Hi guys
After a scan with RogueKiller I end up here:
http://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/What should I do? Am I infected? I could really need some help here.
Here is a log from RogueKiller
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mr.X [Admin rights]
Mode : Remove -- Date : 09/13/2014 13:58:53
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 6 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\edevmon @ \Device\00000073 (\SystemRoot\System32\drivers\rdyboost.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\edevmon @ \Device\00000072 (\SystemRoot\System32\drivers\rdyboost.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\drivers\34423650.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\edevmon @ \Device\00000075 (\SystemRoot\System32\drivers\rdyboost.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\edevmon @ \Device\00000073 (\SystemRoot\System32\drivers\rdyboost.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\edevmon @ \Device\00000072 (\SystemRoot\System32\drivers\rdyboost.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] 04fb85cf760df569f7e4ce1953663e89
[BSP] a23bb8269db0e46edcd273869f954d20 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] 793fa93840f03455be27ce846aab1dd4
[BSP] 3fc0b538638c517f0bb877a7ae2cf2b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199995 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 409593240 | Size: 515405 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_09032014_201611.log - RKreport_DEL_09032014_215630.log - RKreport_DEL_09032014_220055.log - RKreport_DEL_09032014_222200.log
RKreport_DEL_09052014_214358.log - RKreport_DEL_09132014_134727.log - RKreport_SCN_09032014_201602.log - RKreport_SCN_09032014_213739.log
RKreport_SCN_09032014_214110.log - RKreport_SCN_09032014_214325.log - RKreport_SCN_09032014_214407.log - RKreport_SCN_09032014_215452.log
RKreport_SCN_09032014_215621.log - RKreport_SCN_09032014_220033.log - RKreport_SCN_09032014_222150.log - RKreport_SCN_09042014_230501.log
RKreport_SCN_09052014_145912.log - RKreport_SCN_09052014_152803.log - RKreport_SCN_09052014_214230.log - RKreport_SCN_09112014_133919.log
RKreport_SCN_09132014_134351.log - RKreport_SCN_09132014_135349.log
Best regards
unreald00m
Topic: After a RogueKiller scan (Read 5478 times)
