RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : CRC [Admin rights]
Mode : Remove -- Date : 10/10/2012 22:48:02

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] salfutrocuqt.exe -- C:\Documents and Settings\CRC\salfutrocuqt.exe -> KILLED [TermProc]
[BLACKLIST DLL][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\WINDOWS\system32\iac25_32.ax -> UNLOADED

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MyDesktopTherapist (C:\Documents and Settings\CRC\Application Data\mydesktoptherapist.com\MyDesktopTherapist\1.9.2.0) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : salfutrocuqt (C:\Documents and Settings\CRC\salfutrocuqt.exe) -> DELETED
[Services][LOCK] HKLM\[...]\ControlSet001\Services\c5f9d43c205aa79d -> DELETED
[Services][LOCK] HKLM\[...]\ControlSet002\Services\c5f9d43c205aa79d -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 1afb2d56 : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\L\1afb2d56 --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Documents and Settings\CRC\Local Settings\Application Data\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\CRC\Local Settings\Application Data\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\CRC\Local Settings\Application Data\{cd93043f-6f8a-ac1d-b4ca-bc254ec33dc3}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1480150667-3122464935-4291761970-1006\$cd93043f6f8aac1db4cabc254ec33dc3\@ --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1480150667-3122464935-4291761970-1006\$cd93043f6f8aac1db4cabc254ec33dc3\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$cd93043f6f8aac1db4cabc254ec33dc3\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1480150667-3122464935-4291761970-1006\$cd93043f6f8aac1db4cabc254ec33dc3\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8026GAX +++++
--- User ---
[MBR] cad33da8351ebcba9fd47e69d19912fa
[BSP] b81e89700ff49ac1124b990dae38dcbe : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 20002 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122881185 | Size: 16112 Mo
3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155878695 | Size: 203 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt