Author Topic: scan results..what i do now?  (Read 6081 times)

0 Members and 1 Guest are viewing this topic.

May 08, 2014, 08:33:14 PM

claireol

  • Guest
scan results..what i do now?
« on: May 08, 2014, 08:33:14 PM »
What I do now?  ???

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Carolina [Admin rights]
Mode : Scan -- Date : 05/08/2014 15:30:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (187.11.112.129:6515 [Country: BRAZIL (BR), City: Rio De Janeiro]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{B3C5FEAC-606F-4B4C-A74D-A7A12E1B2450} : NameServer (200.148.232.1 [BRAZIL (BR)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{B3C5FEAC-606F-4B4C-A74D-A7A12E1B2450} : NameServer (200.148.232.1 [BRAZIL (BR)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{B3C5FEAC-606F-4B4C-A74D-A7A12E1B2450} : NameServer (200.148.232.1 [BRAZIL (BR)]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] FoxTab.job : C:\Users\Carolina\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE - /Check [ x ] -> FOUND
[V2][SUSP PATH] 060184C3-9766-46a0-B258-F4518A0B2633 : C:\Windows\system32\CScript.exe - "C:\ProgramData\Baidu Security\Duplicaterecord.js" [7][-] -> FOUND
[V2][SUSP PATH] FoxTab : C:\Users\Carolina\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE - /Check [ x ] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A68F64)
[Address] EAT @explorer.exe (DllGetClassObject) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A69020)
[Address] EAT @explorer.exe (FastMimeGetFileExtension) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A4B784)
[Address] EAT @explorer.exe (FastMimeGetIsMimeFilterEnabled) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A45B60)
[Address] EAT @explorer.exe (FastMimeLookupKnownType) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A45AA8)
[Address] EAT @explorer.exe (FastMimeSetIsMimeFilterEnabled) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A46014)
[Address] EAT @explorer.exe (IEGetFrameUtilExports) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A68E00)
[Address] EAT @explorer.exe (IEGetProcessModule) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A68DE0)
[Address] EAT @explorer.exe (IEGetTabWindowExports) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A68DF0)
[Address] EAT @explorer.exe (IERT_DelayLoadFailureHook) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A691E0)
[Address] EAT @explorer.exe (ImpersonateUser) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A70CB4)
[Address] EAT @explorer.exe (LCIECalculatePackedStringSize) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A5B5A0)
[Address] EAT @explorer.exe (LCIEPackString) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A5B680)
[Address] EAT @explorer.exe (LCIEUnpackString) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A5B510)
[Address] EAT @explorer.exe (ResetIEExtensibility) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A71D0C)
[Address] EAT @explorer.exe (ResetIERegistrySettings) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A71AFC)
[Address] EAT @explorer.exe (RevertImpersonate) : urlmon.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x76A70D34)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500420AS +++++
--- User ---
[MBR] fe0c327e799fbd6f0a399ef6f2740c27
[BSP] 5c7fbf9853e80d7afedfca6ed7bb06ce : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 156 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 327680 | Size: 12440 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25804800 | Size: 464336 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05082014_153007.txt >>
RKreport[0]_S_05082014_151026.txt;RKreport[0]_S_05082014_151858.txt;RKreport[0]_S_05082014_152234.txt
« Last Edit: May 09, 2014, 08:48:57 AM by Tigzy »

Reply #1May 09, 2014, 08:49:36 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: scan results..what i do now?
« Reply #1 on: May 09, 2014, 08:49:36 AM »
Hello
If you are in Brazil, you can remove everything except the DNS.