« previous next »
Pages: [1]

Author Topic: Please can someone check rouge killer report.  (Read 5959 times)

0 Members and 1 Guest are viewing this topic.

January 11, 2015, 09:08:33 PM

HallunX .

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Please can someone check rouge killer report.
« on: January 11, 2015, 09:08:33 PM »
Hi guys I am new to this software and I need help with it. Here is report, can you tell me if is false warning or I should remove this.

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\atillk64 (\??\C:\Users\Hlxx\AppData\Local\Temp\RarSFX0\atillk64.sys) -> Znaleziono
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\klkbdflt2 (\SystemRoot\system32\DRIVERS\klkbdflt2.sys) -> Znaleziono
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atillk64 (\??\C:\Users\Hlxx\AppData\Local\Temp\RarSFX0\atillk64.sys) -> Znaleziono
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3707175792-2543725426-2122216735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Znaleziono
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3707175792-2543725426-2122216735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Znaleziono
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Znaleziono
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Znaleziono
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32DAAE82-9E78-4D53-BB49-E1F9811CE395} | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Znaleziono
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32DAAE82-9E78-4D53-BB49-E1F9811CE395} | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Znaleziono
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Znaleziono
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Znaleziono
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Znaleziono
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Znaleziono
Logged
Reply #1January 11, 2015, 10:47:49 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: Please can someone check rouge killer report.
« Reply #1 on: January 11, 2015, 10:47:49 PM »
Hi HallunX,

Welcome to Adlice.com Forum.

Could you please confirm your ISP is "UPC Broadband GmbH" ?
The report is incomplete. Please copy/paste the results of the scan once again.

If you need help with the tool, please refer to the official tutorial.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.
Logged
Reply #2January 12, 2015, 01:51:37 PM

HallunX .

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: Please can someone check rouge killer report.
« Reply #2 on: January 12, 2015, 01:51:37 PM »
Hi there.

Yes my ISP is UPC. And here is full report:

RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Hlxx [Administrator]
Mode : Scan -- Date : 01/12/2015  13:48:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\atillk64 (\??\C:\Users\Hlxx\AppData\Local\Temp\RarSFX0\atillk64.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\klkbdflt2 (\SystemRoot\system32\DRIVERS\klkbdflt2.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atillk64 (\??\C:\Users\Hlxx\AppData\Local\Temp\RarSFX0\atillk64.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3707175792-2543725426-2122216735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3707175792-2543725426-2122216735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32DAAE82-9E78-4D53-BB49-E1F9811CE395} | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32DAAE82-9E78-4D53-BB49-E1F9811CE395} | DhcpNameServer : 62.179.1.60 62.179.1.61 [AUSTRIA (AT)][AUSTRIA (AT)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  adv.wp.pl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  hit.gemius.pl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  ad.hit.gemius.pl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  adview.pl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  ad.adview.pl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1  ad.gazeta.pl

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HM320II USB Device +++++
--- User ---
[MBR] f7db9e42f9282112372730334484d232
[BSP] 4e895d52598347c1bea3e9eff8717220 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 102397 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209712510 | Size: 202844 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )


============================================
RKreport_SCN_01112015_205155.log - RKreport_SCN_01122015_134503.log
Logged
Reply #3January 12, 2015, 03:50:06 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: Please can someone check rouge killer report.
« Reply #3 on: January 12, 2015, 03:50:06 PM »
Hi HallunX,

All the entries are legit.

Regards.
Logged
Pages: [1]
« previous next »