Jump to content

Possibley keylogged, not sure, need help fast plz


Recommended Posts

Earlier today i ran rouge killer and it found 3 KernalMode rootkits, I also ran malwarebytes anti-rookit but that returned nothing. The log from rouge killer has me worried and also I had other problems in this : https://forums.malwarebytes.org/index.php?/topic/153926-svchost-infected-wierd-domain-attempting-to-use-it/#entry862989. Im making a new topic because im not sure if my other topic is related and i feel i might be in serious trouble. Thanks

log post below of rouge killer: 

 

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: USER [Admin rights]
Mode : Scan -- Date : 08/06/2014  13:48:26
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 24 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-10993255-1859570673-1900244754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008f (\SystemRoot\system32\DRIVERS\tunnel.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\0000008a (\SystemRoot\system32\DRIVERS\tunnel.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ Unknown : \Driver\SynTP @ \Device\00000077 (\SystemRoot\system32\DRIVERS\tunnel.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 0c7b1bbb597c3925a21eb7f7de5747e9
[bSP] 5401513b52712fcd31d78ec15dad466c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_07302014_045119.log
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.