RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove – Date : 05/07/2013 15:04:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU[…]\System : disableregistrytools (0) → DELETED
[HJ DESK] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS$NtUninstallKB14045$ >> \systemroot\system32\config → REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS$NtUninstallKB14045$\267270451@ [-] → REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS$NtUninstallKB14045$\267270451\Desktop.ini [-] → REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\L\00000004.@ [-] → REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS$NtUninstallKB14045$\267270451\L\201d3dde [-] → REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS$NtUninstallKB14045$\267270451\L\76603ac3 [-] → REMOVED
[Del.Parent][FILE] hycpmsei : C:\WINDOWS$NtUninstallKB14045$\267270451\L\hycpmsei [-] → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451\L → REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\00000004.@ [-] → REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\00000008.@ [-] → REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\000000cb.@ [-] → REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\80000000.@ [-] → REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS$NtUninstallKB14045$\267270451\U\80000032.@ [-] → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451\U → REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$\267270451 → REMOVED
[Del.Parent][FILE] 3444094802 : C:\WINDOWS$NtUninstallKB14045$\3444094802 [-] → REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS$NtUninstallKB14045$ → REMOVED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
→ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600AAJS-00B4A0 +++++
— User —
[MBR] b8fbf1b647dd698ef66542620dfe45aa
[BSP] 9b0b75bdc055737b567ed4fdf9e0d6d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 … OK!
User = LL2 … OK!
+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
— User —
[MBR] 6b25f36d6c0add261e3e974ab1c93571
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 1910 Mo
User = LL1 … OK!
Error reading LL2 MBR!
Finished : << RKreport[4]_D_05072013_02d1504.txt >>
RKreport[1]_S_05062013_02d1556.txt ; RKreport[2]_SC_05062013_02d2204.txt ; RKreport[3]_S_05072013_02d1501.txt ; RKreport[4]_D_05072013_02d1504.txt