Author Topic: Clean or not ?  (Read 5858 times)

0 Members and 1 Guest are viewing this topic.

February 12, 2015, 12:09:24 AM

Marie-Odile

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Clean or not ?
« on: February 12, 2015, 12:09:24 AM »
Hello

I run roguekiller because I use an e-mail adress that was bound up with a swindle or perhaps a hoax.

Here is the result :

RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Démarré en  : Mode normal
Utilisateur : Marie-Odile WEHR [Administrateur]
Mode : Scan -- Date : 02/11/2015  23:21:13

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 14 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update_m -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com?fr=hp-avast&type=avastbcl  -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218  -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061218  -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}  -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}  -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3709931237-363415052-3244381213-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] At1.job -- C:\DOCUME~1\MARIE-~1\APPLIC~1\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 5 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExW : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014c3c (jmp dword near [0x5f0b001e]|jmp 0x6|jmp 0xfffffffffaf73cb6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - SetWindowsHookExA : C:\Program Files\Spyware Doctor\klg.dat @ 0x5a014bfc (jmp dword near [0x5f05001e]|jmp 0x6|jmp 0xfffffffffafd3c76)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] d3bd59ee2ba822ece717e78e1bd64a69
[BSP] 6105758de88d9a88ac83843431866b77 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 73123 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
--- User ---
[MBR] b5d56f71f1ac97b6853d4bf94e634385
[BSP] fee7ce7632923c582bd514d48ff7a213 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 476937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )

+++++ PhysicalDrive2: USB Device +++++
--- User ---
[MBR] 04e056a8f241b64471a9f748c562f0a4
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 48 | Size: 15199 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )

Can I remove all that things whitout danger for my comouter ?

Thanks for your reply

Best regards

MArie-Odile

Reply #1February 12, 2015, 12:55:05 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Clean or not ?
« Reply #1 on: February 12, 2015, 12:55:05 AM »
Hi Marie-Odile,

Welcome to Adlice.com Forum.

Unwanted programs uninstall
  • Click on the Windows XP Start Menu button and then click on the Control Panel.
  • Please double-click the Add/Remove Programs icon
  • A list of programs installed will be populated this may take a bit of time.
  • Please uninstall the following softwares, if they are present :
Quote
Boxore
Software Update Service
Astromenda Search

Entries removal with RogueKiller

Please restart RogueKiller and remove the following entries :
Quote
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Software_update_m
[Suspicious.Path] At1.job -- C:\DOCUME~1\MARIE-~1\APPLIC~1\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check)

Please post the report obtained in your next reply.

Leftovers removal

Please delete the following folders, if they are present :
Quote
C:\Program Files\Boxore
C:\Program Files\Software
C:\Program Files\wse_astromenda
C:\Documents and Settings\Marie-Odile WEHR\Application Data\wse_astromenda

How is the computer running ?

Regards.