RogueKiller V6.2.4 [01/12/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User: Ricky [Admin rights] Mode: Remove -- Date : 01/16/2012 10:51:49 ¤¤¤ Bad processes: 3 ¤¤¤ [SUSP PATH] 3949259467:873831188.exe -- C:\WINDOWS\3949259467:873831188.exe -> KILLED [TermProc] [SUSP PATH] 3949259467:873831188.exe -- C:\WINDOWS\3949259467:873831188.exe -> KILLED [TermProc] [RESIDUE] 3949259467:873831188.exe -- C:\WINDOWS\3949259467:873831188.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 9 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : {C92A9AE0-5B6C-C633-0C92-8249B6CDCF79} ("C:\Documents and Settings\Ricky\Application Data\Nyigyw\pyfu.exe") -> DELETED [SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED [DNS] HKLM\[...]\ControlSet001\Parameters : NameServer (93.188.162.149,93.188.160.29) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{42AAA1A2-A41E-4C6B-BC89-B07492D6ECB3} : NameServer (93.188.162.149,93.188.160.29) -> NOT REMOVED, USE DNSFIX [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [FILEASSO] HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Ricky\Local Settings\Application Data\nyo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe") ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Rogue.AntiSpy-AH ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 3dc4aaf7b36b9be8d1d1084187128be4 [BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 32 Mo 1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 64260 | Size: 36553 Mo 2 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 71457120 | Size: 3405 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] 7958267ce3edacd504a037c60a44c77d [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 32 | Size: 1006 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt