Author Topic: Don't know what to do with results?  (Read 5600 times)

0 Members and 1 Guest are viewing this topic.

July 16, 2014, 11:17:25 AM

Tanzanos

  • Guest
Don't know what to do with results?
« on: July 16, 2014, 11:17:25 AM »
I do no0t know what to do with the results. Can someone help me? Here is the report:

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : yiannis [Admin rights]
Mode : Scan -- Date : 07/16/2014  12:06:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4149854431-98036347-1619213294-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x54d12c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x54d12c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 ATA Device +++++
--- User ---
[MBR] eb35136eed69bec19c34c5528655cd61
[BSP] da4097a360e646b5c7d9af3461f1e911 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 350379 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 717783040 | Size: 259999 MB
User = LL1 ... OK
User = LL2 ... OK


Reply #1July 18, 2014, 04:02:51 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Don't know what to do with results?
« Reply #1 on: July 18, 2014, 04:02:51 PM »
Hello

pciide.sys looks legit, it will be whitelisted.
Nothing to do, since you only got PUMs entries.