Author Topic: Help would be very welcome! :) (Read 5686 times)

french.mademoiselle · « **on:** July 29, 2014, 06:59:17 PM »

Dear All,

Thanks first of all for developing some useful softwares to help us manage the delights of internet!

Please see below my report. 4 horrible threats were also deleted in the pre-scan, then computer turned itself off and I ran the pre-scan again, then the scan as advised. In all honestly I looked at the tutorial for the 'hooks things' and I am still quite lost.

1st question: is this report bad? (I know...very subjective answer expected!

)

2nd question: if I go back to my factory settings (i.e reboot? 'formater' in French) my computer, would all these annoying 'hooks' and other threats disappear? (sounds easier than following the tutorial for me! nothing personal obviously!

)

Thanks for your help: very much appreciated!
French.Mademoiselle

-----
RogueKiller V9.2.4.0 [Jul 11 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarrage : Mode normal
Mode : Suppression -- Date : 07/28/2014 20:03:34

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrées de registre : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3490418461-1578637100-633520370-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3490418461-1578637100-633520370-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 18 (Driver: CHARGE) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x84a32140
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x902c8fbe
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x84a22468
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x902c8fc8
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x902c8fc3
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x902c8fcd
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x902c8fd2
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x902c8f5f
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x861cf258
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x860ad680
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x861d4be8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x84c52f00
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x861d8b18
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x8525b528
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x85eb88e8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x861e2218
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x902c8fe6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x902c8feb

¤¤¤ Navigateurs web : 1 ¤¤¤
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> SUPPRIMÉ

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BPVT-80JJ5T0 SATA Disk Device +++++
--- User ---
[MBR] 59ecd8ec868bc12d9b60bdd3bebbe48f
[BSP] 769283575df231695b5f64afe0a684bf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102400 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 209717248 | Size: 15360 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 241174528 | Size: 187467 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 625106944 | Size: 16 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_07282014_200001.log

french.mademoiselle · « **Reply #1 on:** July 29, 2014, 11:38:53 PM »

Is it that bad? Oh dear....

Tigzy · « **Reply #2 on:** July 30, 2014, 06:50:19 AM »

Hello

1/ Not bad, hooks are shown unknown module. That's very frequent.
2/ No, they are often set by antivirus products

Author Topic: Help would be very welcome! :) (Read 5686 times)

french.mademoiselle

Help would be very welcome! :)

french.mademoiselle

Re: Help would be very welcome! :)

Tigzy

Re: Help would be very welcome! :)