Author Topic: is that a malware ?  (Read 4319 times)

0 Members and 1 Guest are viewing this topic.

October 22, 2014, 05:36:25 PM

Gamezertruth

  • Guest
is that a malware ?
« on: October 22, 2014, 05:36:25 PM »
need to check this log out if there a malware ?

RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 
Started in : Normal mode
User : [Administrator]
Mode : Delete -- Date : 10/22/2014  18:18:36

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> Deleted
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-514264213-2229734732-364638501-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B1165D1-A610-4A14-9183-8EDDB358B8EC} | DhcpNameServer : 172.16.242.1  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8B1165D1-A610-4A14-9183-8EDDB358B8EC} | DhcpNameServer : 172.16.242.1  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8B1165D1-A610-4A14-9183-8EDDB358B8EC} | DhcpNameServer : 172.16.242.1  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys @ 0x8b3cbcc0
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\VVBackd5 @ Unknown (\SystemRoot\System32\Drivers\VVBackd5.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] xt6786fh.default-1413665403774 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3265GSX +++++
--- User ---
[MBR] 7030807e5d6303089fdba77edec97688
[BSP] bf4b40ef244bc7ef2f46fa3dd96446e8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 119900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 245762048 | Size: 185243 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09082014_141307.log - RKreport_DEL_09142014_050125.log - RKreport_DEL_09252014_052202.log - RKreport_DEL_09282014_125744.log
RKreport_DEL_09292014_110652.log - RKreport_DEL_10012014_070932.log - RKreport_DEL_10042014_142257.log - RKreport_DEL_10062014_193014.log
RKreport_DEL_10112014_133430.log - RKreport_DEL_10132014_124401.log - RKreport_DEL_10182014_060018.log - RKreport_DEL_10182014_113117.log
RKreport_SCN_09082014_134759.log - RKreport_SCN_09142014_045915.log - RKreport_SCN_09202014_085423.log - RKreport_SCN_09202014_090119.log
RKreport_SCN_09252014_052050.log - RKreport_SCN_09282014_125600.log - RKreport_SCN_09292014_110602.log - RKreport_SCN_10012014_070817.log
RKreport_SCN_10042014_142209.log - RKreport_SCN_10062014_192927.log - RKreport_SCN_10102014_164710.log - RKreport_SCN_10112014_132953.log
RKreport_SCN_10132014_124344.log - RKreport_SCN_10142014_002827.log - RKreport_SCN_10142014_170018.log - RKreport_SCN_10152014_113619.log
RKreport_SCN_10182014_051907.log - RKreport_SCN_10182014_113052.log - RKreport_SCN_10222014_175555.log

Reply #1October 23, 2014, 02:59:23 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 954
  • Reputation:
    90
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: is that a malware ?
« Reply #1 on: October 23, 2014, 02:59:23 PM »
Hello
I, the driver section, I don't think so.
The files will be whitelisted in the next release.