Author Topic: clean or no clean  (Read 7717 times)

0 Members and 1 Guest are viewing this topic.

January 03, 2015, 01:07:43 PM

olivierdulac8

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
clean or no clean
« on: January 03, 2015, 01:07:43 PM »
my first scan with rogue killer ,I do not understand what I need to remove  :


REPORT

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en  : Mode normal
Utilisateur : RICHMAN [Administrateur]
Mode : Scan -- Date : 01/03/2015  12:26:43

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164-SSHD +++++
--- User ---
[MBR] 96280726cacbdcf5267e55459100d58e
[BSP] 59922cf62fe850b5b7612675560b3b9f : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK




and too   what is " the anti root kit " ? it s not possible to delete ( i send photo attachment )

Reply #1January 04, 2015, 01:21:25 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: clean or no clean
« Reply #1 on: January 04, 2015, 01:21:25 AM »
Hi olivierdulac8,

Do you live in the United States ?
I ask this because some DNS entries in your log are associated with "Eli Lilly and Company", which is dubious.

The AntiRootkit module detected some IRP hooks performed by the legitimate driver Wof.sys. That's totally harmless.
If you want more information about it, please read KernelMode rootkits: Part 2, IRP hooks.

Regards.

Reply #2January 04, 2015, 09:29:05 AM

olivierdulac8

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: clean or no clean
« Reply #2 on: January 04, 2015, 09:29:05 AM »
i live in france !  i understand now for the anti root kit , and when the board is in green it s ok !!!

and for the registre key i delete ???

thanks for your reply

long life to you  !!!

Reply #3January 04, 2015, 04:13:55 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: clean or no clean
« Reply #3 on: January 04, 2015, 04:13:55 PM »
Hi olivierdulac8,

This is a DNS hijacker.
Please follow the following process as closely as possible.

1. Router disinfection / securisation

There is a possibility your router to be compromised. Such malware scan the network to find routers with weak/default passwords or firmware vulnerabilities and change their DNS settings.
Please follow these instruction to hard reset your router and update it.

2. Please delete the following registry entries
Quote
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)

Eventually, I strongly advise you to change your passwords and be especially warry of unauthorized transactions if you use online banking since there is a probability your passwords may have been stolen.

Regards.