mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Vicky [Admin rights]
Mode : Remove -- Date : 08/20/2013 16:23:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[SERVICE][BLACKLIST] HKLM\[...]\CS003\[...]\Services : BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{B79C1916-51E2-424E-AD5F-20764F2B08F0}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{B79C1916-51E2-424E-AD5F-20764F2B08F0}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] EPUpdater : C:\Users\Vicky\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> DELETED
[V2][SUSP PATH] Funmoods : C:\Users\Vicky\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][File] @ : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@ [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\201d3dde [-] --> DELETED
[ZeroAccess][File] 6715e287 : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\6715e287 [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\76603ac3 [-] --> DELETED
[ZeroAccess][Folder] L : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000032.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U [-] --> DELETED
[ZeroAccess][Folder] {7faaaafa-cf14-2f74-3593-878a94dc601b} : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛\{7faaaafa-cf14-2f74-3593-878a94dc601b} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \...\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ... : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ \... [-] --> DELETED
[ZeroAccess][Folder] : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b}\ [-] --> DELETED
[ZeroAccess][Folder] {7faaaafa-cf14-2f74-3593-878a94dc601b} : C:\Program Files\Google\Desktop\Install\{7faaaafa-cf14-2f74-3593-878a94dc601b} [-] --> DELETED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 +++++
--- User ---
[MBR] cc45d7c81debd81b43012a02896d9166
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 292644 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619898880 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_08202013_162338.txt >>
RKreport[0]_S_08202013_161938.txt
Sign In
Create Account
