RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : teo [Admin rights]
Mode : Remove -- Date : 01/24/2013 18:39:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RssGqiad (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) -> DELETED
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) -> REPLACED (C:\Windows\system32\userinit.exe,)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[70] : NtCreateKey @ 0x836599FF -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B76AC)
SSDT[72] : NtCreateKeyTransacted @ 0x8361E719 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7708)
SSDT[182] : NtOpenKey @ 0x8368D704 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7562)
SSDT[183] : NtOpenKeyEx @ 0x836846DF -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B75B2)
SSDT[185] : NtOpenKeyTransacted @ 0x836224D4 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7604)
SSDT[186] : NtOpenKeyTransactedEx @ 0x83622464 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7656)
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1	localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 608c619b9814adaff2f3e08b2ce51faa
[BSP] 925107c1c557ad44b98bf20e8890bc66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 33000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 67585455 | Size: 272234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_D_01242013_02d1839.txt >>
RKreport[1]_D_01242013_02d1839.txt