RogueKiller V8.4.4 [Feb 5 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 ) 32 bits version Started in : Normal mode User : SYSTEM [Admin rights] Mode : Remove -- Date : 02/06/2013 15:12:28 | ARK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH] IEXPLORE.EXE -- X:\I386\IEXPLORE.EXE -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][HJNAME] HKUS\Administrateur_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED [RUN][HJNAME] HKUS\DEFAULT_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED [RUN][HJNAME] HKUS\LocalService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED [RUN][HJNAME] HKUS\MARLENE_ON_C[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> DELETED [RUN][HJNAME] HKUS\NetworkService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED [SHELL][Rans.Gendarm] HKUS\MARLENE_ON_C[...]\Winlogon : shell (explorer.exe,C:\Documents and Settings\MARLENE\Application Data\skype.dat) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) -> FOLDER NOT FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> C:\Documents and Settings\All Users\NTUSER.DAT -> C:\Documents and Settings\Default User\NTUSER.DAT ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> X:\i386\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 56decd46678c052ff671184e3d8ce5d1 [BSP] 6b6d4af512742bcafbfe3d2c71c26a1b : Acer tatooed MBR Code Partition table: 0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 73563 Mo 2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 160890975 | Size: 74065 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02062013_02d1512.txt >> RKreport[1]_S_02062013_02d1511.txt ; RKreport[2]_D_02062013_02d1512.txt