RogueKiller V8.2.2 [11/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Remove -- Date : 11/04/2012 14:19:54 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : 79rci (C:\Users\David\AppData\Roaming\tztzh45u.exe) -> DELETED [RUN][SUSP PATH] HKCU\[...]\Run : psdhtu ( "C:\Users\David\AppData\Roaming\psdhtu.dll",handle_as_unknown) -> DELETED [RUN][SUSP PATH] HKCU\[...]\Run : Avg (C:\Users\David\AppData\Roaming\B34BFE\B34BFE.exe) -> DELETED [RUN][SUSP PATH] HKCU\[...]\Run : arecp ( "C:\Users\David\AppData\Roaming\arecp.dll",_Fast) -> DELETED [RUN][SUSP PATH] HKCU\[...]\Run : Edyxat (C:\Users\David\AppData\Roaming\Vefeir\adyxp.exe) -> DELETED [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> DELETED [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> DELETED [TASK][SUSP PATH] Seagate 2GH22GZE Product Registration (David) : C:\Users\David\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GH22GZE Product Registration.exe /remind /language=ENC /loadsrnm="2GH22GZE" /SRNM="2GH22GZE" /BRND="Seagate" /BDSR="Seagate 2GH22GZE" -> DELETED [STARTUP][SUSP PATH] Seagate 2GH22GZE Product Registration.lnk @David : C:\Users\David\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GH22GZE Product Registration.exe -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1646770097-1670487229-2557818848-1000\$ff24043d55f85ce9a20a8337d9b4b888\n.) -> REPLACED (C:\Windows\system32\shell32.dll) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ --> REMOVED [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1646770097-1670487229-2557818848-1000\$ff24043d55f85ce9a20a8337d9b4b888\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1646770097-1670487229-2557818848-1000\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1646770097-1670487229-2557818848-1000\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++ --- User --- [MBR] b957ba69574067e4d8e2fbaad15bc6ac [BSP] 239720bc84b49ba8e73afe392c8d762f : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294648 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603441152 | Size: 10593 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11042012_02d1419.txt >> RKreport[1]_S_11042012_02d1415.txt ; RKreport[2]_D_11042012_02d1419.txt