I have recently found out about Rogue Killer, as while a trojan was intercepted and blocked the other day by my antivirus software, I wanted to run some pre-emptive scans to make sure nothing sneaked in. I have runs scans with some other tools, which tidied up a few things but nothing significant found. I was not sure re the Rogue Killer report and what it is telling me.
Am I correct in saying that this is a clean scan, with nothing to concern me? I assume the flagged up home page is just my own choice of home page
I assume the flagged up registries keys are either keys that should be changed to make them more secure, or have been changed by security software to make them more secure?
I suppose I am most concerned about the suspicious path entries re ET5drv.sys, as I am not sure what this relates to?I would appreciate knowing from someone familiar with the Rogue Killer software whether there is anything there in the report that needs to be acted upon. I suspect not, but I would like to understand why for sure these entries have come up, and the risks / benefits of removing them.
Thank you in advance for your comments and recommendations. RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Test [Admin rights]
Mode : Scan -- Date : 09/19/2014 11:56:49
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 21 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 24fvnri6.default : user_pref("browser.startup.homepage", "
www.google.co.uk"); -> FOUND
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 45bd84628e2a5a17471654ec88c09de9
[BSP] 57cde6d0e3d7536424b0cee6ef234535 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 46913 MB
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 300881385 | Size: 5710 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 024142e7e1739db96e06f729e8ea61a6
[BSP] 938aac52648a609395824034283dcc0b : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
Topic: Brief help to interpret report please (Read 7041 times)
