Show Posts
1
Malware removal help / Clean or not ?
« on: February 12, 2015, 12:09:24 AM »
Hello
I run roguekiller because I use an e-mail adress that was bound up with a swindle or perhaps a hoax.
Here is the result :
RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Démarré en : Mode normal
Utilisateur : Marie-Odile WEHR [Administrateur]
Mode : Scan -- Date : 02/11/2015 23:21:13
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 14 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update_m -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com?fr=hp-avast&type=avastbcl -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218 -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] At1.job -- C:\DOCUME~1\MARIE-~1\APPLIC~1\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 5 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d3bd59ee2ba822ece717e78e1bd64a69
[BSP] 6105758de88d9a88ac83843431866b77 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 73123 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
--- User ---
[MBR] b5d56f71f1ac97b6853d4bf94e634385
[BSP] fee7ce7632923c582bd514d48ff7a213 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 476937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive2: USB Device +++++
--- User ---
[MBR] 04e056a8f241b64471a9f748c562f0a4
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15199 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
Can I remove all that things whitout danger for my comouter ?
Thanks for your reply
Best regards
MArie-Odile
I run roguekiller because I use an e-mail adress that was bound up with a swindle or perhaps a hoax.
Here is the result :
RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Démarré en : Mode normal
Utilisateur : Marie-Odile WEHR [Administrateur]
Mode : Scan -- Date : 02/11/2015 23:21:13
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 14 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update_m -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com?fr=hp-avast&type=avastbcl -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218 -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] At1.job -- C:\DOCUME~1\MARIE-~1\APPLIC~1\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 5 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d3bd59ee2ba822ece717e78e1bd64a69
[BSP] 6105758de88d9a88ac83843431866b77 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 73123 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
--- User ---
[MBR] b5d56f71f1ac97b6853d4bf94e634385
[BSP] fee7ce7632923c582bd514d48ff7a213 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 476937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
+++++ PhysicalDrive2: USB Device +++++
--- User ---
[MBR] 04e056a8f241b64471a9f748c562f0a4
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15199 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
Can I remove all that things whitout danger for my comouter ?
Thanks for your reply
Best regards
MArie-Odile
