De naam 'Check faked' is blijkbaar in versie 8.6.6 van RogueKiller aangepast naar 'verifieer drivers'.
Logje:
RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.adlice.com/forum/
Website :
http://www.adlice.com/softwares/roguekiller/
Blog :
http://tigzyrk.blogspot.com/
besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : Niels [Administrator rechten]
Modus : Scan -- Datum : 08/26/2013 17:09:16
| ARK || FAK || MBR |
¤¤¤ Kwaadaardige processen : 0 ¤¤¤
¤¤¤ Register verwijzingen : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> gevonden
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden
[BROK VAL] HKCR\[...]\command : () -> NIET AANWEZIG
¤¤¤ geplande taken : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ webbrowsers : 0 ¤¤¤
¤¤¤ Speciale Files / Folders: ¤¤¤
¤¤¤ Driver : [Geladen] ¤¤¤
¤¤¤ Externe Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infectie : Mal.Hosts ¤¤¤
¤¤¤ HOSTS Bestand: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
127.0.0.1 doubleclick.net #[McAfee.Cookie-Doubleclick] --> Potentially malicious!
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 ad2.doubleclick.net #[Panda.Spyware:Cookie/Doubleclick] --> Potentially malicious!
127.0.0.1 ad.3ad.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.3au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.br.doubleclick.net #[SunBelt.DoubleClick] --> Potentially malicious!
127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.de.doubleclick.net #[Tenebril.Tracking.Cookie] --> Potentially malicious!
127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.doubleclick.net --> Potentially malicious!
127.0.0.1 ir.doubleclick.net --> Potentially malicious!
127.0.0.1 iv.doubleclick.net --> Potentially malicious!
127.0.0.1 ln.doubleclick.net #[Lycos] --> Potentially malicious!
127.0.0.1 m.doubleclick.net --> Potentially malicious!
127.0.0.1 m2.doubleclick.net --> Potentially malicious!
127.0.0.1 m3.doubleclick.net --> Potentially malicious!
127.0.0.1 m.us.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
127.0.0.1 n3285ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n3349ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n609ad.doubleclick.net --> Potentially malicious!
127.0.0.1 optout.doubleclick.net --> Potentially malicious!
127.0.0.1 optimize.doubleclick.net --> Potentially malicious!
127.0.0.1 optimize.3optimization.doubleclick.net --> Potentially malicious!
127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
127.0.0.1 rd.intl.doubleclick.net --> Potentially malicious!
127.0.0.1 se1.doubleclick.net --> Potentially malicious!
127.0.0.1 twx.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
127.0.0.1 www3.doubleclick.net --> Potentially malicious!
127.0.0.1
www.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.com --> Potentially malicious!
127.0.0.1 www2.doubleclick.com --> Potentially malicious!
127.0.0.1 www3.doubleclick.com --> Potentially malicious!
127.0.0.1
www.doubleclick.com --> Potentially malicious!
127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
127.0.0.1 c1.statcounter.com #[Ad-Aware.Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c2.statcounter.com #[SecuritySpace.WebBug] --> Potentially malicious!
127.0.0.1 c3.statcounter.com #[eTrust.Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c4.statcounter.com --> Potentially malicious!
127.0.0.1 c5.statcounter.com #[SpySweeper.Spy.Cookie] --> Potentially malicious!
127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 c7.statcounter.com --> Potentially malicious!
127.0.0.1 c8.statcounter.com #[McAfee.Cookie-Statcounter] --> Potentially malicious!
127.0.0.1 c10.statcounter.com --> Potentially malicious!
127.0.0.1 c11.statcounter.com #[Ewido.TrackingCookie.Statcounter] --> Potentially malicious!
127.0.0.1 c12.statcounter.com --> Potentially malicious!
127.0.0.1 c13.statcounter.com --> Potentially malicious!
127.0.0.1 c14.statcounter.com --> Potentially malicious!
127.0.0.1 c15.statcounter.com --> Potentially malicious!
127.0.0.1 c16.statcounter.com --> Potentially malicious!
127.0.0.1 c17.statcounter.com --> Potentially malicious!
127.0.0.1 c18.statcounter.com --> Potentially malicious!
127.0.0.1 c19.statcounter.com --> Potentially malicious!
127.0.0.1 c20.statcounter.com --> Potentially malicious!
127.0.0.1 c21.statcounter.com --> Potentially malicious!
127.0.0.1 c22.statcounter.com --> Potentially malicious!
127.0.0.1 c23.statcounter.com --> Potentially malicious!
127.0.0.1 c24.statcounter.com --> Potentially malicious!
127.0.0.1 c25.statcounter.com --> Potentially malicious!
127.0.0.1 c26.statcounter.com --> Potentially malicious!
127.0.0.1 c27.statcounter.com --> Potentially malicious!
127.0.0.1 my.statcounter.com --> Potentially malicious!
127.0.0.1 s2.statcounter.com #[SunBelt.statcounter.com] --> Potentially malicious!
127.0.0.1 secure.statcounter.com --> Potentially malicious!
127.0.0.1
www.statcounter.com --> Potentially malicious!
127.0.0.1 localhost
127.0.0.1 optimized-by.rubiconproject.com
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1
www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1
www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1
www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1
www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
[...]
¤¤¤ MBR Controle: ¤¤¤
+++++ PhysicalDrive0: WDC WD25 00JS-75NCB3 SCSI Disk Device +++++
--- User ---
[MBR] cd3ed054e06212f6dd7bce9306e17c7c
[BSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Gereed : << RKreport[0]_S_08262013_170916.txt >>