but all work now.
I added a samsung SSD.
I use zone alarm firewall (for blocing some unwanted outgoing traffic first)
I have truecrypt running.
First i wanted to know if rootkits warn are legit or false positive?
And second if in register execpt the 3 PUM.SecurityCenter (i disable by myself) i have to remove them?
Thank you for help,
(And sorry for my english!)
-
Hello
The rootkit section looks like false positives.
They will be added.
for the DNS, could you google the IPs to check if the country looks good to you? It should be in the same country as you.
-
Thanks for the answer.
I have configured my wifi repeater (router with DD-WRT) with the fastest DNS i found: 208.67.220.220 here in Montreal (Quebec, Canada).
It also seem to concorde?
And i forget to write sometime i use VirtualBox on the computer, dont know if it matters (but it creater new network connection)
Are the both PUP detection in register OK?
Malwarebyte found nothing.
-
PUPs can be removed indeed (Potentially Unwanted Software)