i realized i did not have the 64 roguekiller installed and ran the scan with the new one and found a couple things that i would like to know more about, especially the 2 orange rootkits? were they removed by roguekiller already? or does the scan just indicates to me that there is a rootkit and i need to do something about it. the Host and PUM in the registry, i assume are harmless? thanks-
here's my report:
RogueKiller V9.2.1.0 (x64) [Jun 23 2014] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph [Admin rights]
Mode : Scan -- Date : 07/10/2014 16:48:56
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0FDBAB83-205E-4B77-A568-C420AF021622} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0FDBAB83-205E-4B77-A568-C420AF021622} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0FDBAB83-205E-4B77-A568-C420AF021622} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2281642883-3741702196-4252132095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2281642883-3741702196-4252132095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2281642883-3741702196-4252132095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2281642883-3741702196-4252132095-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\drivers\1394ohci.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM 001-9YN164 SCSI Disk Device +++++
--- User ---
[MBR] 25b5614f80772b0ae1ebc7ce7e275aa2
[BSP] 5dc5d12c4f7e3e9e81833304d3140a00 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_DEL_07062014_160850.log - RKreport_DEL_07062014_163109.log - RKreport_DEL_07062014_164040.log - RKreport_SCN_07062014_160751.log
RKreport_SCN_07062014_162841.log - RKreport_SCN_07062014_163845.log - RKreport_SCN_07062014_164405.log
Topic: found 13 registry entries and i clicked delete, did that remove those threat? (Read 8122 times)
