Show Posts
1
Malware removal help / Valeur de registre dans le rapport bizzare
« on: May 31, 2015, 06:34:37 PM »
Bonjour,
je suis un nouvel utilisateur et avant un scan avec d'autres logiciels me permettait de résoudre tous les problèmes. Aujourd'hui ce n'est plus le cas. Pouvez vous m'aider à analyser mon rapport:
RogueKiller V10.7.0.0 (x64) [May 25 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9600 ) 64 bits version
Démarré en : Mode sans échec prise en charge réseau
Utilisateur : frederic [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/31/2015 18:03:15
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 26 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupycegy (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\jnsmF541.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\himecyhy (C:\Users\frederic\AppData\Local\77DDE76E-1432162471-084F-9A48-FCB9C7CF8F91\cnsrBBA9.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mpmf (c:\windows\mpmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pmf (c:\windows\pmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rycimizu (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\hnsmD21.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xixisejy (C:\Users\frederic\AppData\Local\77DDE76E-1432162492-084F-9A48-FCB9C7CF8F91\snsnFDC1.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupycegy (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\jnsmF541.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\himecyhy (C:\Users\frederic\AppData\Local\77DDE76E-1432162471-084F-9A48-FCB9C7CF8F91\cnsrBBA9.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpmf (c:\windows\mpmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmf (c:\windows\pmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rycimizu (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\hnsmD21.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xixisejy (C:\Users\frederic\AppData\Local\77DDE76E-1432162492-084F-9A48-FCB9C7CF8F91\snsnFDC1.tmp) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-855355270-3162655943-4187006283-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-855355270-3162655943-4187006283-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{013B59AD-2B25-4CF5-AEA9-9AC22DFB42F7} | DhcpNameServer : 192.11.128.24 [X] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{013B59AD-2B25-4CF5-AEA9-9AC22DFB42F7} | DhcpNameServer : 192.11.128.24 [X] -> Trouvé(e)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\LolliScan\LolliScan64.dll
¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\frederic\AppData\Local\11127\Updater.exe -> Trouvé(e)
[Suspicious.Path] IMYLXWRL1.job -- C:\ProgramData\LolliScan\LolliScan.exe -> Trouvé(e)
[Suspicious.Path] Periodic Synchronize Task.job -- c:\programdata\{6c8c02f6-145b-35db-6c8c-c02f61450bd8}\hqghumeaylnlf.exe (--startup=1 --single) -> Trouvé(e)
[Suspicious.Path] Run_dregol.job -- C:\Users\frederic\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000035f]) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 7497ea8dccde0dd292cc82fdbe0bdcf8
[BSP] a55470cabae88b49c6a0d5b34defc51e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 459297 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 942338048 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 943259648 | Size: 350 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 943976448 | Size: 16014 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
Je vous remercie beaucoup ....
Pierikano
je suis un nouvel utilisateur et avant un scan avec d'autres logiciels me permettait de résoudre tous les problèmes. Aujourd'hui ce n'est plus le cas. Pouvez vous m'aider à analyser mon rapport:
RogueKiller V10.7.0.0 (x64) [May 25 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9600 ) 64 bits version
Démarré en : Mode sans échec prise en charge réseau
Utilisateur : frederic [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/31/2015 18:03:15
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 26 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupycegy (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\jnsmF541.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\himecyhy (C:\Users\frederic\AppData\Local\77DDE76E-1432162471-084F-9A48-FCB9C7CF8F91\cnsrBBA9.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mpmf (c:\windows\mpmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pmf (c:\windows\pmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rycimizu (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\hnsmD21.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xixisejy (C:\Users\frederic\AppData\Local\77DDE76E-1432162492-084F-9A48-FCB9C7CF8F91\snsnFDC1.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupycegy (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\jnsmF541.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\himecyhy (C:\Users\frederic\AppData\Local\77DDE76E-1432162471-084F-9A48-FCB9C7CF8F91\cnsrBBA9.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpmf (c:\windows\mpmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmf (c:\windows\pmf.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rycimizu (C:\Users\frederic\AppData\Roaming\77DDE76E-1432155069-084F-9A48-FCB9C7CF8F91\hnsmD21.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xixisejy (C:\Users\frederic\AppData\Local\77DDE76E-1432162492-084F-9A48-FCB9C7CF8F91\snsnFDC1.tmp) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-855355270-3162655943-4187006283-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-855355270-3162655943-4187006283-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{013B59AD-2B25-4CF5-AEA9-9AC22DFB42F7} | DhcpNameServer : 192.11.128.24 [X] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{013B59AD-2B25-4CF5-AEA9-9AC22DFB42F7} | DhcpNameServer : 192.11.128.24 [X] -> Trouvé(e)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\LolliScan\LolliScan64.dll
- -> Trouvé(e)
- -> Trouvé(e)
¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\frederic\AppData\Local\11127\Updater.exe -> Trouvé(e)
[Suspicious.Path] IMYLXWRL1.job -- C:\ProgramData\LolliScan\LolliScan.exe -> Trouvé(e)
[Suspicious.Path] Periodic Synchronize Task.job -- c:\programdata\{6c8c02f6-145b-35db-6c8c-c02f61450bd8}\hqghumeaylnlf.exe (--startup=1 --single) -> Trouvé(e)
[Suspicious.Path] Run_dregol.job -- C:\Users\frederic\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000035f]) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 7497ea8dccde0dd292cc82fdbe0bdcf8
[BSP] a55470cabae88b49c6a0d5b34defc51e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 459297 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 942338048 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 943259648 | Size: 350 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 943976448 | Size: 16014 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
Je vous remercie beaucoup ....
Pierikano
