Sujet Précédent Sujet Suivant

Examen Rogue Killer est-il sur ?

Fermé
Aet3q Messages postés 65 Date d'inscription mardi 8 juillet 2014 Statut Membre Dernière intervention 11 janvier 2017 - 25 janv. 2016 à 20:04
Aet3q Messages postés 65 Date d'inscription mardi 8 juillet 2014 Statut Membre Dernière intervention 11 janvier 2017 - 25 janv. 2016 à 20:56
Bonjour je viens de lancer un scan rogue killer qui est maintenant terminé et je vous envoie le rapport pour savoir si je dois supprimer ou non les "virus" analysés

Rapport: (Bon courage pour la lecture)

_________________________________________________________________

RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
email : https://www.adlice.com/contact/
Remontées : https://forum.adlice.com/
Site web : https://www.adlice.com/fr/roguekiller/
Blog : https://www.adlice.com/

Système d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : Utilisateur [Administrateur]
Mode : Scan -- Date : 01/25/2016 19:24:11

¤¤¤ Processus : 3 ¤¤¤
[Suspicious.Path] OneDrive.exe(7280) -- C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] java.exe(10140) -- C:\ProgramData\Oracle\Java\javapath\java.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] JRT.exe(13664) -- C:\Users\Utilisateur\Desktop\Logiciels et App\jremtool\Junkware Removal Tool\JRT.exe[-] -> Tué(e) [TermProc]

¤¤¤ Registre : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 | (default) : {BBACC218-34EA-4666-9D7A-C78F2274A524} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 | (default) : {5AB7172C-9C11-405C-8DD5-AF20F3606282} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 | (default) : {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 | (default) : {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 | (default) : {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 | (default) : {BBACC218-34EA-4666-9D7A-C78F2274A524} -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 | (default) : {5AB7172C-9C11-405C-8DD5-AF20F3606282} -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 | (default) : {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 | (default) : {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 | (default) : {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 : C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3860851096-1086957109-2331078641-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 29 (Driver: Non chargé [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff894465ac|jmp 0x6c3dd334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff8945e3e8|jmp 0x6c3dd418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetFolderPathEx : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74cffb70 (jmp dword near [0x75805024])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff894365ac|jmp 0x6c3ed334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff8944e3e8|jmp 0x6c3ed418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff89b965ac|jmp 0x6bc8d334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff89bae3e8|jmp 0x6bc8d418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff89b465ac|jmp 0x6bcdd334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff89b5e3e8|jmp 0x6bcdd418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff8a2b65ac|jmp 0x6b56d334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff8a2ce3e8|jmp 0x6b56d418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff89f565ac|jmp 0x6b8cd334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff89f6e3e8|jmp 0x6b8cd418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x6c79cae0 (jmp 0xffffffff897665ac|jmp 0x6c0bd334|call 0xfffffffffffff398)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x6c7957e0 (jmp 0xffffffff8977e3e8|jmp 0x6c0bd418|call 0xffffffffffff819f)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dc2800 (jmp dword near [0x75805030])
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SYSTEM32\windows.storage.dll @ 0x74dbf920 (jmp dword near [0x7580502c])

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 2sdwn2ch.default-1428493699102 : user_pref("browser.startup.homepage", "https://fr.yahoo.com/?type=orcl_hpset"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTE725050A7E630 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_05172015_191751.log - RKreport_SCN_05172015_185247.log

_________________________________________________________________

En vous remerciant d'avance, Aet3q

1 réponse

Réponse 1 / 1
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 656
25 janv. 2016 à 20:16
Salut,

Pas infecté.
0
Aet3q Messages postés 65 Date d'inscription mardi 8 juillet 2014 Statut Membre Dernière intervention 11 janvier 2017
25 janv. 2016 à 20:56
Okay merci !
0

Discussions similaires

Harry Potter
louloutte27089 -
Livine -

5 réponses
Facebook bloqué pour "examen demandé" depuis déjà 13 jours
Louise -
bazfile -

19 réponses
Killer Network Manager
Baltaros -
SISI la familllleee -

21 réponses
Désinstaller killer network = Écran bleu
komenkonf -
contrariness -

1 réponse
Killer Network
Louis Loiseau -
bazfile -

1 réponse