Verif PC RogueKiller etc
PierreMaurice
-
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
je souhaite faire une vérification méthodique de mon PC. Pas de souci à première vue, mais l'idée est de repartir sur de bonnes bases et d'aller un peu plus loin que le Ccleaner - Avira - Malwarebytes.
J'ai lancé un RogueKiller et je ne sais pas trop quoi faire à la lecture du rapport.
RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : hp [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190802_122523, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/04 10:39:37 (Duration : 00:55:45)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Explorer.EXE (1712) -- C:\Windows\explorer.exe
[Adw.Kazy (Malicious)] catchcopy64.dll (1712) -- C:\Program Files (x86)\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
[Adw.Kazy (Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F} -- C:\Program Files (x86)\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll -> Found
>>>>>> XX - Software
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -- N/A -> Found
>>>>>> XX - Uninstall
[Adw.Kazy (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supercopier -- N/A -> Found
>>>>>> O87 - Firewall
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AC7EF9D8-394D-426D-A940-B789654C4543} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{79809E19-97CF-4176-8813-30288ACD49A0} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AED104C3-E1F1-44E1-B308-F840836A9389} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C04B5BF3-C24F-4DBB-834C-55A8795CEEB9} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CF576B53-E18C-45C0-BAFA-9D2B75F16C78} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C3D6040-6C85-458A-944D-8E045A14E89D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A63FD71B-4155-477A-AC00-885ECA46D469} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C1B10597-4B06-4536-87A6-85D91DD534B1} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AC7EF9D8-394D-426D-A940-B789654C4543} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{79809E19-97CF-4176-8813-30288ACD49A0} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C04B5BF3-C24F-4DBB-834C-55A8795CEEB9} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CF576B53-E18C-45C0-BAFA-9D2B75F16C78} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AED104C3-E1F1-44E1-B308-F840836A9389} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C3D6040-6C85-458A-944D-8E045A14E89D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A63FD71B-4155-477A-AC00-885ECA46D469} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C1B10597-4B06-4536-87A6-85D91DD534B1} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Adw.Kazy (Malicious)] (shortcut) Supercopier.lnk -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier\Supercopier.lnk => C:\PROGRA~2\SUPERC~1\SUPERC~1.EXE -> Found
[Adw.Kazy (Malicious)] (shortcut) Uninstall.lnk -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier\Uninstall.lnk => C:\PROGRA~2\SUPERC~1\uninst.exe -> Found
[PUP.InstallPack (Potentially Malicious)] (folder) InstallMate -- C:\ProgramData\InstallMate -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) simplitec -- C:\ProgramData\simplitec -> Found
[Adw.Kazy (Malicious)] (folder) Supercopier -- C:\Program Files (x86)\Supercopier -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Merci d'avance !
je souhaite faire une vérification méthodique de mon PC. Pas de souci à première vue, mais l'idée est de repartir sur de bonnes bases et d'aller un peu plus loin que le Ccleaner - Avira - Malwarebytes.
J'ai lancé un RogueKiller et je ne sais pas trop quoi faire à la lecture du rapport.
RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : hp [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190802_122523, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/04 10:39:37 (Duration : 00:55:45)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Explorer.EXE (1712) -- C:\Windows\explorer.exe
[Adw.Kazy (Malicious)] catchcopy64.dll (1712) -- C:\Program Files (x86)\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
[Adw.Kazy (Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F} -- C:\Program Files (x86)\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll -> Found
>>>>>> XX - Software
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -- N/A -> Found
>>>>>> XX - Uninstall
[Adw.Kazy (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supercopier -- N/A -> Found
>>>>>> O87 - Firewall
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AC7EF9D8-394D-426D-A940-B789654C4543} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{79809E19-97CF-4176-8813-30288ACD49A0} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AED104C3-E1F1-44E1-B308-F840836A9389} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C04B5BF3-C24F-4DBB-834C-55A8795CEEB9} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CF576B53-E18C-45C0-BAFA-9D2B75F16C78} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C3D6040-6C85-458A-944D-8E045A14E89D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A63FD71B-4155-477A-AC00-885ECA46D469} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C1B10597-4B06-4536-87A6-85D91DD534B1} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AC7EF9D8-394D-426D-A940-B789654C4543} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{79809E19-97CF-4176-8813-30288ACD49A0} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\goforfilesdl.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C04B5BF3-C24F-4DBB-834C-55A8795CEEB9} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CF576B53-E18C-45C0-BAFA-9D2B75F16C78} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AED104C3-E1F1-44E1-B308-F840836A9389} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| (C:\Program Files (x86)\GoforFiles\GoforFiles.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C3D6040-6C85-458A-944D-8E045A14E89D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A63FD71B-4155-477A-AC00-885ECA46D469} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
[PUP.DllFiles (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C1B10597-4B06-4536-87A6-85D91DD534B1} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| (C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe) (missing) -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Adw.Kazy (Malicious)] (shortcut) Supercopier.lnk -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier\Supercopier.lnk => C:\PROGRA~2\SUPERC~1\SUPERC~1.EXE -> Found
[Adw.Kazy (Malicious)] (shortcut) Uninstall.lnk -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier\Uninstall.lnk => C:\PROGRA~2\SUPERC~1\uninst.exe -> Found
[PUP.InstallPack (Potentially Malicious)] (folder) InstallMate -- C:\ProgramData\InstallMate -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) simplitec -- C:\ProgramData\simplitec -> Found
[Adw.Kazy (Malicious)] (folder) Supercopier -- C:\Program Files (x86)\Supercopier -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Merci d'avance !
Configuration: Windows / Chrome 75.0.3770.142
A voir également:
- Verif PC RogueKiller etc
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
2 réponses
Salut,
Rien d'actif.
Le mieux est d'utiliser Malwarebytes Anti-Malware une fois par semaine.
Evite les analyses régulières AdwCleaner et ZHPCleaner, tout à fait inutiles.
~~
Enfin pour une analyse personnalisée,
Suis le tutoriel FRST en cliquant sur ce lien bleu. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.
Trois rapports FRST seront générés :
Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
(Les liens bleus mènent à des tutoriels explicatifs pas à pas, clic dessus pour avoir les instructions plus précises à suivre).
Rien d'actif.
Le mieux est d'utiliser Malwarebytes Anti-Malware une fois par semaine.
Evite les analyses régulières AdwCleaner et ZHPCleaner, tout à fait inutiles.
~~
Enfin pour une analyse personnalisée,
Suis le tutoriel FRST en cliquant sur ce lien bleu. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.
Trois rapports FRST seront générés :
- FRST.txt
- Shortcut.
- Additionnal.txt
Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
(Les liens bleus mènent à des tutoriels explicatifs pas à pas, clic dessus pour avoir les instructions plus précises à suivre).
Rien d'actif signifie donc que :
- je ne touche à rien
- je supprime sur Rogue Killer
?
Rien de probant détecté.
Tout va bien.
Merci d'avance
https://pjjoint.malekal.com/files.php?id=FRST_20190804_l12k14t56v8
addition
https://pjjoint.malekal.com/files.php?id=20190804_b10l9b9t11q14
J'ai (évidemment) oublié de cocher shortcut donc j'ai dû relancer en ne cochant que lui (en espérant que ça ne fausse pas le résultat)
https://pjjoint.malekal.com/files.php?id=20190804_l1315b8u10r9
Merci,