Author Topic: hidden process no name no path (Read 5386 times)

steddye · « **on:** June 17, 2014, 10:34:11 AM »

this can be malware ?

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : foca [Admin rights]
Mode : Scan -- Date : 06/17/2014 10:24:10

¤¤¤ Bad processes : 1 ¤¤¤
[Hidden] --

-> Chiuso [TermThr]

¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> Trovato
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> Trovato
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trovato
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trovato
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trovato
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trovato

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1003FZEX-00MK2A0 ATA Device +++++
--- User ---
[MBR] adcc5058a2b3ffdb25ff293490119835
[BSP] 690b767b6d8bc467a0a947e1263cffed : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Maxtor 6H500F0 ATA Device +++++
--- User ---
[MBR] 9f931b9192b6a19b905787b8e88450ae
[BSP] cf0b651b0fab45c6ab8f1d8c9f955908 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476939 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ADATA SP900 ATA Device +++++
--- User ---
[MBR] 2b9f2e12b490e0005987573fb446e66e
[BSP] c08dc13d915e62ae570e0b6e7e1dc92a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 122102 MB
User = LL1 ... OK
User = LL2 ... OK

I read this post http://forum.adlice.com/index.php/topic,112.0.html
maybe is the same case ?

Tigzy · « **Reply #1 on:** June 17, 2014, 11:02:14 AM »

Hello
Yes, that's the same issue. We are working on it

steddye · « **Reply #2 on:** June 17, 2014, 11:05:22 AM »

Ok thanks for the fast reply .

Author Topic: hidden process no name no path (Read 5386 times)

steddye

hidden process no name no path

Tigzy

Re: hidden process no name no path

steddye

Re: hidden process no name no path