Messages

1

RogueKiller / Re: I need help analysing a report

« on: February 02, 2015, 09:51:21 PM »

Thank you. Do someone have any clue about how my desktop would have been cleared from all its contents (it has only trash, Asus and twice desktop.ini) and my Documents inaccessible (lock on the icon + hidden for my Music, my Videos and my Images) ?

2

RogueKiller / I need help analysing a report

« on: February 02, 2015, 07:49:03 PM »

Hello,

I ran a RogueKiller scan and I need you help to know what to delete.

Here is it :
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lina [Administrator]
Mode : Scan -- Date : 02/02/2015  19:08:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\excsd @ \Device\excsd1 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd1 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\excsd @ \Device\excsd0 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ Unknown (\SystemRoot\system32\DRIVERS\ETD.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST500LT012-9WS14 SCSI Disk Device +++++
--- User ---
[MBR] 31d483adfbda9a4452e082d61b98cab7
[BSP] 10890d6d742530e92ae218ddc95b020e : Linux MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 476940 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA SanDisk SSD U100 SCSI Disk Device +++++
--- User ---
[MBR] 00950bf102cb4c0d78724e0f5f9b9d06
[BSP] 77f70036c8992390ff72e9d5b9f83d04 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK