« previous next »
Pages: [1]

Author Topic: Process Hidden and report  (Read 6691 times)

0 Members and 1 Guest are viewing this topic.

June 09, 2014, 07:58:23 AM

Xstof25

  • Guest
Process Hidden and report
« on: June 09, 2014, 07:58:23 AM »
H,

I used your last version and here's my report :

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : Xstof [Droits d'admin]
Mode : Recherche -- Date : 06/09/2014  07:53:28

¤¤¤ Processus malicieux : 2 ¤¤¤
[Hidden!]  --
  • -> TUÉ [TermThr]
[Hidden!]  --
  • -> TUÉ [TermThr]


¤¤¤ Entrées de registre : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B84D5C6-126C-4E39-B50E-F5D91ACAA706} | NameServer : 208.67.222.222,208.67.220.220,208.67.222.220,208.67.220.222  -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B84D5C6-126C-4E39-B50E-F5D91ACAA706} | NameServer : 208.67.222.222,208.67.220.220,208.67.222.220,208.67.220.222  -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> TROUVÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 3 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts]

[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1   localhost

[C:\WINDOWS\System32\drivers\etc\hosts] ::1      localhost


¤¤¤ Antirootkit : 1 ¤¤¤
[IAT:Addr] (explorer.exe) GDI32.dll - DeleteDC : Unknown @ 0x7ffc95290000

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST31000340NS ATA Device +++++
--- User ---
[MBR] eb8556b5dfefca88e051ab1c08c4e405
[BSP] 40407284828aef8f182de4b5f6e22c05 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 553984 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 22d448ccb82cb677fd6c33faedb1262c
[BSP] 385f57848282735d4586b5e0c17c6a6f : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] ce574b3156e0f681ab38842a8fb42528
[BSP] 55cce7c1145b657da65e54405c8b5156 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive5: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive6: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive7: Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive8: Generic Ultra HS-SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_SCN_06082014_075723.log - RKreport_SCN_06092014_074925.log

There's 2 malicious process with PID 8560 and 8832.
I can't find them in task Manager !!

Is mys report OK ?
thank you

Logged
Reply #1June 09, 2014, 08:19:53 AM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Process Hidden and report
« Reply #1 on: June 09, 2014, 08:19:53 AM »
Yes, it is ok.
There's still some bug with Hidden process detection, we have to investigate.
You'll not find them in task manager because 1/ They are supposed to be hidden 2/ They are supposed to be killed
Logged
Reply #2June 09, 2014, 09:11:06 AM

Xstof25

  • Guest
Re: Process Hidden and report
« Reply #2 on: June 09, 2014, 09:11:06 AM »
Hi and thank you. If you want more informations to investigate, ask me.
Logged
Pages: [1]
« previous next »