Show Posts
1
Malware removal help / [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: April 20, 2015, 07:33:01 AM »
RogueKiller V10.5.10.0 (x64) [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/20/2015 10:29:15
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\Users\Leety\AppData\Roaming\Origin\update.vbe -> ERROR
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/20/2015 10:29:15
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\Users\Leety\AppData\Roaming\Origin\update.vbe -> ERROR
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log
