RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: PCA [Admin rights] Mode: Scan -- Date: 05/09/2012 17:33:56 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0x85DFF000) SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (Unknown @ 0x85E009E0) SSDT[47] : NtCreateProcess @ 0x805D1230 -> HOOKED (Unknown @ 0x85DFE240) SSDT[48] : NtCreateProcessEx @ 0x805D117A -> HOOKED (Unknown @ 0x85DFE500) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C39FA -> HOOKED (Unknown @ 0x85E00D20) SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x85E006A0) SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0x85DFF580) SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0x85DFFDC0) SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x85E00EC0) SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (Unknown @ 0x85E00840) SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x85DFE7C0) SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (Unknown @ 0x85E00360) SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (Unknown @ 0x85DFF840) SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0x85DFFB00) SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (Unknown @ 0x85E00B80) SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0x85DFF2C0) SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x85DFEA80) SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (Unknown @ 0x85DFED40) SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (Unknown @ 0x85E00500) S_SSDT[548] : Unknown -> HOOKED (Unknown @ 0x85A0B520) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x85A0B340) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380815AS +++++ --- User --- [MBR] 423509f76b35a7ddaaa029f87b42061c [BSP] 3d0947ad41ac8d608d92865eb26d2e33 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt