RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : inthewindagain [Admin rights]
Mode : Scan -- Date : 11/05/2012 10:50:52

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[70] : NtCreateKey @ 0x8341EF46 -> HOOKED (Unknown @ 0x87E7948C)
SSDT[74] : NtCreateMutant @ 0x8342E2B2 -> HOOKED (Unknown @ 0x87EAC36C)
SSDT[79] : NtCreateProcess @ 0x834FA0C3 -> HOOKED (Unknown @ 0x87EADC0C)
SSDT[80] : NtCreateProcessEx @ 0x834FA10E -> HOOKED (Unknown @ 0x87E87EDC)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x8341F911 -> HOOKED (Unknown @ 0x87EAC2FC)
SSDT[87] : NtCreateThread @ 0x834F9ECA -> HOOKED (Unknown @ 0x87EADE74)
SSDT[88] : NtCreateThreadEx @ 0x8348E36B -> HOOKED (Unknown @ 0x87EADE3C)
SSDT[93] : NtCreateUserProcess @ 0x8348C29D -> HOOKED (Unknown @ 0x87EBFE24)
SSDT[103] : NtDeleteKey @ 0x83409A27 -> HOOKED (Unknown @ 0x87EBF924)
SSDT[106] : NtDeleteValueKey @ 0x833FB43E -> HOOKED (Unknown @ 0x87EA7334)
SSDT[111] : NtDuplicateObject @ 0x8344F67A -> HOOKED (Unknown @ 0x87EAC2C4)
SSDT[155] : NtLoadDriver @ 0x833E3C20 -> HOOKED (Unknown @ 0x87EADE04)
SSDT[190] : NtOpenProcess @ 0x8342FAF8 -> HOOKED (Unknown @ 0x87E89A34)
SSDT[194] : NtOpenSection @ 0x834878BB -> HOOKED (Unknown @ 0x87EA72FC)
SSDT[198] : NtOpenThread @ 0x8347BFC3 -> HOOKED (Unknown @ 0x87E899FC)
SSDT[290] : NtRenameKey @ 0x834B9FAB -> HOOKED (Unknown @ 0x87EBF8EC)
SSDT[302] : NtRestoreKey @ 0x834AFB5C -> HOOKED (Unknown @ 0x87EA736C)
SSDT[350] : NtSetSystemInformation @ 0x8346C29A -> HOOKED (Unknown @ 0x87EAC334)
SSDT[358] : NtSetValueKey @ 0x83428543 -> HOOKED (Unknown @ 0x87E79454)
SSDT[370] : NtTerminateProcess @ 0x83478BFB -> HOOKED (Unknown @ 0x87EF0344)
SSDT[371] : NtTerminateThread @ 0x83496584 -> HOOKED (Unknown @ 0x87EF030C)
SSDT[399] : NtWriteVirtualMemory @ 0x8347D958 -> HOOKED (Unknown @ 0x87EADEAC)
S_SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x88680224)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9EB6451C)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++
--- User ---
[MBR] a5f471bfe623ad09262a66ba6d051998
[BSP] 6484bc8fc805ea1405cba3b9f937425d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715288 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4a64c4e22e530c91a4724a291a098d7f
[BSP] 6484bc8fc805ea1405cba3b9f937425d : Windows 7 MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715288 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1465118720 | Size: 10 Mo

Finished : << RKreport[4]_S_11052012_02d1050.txt >>
RKreport[1]_S_11052012_02d0833.txt ; RKreport[2]_D_11052012_02d0835.txt ; RKreport[3]_SC_11052012_02d0838.txt ; RKreport[4]_S_11052012_02d1050.txt