RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Administrator [Admin rights] Mode: Scan -- Date: 07/15/2012 17:49:04 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 23 ¤¤¤ [ROGUE ST] HKCU\[...]\Policies\Explorer\Run : 1 (C:\bginfo\bginfo c:\bginfo\test.bgi /timer:0 /NOLICPROMPT) -> FOUND [ROGUE ST] HKUS\S-1-5-21-709158431-1206632991-1301536071-500[...]\Policies\Explorer\Run : 1 (C:\bginfo\bginfo c:\bginfo\test.bgi /timer:0 /NOLICPROMPT) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --GFA 10.170.3.46 BHHWAPFLP 10.170.3.43 BHHWAPFLP1 10.170.3.42 BHHWAPFLP2 10.170.3.242 gfadb 10.170.3.36 BHHWDBFLP1 10.170.3.37 BHHWDBFLP2 --UAL CHI 57.14.225.202 FWZSTGSQL 57.14.225.210 VCHIPSTDB 161.215.226.32 FWZPRDSQL --MAS 172.16.250.48 FPDB --BSD 172.29.246.161 Homer01 172.29.246.162 Homer02 172.29.246.230 Homer 172.29.246.231 Homerdb 172.29.246.163 TS01 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600AAJS-75PSA0 ATA Device +++++ --- User --- [MBR] 434d8eb95659da13faae6627c2fa2fac [BSP] 7b4c8a3dbb9ea2874fd14068ebace45a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152471 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] da0c6df746315d56f89b226c27c16ece [BSP] 7b4c8a3dbb9ea2874fd14068ebace45a : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152471 Mo 2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312469504 | Size: 10 Mo Finished : << RKreport[1].txt >> RKreport[1].txt