roguekiller log

RogueKiller V8.6.10 _x64_ [Sep  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carrie [Admin rights]
Mode : Scan -- Date : 09/10/2013 19:12:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 15 ¤¤¤
[V1][SUSP PATH] Arcadesafari.job : C:\Users\Carrie\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [7] -> FOUND
[V1][SUSP PATH] AllmyappsUpdateTask.job : C:\Users\Carrie\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND
[V2][SUSP PATH] AllmyappsUpdateTask : C:\Users\Carrie\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> FOUND
[V2][SUSP PATH] Arcadesafari : C:\Users\Carrie\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [7] -> FOUND
[V2][SUSP PATH] {077DF77B-3544-4BC4-851A-184819D868F2} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {0E8750C1-1D26-4E71-9C42-A85FCF43E0EF} : C:\Users\Carrie\Desktop\ie.exe [x] -> FOUND
[V2][SUSP PATH] {14BAEAF4-9954-4703-93BA-8A328CDC7898} : C:\Users\Carrie\Desktop\ie.exe [x] -> FOUND
[V2][SUSP PATH] {2D31A804-F9FF-4C63-AD61-7A26008A1C8E} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {5C944199-76A3-4989-B558-4926FA7D2E8B} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {781DA757-B430-43DE-9F6F-C2FC08BEA2FE} : C:\Users\Carrie\Desktop\ie.exe [x] -> FOUND
[V2][SUSP PATH] {7EFDA9EA-9287-42ED-9A0D-9FD12E909264} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {8D2C11BA-8E55-4483-87B7-71CE7195A128} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {C3F5A4FC-0E7A-40DD-98BA-7782EAF94EBF} : C:\Users\Carrie\Desktop\ie.exe [x] -> FOUND
[V2][SUSP PATH] {E90DEAF8-3137-44AA-9165-31B4CD3D2637} : C:\Users\Carrie\Desktop\safe.exe [-] -> FOUND
[V2][SUSP PATH] {F226BD7F-F697-4C0C-BB59-3C661F80D2B2} : C:\Users\Carrie\Desktop\ie.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN SATA Disk Device +++++
--- User ---
[MBR] ccf60736590eef2cfd6a7aa695256f66
[BSP] 66145dbfca0f0410ab0749a594446f83 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09102013_191204.txt >>