Adlice forum

Software feedback => RogueKiller => Topic started by: bwhisp on February 02, 2015, 07:49:03 PM

Title: I need help analysing a report
Post by: bwhisp on February 02, 2015, 07:49:03 PM

Hello,

I ran a RogueKiller scan and I need you help to know what to delete.

Here is it :
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lina [Administrator]
Mode : Scan -- Date : 02/02/2015  19:08:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\excsd @ \Device\excsd1 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd1 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\excsd @ \Device\excsd0 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ Unknown (\SystemRoot\system32\DRIVERS\ETD.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST500LT012-9WS14 SCSI Disk Device +++++
--- User ---
[MBR] 31d483adfbda9a4452e082d61b98cab7
[BSP] 10890d6d742530e92ae218ddc95b020e : Linux MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 476940 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA SanDisk SSD U100 SCSI Disk Device +++++
--- User ---
[MBR] 00950bf102cb4c0d78724e0f5f9b9d06
[BSP] 77f70036c8992390ff72e9d5b9f83d04 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

Title: Re: I need help analysing a report
Post by: Curson on February 02, 2015, 08:53:15 PM

Hi bwhisp,

Welcome to Adlice.com Forum.

Your report is clean.
The lines appearing under the Antirootkit section are false positives which will be whitelisted in the next release of RogueKiller.

Regards.

Title: Re: I need help analysing a report
Post by: bwhisp on February 02, 2015, 09:51:21 PM

Thank you. Do someone have any clue about how my desktop would have been cleared from all its contents (it has only trash, Asus and twice desktop.ini) and my Documents inaccessible (lock on the icon + hidden for my Music, my Videos and my Images) ?

Title: Re: I need help analysing a report
Post by: Curson on February 03, 2015, 02:02:54 PM

Hi bwhisp,

That's pretty uncommon.
Does Windows experienced some sort of error before it has occurred ? Did you do something unusual ?

Regards.