Author Topic: Anything to remove ? =D  (Read 7485 times)

0 Members and 1 Guest are viewing this topic.

May 21, 2015, 09:17:11 PM

FroxyFrog

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Anything to remove ? =D
« on: May 21, 2015, 09:17:11 PM »
please find below the scan,
I guess there is some bad things =p


RogueKiller V10.6.5.0 (x64) [May 20 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : Racol [Administrateur]
Démarré depuis : C:\Users\Racol\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 05/21/2015  21:08:38

¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path] OneDrive.exe(1092) -- C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7] -> Tué(e) [TermProc]

¤¤¤ Registre : 27 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) | (default) : {99FD978C-D287-4F50-827F-B2C658EDA8E7}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) | (default) : {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) | (default) : {920E6DB1-9907-4370-B3A0-BAFC03D81399}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) | (default) : {16F3DD56-1AF5-4347-846D-7C10C4192619}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) | (default) : {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}  -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}  -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7]
  • -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7]
  • -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=U280  -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=U280  -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer.msn.com  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCaptureContext : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64win.dll - sdwhwin32 : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64cpu.dll - CpuNotifyAffinityChange : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64.dll - Wow64KiUserCallbackDispatcher : Unknown @ 0x21400a6 (jmp 0xffffffa6)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 1b47b84dfcd1544f14e9c46766e8f635
[BSP] 6de6491fde3077606eff23d3bba2979a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33556480 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33761280 | Size: 460454 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Thank you in advance

Reply #1May 22, 2015, 02:50:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Anything to remove ? =D
« Reply #1 on: May 22, 2015, 02:50:00 PM »
Hi FroxyFrog,

Welcome to Adlice.com Forum.

These detections are false positives and will be fixed as soon as possible.
Thanks for bringing this to your attention.

Regards.