RogueKiller V8.8.9 [Feb 24 2014] by Tigzy mail : tigzyRKgmailcom Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Beverly [Admin rights] Mode : Scan -- Date : 02/27/2014 14:40:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [SUSP PATH][DLL] rundll32.exe -- C:\Users\Beverly\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [7] -> rundll32.exe KILLED [TermProc] [SUSP PATH] SmileboxTray.exe -- C:\Users\Beverly\AppData\Roaming\Smilebox\SmileboxTray.exe [7] -> KILLED [TermProc] [SUSP PATH] TBMessagingHost.exe -- C:\Users\Beverly\AppData\Local\NativeMessaging\CT3315827\1_0_0_10\TBMessagingHost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 40 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\Beverly\AppData\Roaming\Smilebox\SmileboxTray.exe" [7]) -> FOUND [RUN][Rans.Crypto] HKCU\[...]\Run : BrowserSafeguard (C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe [-]) -> FOUND [RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Beverly\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> FOUND [RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Beverly\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-242505160-1997802447-1459611069-1000\[...]\Run : SmileboxTray ("C:\Users\Beverly\AppData\Roaming\Smilebox\SmileboxTray.exe" [7]) -> FOUND [RUN][Rans.Crypto] HKUS\S-1-5-21-242505160-1997802447-1459611069-1000\[...]\Run : BrowserSafeguard (C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe [-]) -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-242505160-1997802447-1459611069-1000\[...]\Run : iLivid ("C:\Users\Beverly\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-242505160-1997802447-1459611069-1000\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Beverly\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:13828 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [x]) -> FOUND [IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [x]) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤ [V1][SUSP PATH] MySearchDial.job : C:\Users\Beverly\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND [V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Beverly\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND [V2][SUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent [x] -> FOUND [V2][SUSP PATH] MySearchDial : C:\Users\Beverly\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Rans.Crypto ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVS-08VAT2 +++++ --- User --- [MBR] 699ec78d5cf20532f00a78becfda159f [BSP] 0185ad9e27c7f3d58788a39850ebaeb2 : Lenovo MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02272014_144001.txt >>