Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - x0r

Pages: [1]
1
RogueKiller / Rootkit section litup green ; Is my system compromised?
« on: August 04, 2015, 06:18:16 AM »
Thank you for your help with the following report:

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : X0r [Administrator]
Started from : C:\Users\J\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 08/04/2015 01:09:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DelaypluginInstall : C:\ProgramData\Wondershare\Player\DelayPluginI.exe
  • -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\RK_J_ON_H_EA65\Software\Microsoft\Windows\CurrentVersion\Run | Epic Privacy Browser Installer : "C:\Users\J\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
  • -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\RK_J_ON_H_EA65\Software\Microsoft\Windows\CurrentVersion\Run | Epic Privacy Browser Installer : "C:\Users\J\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
  • -> ERROR [2]


¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2M040G2GC ATA Device +++++
--- User ---
[MBR] 847d9d7ae4601dda6d44d8f470d1b5e0
[BSP] 1378b03ef016bf555a4efe426a49885a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 37814 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1002FAEX-00Y9A0 ATA Device +++++
--- User ---
[MBR] 9c3452014a31ba341c4f09e75a9aae2f
[BSP] c43b05377763052285360b456bc4a0bc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30720 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 62916608 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 482347008 | Size: 102400 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 692062208 | Size: 615947 MB
User = LL1 ... OK
User = LL2 ... OK

regards,

X0r

Pages: [1]