« previous next »
Pages: [1]

Author Topic: I need help analysing a report  (Read 5327 times)

0 Members and 1 Guest are viewing this topic.

February 02, 2015, 07:49:03 PM

bwhisp

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
I need help analysing a report
« on: February 02, 2015, 07:49:03 PM »
Hello,

I ran a RogueKiller scan and I need you help to know what to delete.

Here is it :
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lina [Administrator]
Mode : Scan -- Date : 02/02/2015  19:08:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9411DA6D-DD16-4FCA-9D33-816081165DB1} | DhcpNameServer : 10.141.0.1  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-414176184-2685799101-2091791791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\excsd @ \Device\excsd1 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd1 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\excsd @ \Device\excsd0 (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ Unknown (\SystemRoot\system32\DRIVERS\ETD.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST500LT012-9WS14 SCSI Disk Device +++++
--- User ---
[MBR] 31d483adfbda9a4452e082d61b98cab7
[BSP] 10890d6d742530e92ae218ddc95b020e : Linux MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 476940 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA SanDisk SSD U100 SCSI Disk Device +++++
--- User ---
[MBR] 00950bf102cb4c0d78724e0f5f9b9d06
[BSP] 77f70036c8992390ff72e9d5b9f83d04 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
Logged
Reply #1February 02, 2015, 08:53:15 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: I need help analysing a report
« Reply #1 on: February 02, 2015, 08:53:15 PM »
Hi bwhisp,

Welcome to Adlice.com Forum.

Your report is clean.
The lines appearing under the Antirootkit section are false positives which will be whitelisted in the next release of RogueKiller.

Regards.
Logged
Reply #2February 02, 2015, 09:51:21 PM

bwhisp

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: I need help analysing a report
« Reply #2 on: February 02, 2015, 09:51:21 PM »
Thank you. Do someone have any clue about how my desktop would have been cleared from all its contents (it has only trash, Asus and twice desktop.ini) and my Documents inaccessible (lock on the icon + hidden for my Music, my Videos and my Images) ?
Logged
Reply #3February 03, 2015, 02:02:54 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: I need help analysing a report
« Reply #3 on: February 03, 2015, 02:02:54 PM »
Hi bwhisp,

That's pretty uncommon.
Does Windows experienced some sort of error before it has occurred ? Did you do something unusual ?

Regards.
Logged
Pages: [1]
« previous next »