RogueKiller V5.1.9 [05/29/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: 64CZ072110 [Admin rights]
Mode: Scan -- Date : 05/31/2011 20:31:13

Bad processes: 9
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED
[SUSP PATH] xxx.exe -- c:\users\64cz072110\appdata\local\xxx.exe -> KILLED

Registry Entries: 9
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command :  ("C:\Users\64CZ072110\AppData\Local\xxx.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt