RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : IP [Admin rights] Mode : Scan -- Date : 05/30/2013 11:33:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH] USB_Disk_Eject.exe -- C:\Documents and Settings\IP\Desktop\USB_Disk_Eject.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.eftel.com:8080) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [SHELLSPWN] HKUS\.DEFAULT[...]\command : ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %*) -> FOUND [SHELLSPWN] HKUS\S-1-5-18[...]\command : ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %*) -> FOUND [FILEASSO] HKUS\.DEFAULT[...]\.exe : (secfile) -> FOUND [FILEASSO] HKUS\S-1-5-18[...]\.exe : (secfile) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10EADS-00L5B1 +++++ --- User --- [MBR] 47cb60245a375777567327bd8bddd31e [BSP] 3caf64ad59716b0ab9423fee3e2a5e40 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST2000DM001-9YN164 +++++ --- User --- [MBR] 5eac75a88bde4774469ce596c4756b28 [BSP] af3a293ffdca503562d9493e0d50fa8e : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD2000JB-00KFA0 +++++ --- User --- [MBR] 758aafbe53de85cfaed8d93f6630069d [BSP] 5fcd6c34a44123adacb30b492245099b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 85776 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 175670775 | Size: 105002 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05302013_02d1133.txt >> RKreport[1]_S_05302013_02d1133.txt