« previous next »
Pages: [1]

Author Topic: RK report  (Read 5178 times)

0 Members and 1 Guest are viewing this topic.

September 15, 2014, 06:38:27 PM

JustinAnneK

  • Guest
RK report
« on: September 15, 2014, 06:38:27 PM »
Hello, I'm just looking for advice as to what I should do next after running RK.  I appreciate any advice. 

Here is the report after running RK.
RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anne [Admin rights]
Mode : Scan -- Date : 09/15/2014  07:48:41

¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] nsvA189.tmp -- C:\Users\Anne\AppData\Local\Temp\nsvA189.tmp[-] -> KILLED [TermProc]
[Suspicious.Path] (SVC) servervo -- C:\Users\Anne\AppData\Roaming\VOPackage\VOsrv.exe[-] -> STOPPED

¤¤¤ Registry Entries : 63 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup  -> FOUND
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup  -> FOUND
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup  -> FOUND
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup  -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo (C:\Users\Anne\AppData\Roaming\VOPackage\VOsrv.exe) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo (C:\Users\Anne\AppData\Roaming\VOPackage\VOsrv.exe) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo (C:\Users\Anne\AppData\Roaming\VOPackage\VOsrv.exe) -> FOUND
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3037713998-2356606693-2050324424-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] 7f79cb000448030f522d37fdcf96dd4d
[BSP] 7baa029788e9cf5e28b7bc72b87ad807 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 460413 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 945999872 | Size: 15026 MB
User = LL1 ... OK
User = LL2 ... OK

Logged
Pages: [1]
« previous next »