Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 ) 32 bits version
Started in : Normal mode
User : SYSTEM [Admin rights]
Mode : Remove -- Date : 02/06/2013 15:12:28
| ARK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] IEXPLORE.EXE -- X:\I386\IEXPLORE.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][HJNAME] HKUS\Administrateur_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\DEFAULT_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\LocalService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\MARLENE_ON_C[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\NetworkService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[SHELL][Rans.Gendarm] HKUS\MARLENE_ON_C[...]\Winlogon : shell (explorer.exe,C:\Documents and Settings\MARLENE\Application Data\skype.dat) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) -> FOLDER NOT FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> C:\Documents and Settings\All Users\NTUSER.DAT
-> C:\Documents and Settings\Default User\NTUSER.DAT
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> X:\i386\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 56decd46678c052ff671184e3d8ce5d1
[BSP] 6b6d4af512742bcafbfe3d2c71c26a1b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 73563 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 160890975 | Size: 74065 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_02062013_02d1512.txt >>
RKreport[1]_S_02062013_02d1511.txt ; RKreport[2]_D_02062013_02d1512.txt
mail : tigzyRK
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 ) 32 bits version
Started in : Normal mode
User : SYSTEM [Admin rights]
Mode : Remove -- Date : 02/06/2013 15:12:28
| ARK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] IEXPLORE.EXE -- X:\I386\IEXPLORE.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][HJNAME] HKUS\Administrateur_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\DEFAULT_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\LocalService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\MARLENE_ON_C[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[RUN][HJNAME] HKUS\NetworkService_ON_C[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) -> DELETED
[SHELL][Rans.Gendarm] HKUS\MARLENE_ON_C[...]\Winlogon : shell (explorer.exe,C:\Documents and Settings\MARLENE\Application Data\skype.dat) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) -> FOLDER NOT FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> C:\Documents and Settings\All Users\NTUSER.DAT
-> C:\Documents and Settings\Default User\NTUSER.DAT
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> X:\i386\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 56decd46678c052ff671184e3d8ce5d1
[BSP] 6b6d4af512742bcafbfe3d2c71c26a1b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 73563 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 160890975 | Size: 74065 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_02062013_02d1512.txt >>
RKreport[1]_S_02062013_02d1511.txt ; RKreport[2]_D_02062013_02d1512.txt