RogueKiller V12.11.1.0 (x64) [Jun 4 2017] (Free) door Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Besturingssysteem : Windows 8.1 (6.3.9600) 64 bits version Gestart in : Normale mode Gebruiker : Johnny [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Verwijder -- Datum : 06/05/2017 11:48:01 (Duration : 00:11:13) ¤¤¤ Processen : 0 ¤¤¤ ¤¤¤ Register : 8 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | etMonitor : C:\Windows\etMon.exe [x] -> Verwijderd [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 195.130.130.1 195.130.131.1 ([-][Belgium]) -> ERROR [5] [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6972F335-DCC2-47D5-A77D-CEE772D926C8} | DhcpNameServer : 195.130.130.1 195.130.131.1 ([-][Belgium]) -> Vervangen () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6E9D39D-FE03-4086-AB85-9B470843AFD8} | DhcpNameServer : 195.130.130.1 195.130.131.1 ([-][Belgium]) -> Vervangen () [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {69BB99B4-2635-4E40-954D-CE97CD9D63AB} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Johnny\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Verwijderd [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C824E0AC-6DD6-487C-B14B-2FAA3574097D} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Johnny\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Verwijderd [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9FCE85CA-9695-4C76-9559-18C5AB1E5C0A} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Johnny\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Verwijderd [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B2B1BAE8-8AA7-4404-81F9-81D1B994F175} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Johnny\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Verwijderd ¤¤¤ Taken : 0 ¤¤¤ ¤¤¤ Bestanden : 10 ¤¤¤ [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Verwijderd [Tr.Gen0][Bestand] C:\Users\Johnny\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Verwijderd ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Host-bestand : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Niet geladen [0x10000]) ¤¤¤ ¤¤¤ Web Browsers : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] mnad7wpq.default : user_pref("browser.startup.homepage", "http://www.nieuwsblad.be/"); -> Niet geselecteerd ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++ --- User --- [MBR] 8aa8f73dfdc49e67f92234eed4ef53d1 [BSP] db86a26ee3d6565f1c3b982d5b41d6c9 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 238123 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD1003FZEX-00MK2A0 +++++ --- User --- [MBR] 4fd6a46625d20e7c5dffec6049325555 [BSP] afb43dcc7626e2058de7c9721106a711 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: ST950032 5AS SCSI Disk Device +++++ --- User --- [MBR] c055a81d9459c4b5a3623275413d7fb0 [BSP] 47acd0cbd161675f6acb91bb088700fa : Empty|VT.Unknown MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 264192 | Size: 128 MB 2 - Basic data partition | Offset (sectors): 526336 | Size: 476683 MB User = LL1 ... OK Error reading LL2 MBR! ([1] Onjuiste functie. )