« previous next »
Pages: [1]

Author Topic: Should I remove yellow elements??  (Read 5149 times)

0 Members and 1 Guest are viewing this topic.

December 23, 2014, 10:34:28 PM

laetitia28

  • Newbie
  • Offline
  • *
  • 1
  • Reputation:
    0
    • View Profile
Should I remove yellow elements??
« on: December 23, 2014, 10:34:28 PM »
Hello,

I recently download RogueKiller because I had malware. After first scan, several elements are highlighted in yellow (the other in green). I don't if i should remove them.

This is the report:

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : audrey [Administrateur]
Mode : Scan -- Date : 12/23/2014  20:45:11

¤¤¤ Processus : 2 ¤¤¤
[Proc.Injected] mdhpSUN.exe -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[7] -> Tué(e) [TermProc]
[PUP] (SVC) 70e6ca8c -- "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT[7] -> Arrêté(e)

¤¤¤ Registre : 12 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Magic Desktop for HP notification : "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"  -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-661059931-1730894516-1316652820-1000\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe  -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-661059931-1730894516-1316652820-1000\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe  -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\70e6ca8c ("C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\70e6ca8c ("C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\70e6ca8c ("C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-661059931-1730894516-1316652820-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-661059931-1730894516-1316652820-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 30 (Driver: Chargé) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77b0010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77b0010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x77b0010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x77b0010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77b0010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b0010a (jmp 0x15ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x77b0010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x77b0010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x77b0010a (jmp 0x15dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x77b0010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x77b0010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x77b0010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x77b0010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77b0010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x77b0010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x77b0010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77b0010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x77b0010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x77b0010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x77b0010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x77b0010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x77b0010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x77b0010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x77b0010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x77b0010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b0010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77b0010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x77b0010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x77b0010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x77b0010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 7727db511e3d63a389677bb777be6ef6
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 698255 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1430435840 | Size: 16846 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c6d5d410a5bd6c463e878e3102505343
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

Logged
Reply #1December 23, 2014, 11:08:58 PM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Should I remove yellow elements??
« Reply #1 on: December 23, 2014, 11:08:58 PM »
Hello
Yes remove optimizer pro.
For antirootkit entries, that's something we need to fix, don't mind it.
Logged
Reply #2December 23, 2014, 11:09:25 PM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Should I remove yellow elements??
« Reply #2 on: December 23, 2014, 11:09:25 PM »
What's your antivirus?
Logged
Pages: [1]
« previous next »