Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2 A:\ [Removable] (Total:0 Mo/Free:0 Mo) C:\ [Fixed] - NTFS - (Total:120001 Mo/Free:2562 Mo) D:\ [Fixed] - NTFS - (Total:238473 Mo/Free:1577 Mo) E:\ [Fixed] - NTFS - (Total:114470 Mo/Free:3478 Mo) F:\ [Fixed] - NTFS - (Total:120001 Mo/Free:843 Mo) G:\ [Fixed] - NTFS - (Total:46163 Mo/Free:2029 Mo) L:\ [CD-Rom] (Total:584 Mo/Free:0 Mo) M:\ [Removable] (Total:1966 Mo/Free:344 Mo) Sat 03/21/2009|13:06 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\Ati2evxx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---------- C:\Program Files\Bonjour\mDNSResponder.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---------- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe ---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\MsPMSPSv.exe ---------- C:\WINDOWS\system32\SearchIndexer.exe ---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ---------- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\WINDOWS\system32\CTHELPER.EXE ---------- C:\WINDOWS\SOUNDMAN.EXE ---------- C:\Program Files\DKP Profiler Uploader\DKPProfilerUploader.exe ---------- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe ---------- C:\Program Files\iTunes\iTunesHelper.exe ---------- C:\Program Files\Skype\Phone\Skype.exe ---------- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe ---------- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe ---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe ---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe ---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE ---------- C:\PROGRA~1\MI3AA1~1\rapimgr.exe ---------- C:\Program Files\TClockLight\tclock.exe ---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\iPod\bin\iPodService.exe ---------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe ---------- C:\Program Files\Prevx\prevx.exe ---------- C:\Program Files\Prevx\prevx.exe ---------- C:\Program Files\AVG\AVG8\avgscanx.exe ---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe ---------- C:\Program Files\Internet Explorer\Iexplore.exe ---------- C:\WINDOWS\system32\restore\rstrui.exe ---------- C:\Program Files\Mozilla Firefox\firefox.exe ---------- C:\Program Files\Java\jre6\bin\java.exe ---------- C:\Program Files\Internet Explorer\Iexplore.exe ---------- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe ---------- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe ---------- C:\WINDOWS\system32\SearchProtocolHost.exe ---------- C:\WINDOWS\system32\SearchFilterHost.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/21/2009|13:07 ----------------------\\ Scan completed at 13:07