RogueKiller V8.6.11 [Sep 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFee

1. RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
2. mail : tigzyRK<at>gmail<dot>com
3. Feedback : http://www.adlice.com/forum/
4. Website : http://www.adlice.com/softwares/roguekiller/
5. Blog : http://tigzyrk.blogspot.com/
6.  
7. Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
8. Started in : Normal mode
9. User : Camilla [Admin rights]
10. Mode : Scan -- Date : 09/14/2013 15:17:35
11. | ARK || FAK || MBR |
12.  
13. ¤¤¤ Bad processes : 1 ¤¤¤
14. [ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{17b72e44-ea30-50a1-d367-082e40143dc5}\ \...\???ﯹ๛\{17b72e44-ea30-50a1-d367-082e40143dc5}\GoogleUpdate.exe" < [x] -> STOPPED
15.  
16. ¤¤¤ Registry Entries : 16 ¤¤¤
17. [SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug (C:\Windows\system32\???etadpug.sys [x]) -> FOUND
18. [SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug (C:\Windows\system32\???etadpug.sys [x]) -> FOUND
19. [SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug (C:\Windows\system32\???etadpug.sys [x]) -> FOUND
20. [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
21. [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
22. [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
23. [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
24. [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
25. [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
26. [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
27. [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
28. [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
29. [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
30. [HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
31. [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
32. [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND
33.  
34. ¤¤¤ Scheduled tasks : 0 ¤¤¤
35.  
36. ¤¤¤ Startup Entries : 0 ¤¤¤
37.  
38. ¤¤¤ Web browsers : 0 ¤¤¤
39.  
40. ¤¤¤ Particular Files / Folders: ¤¤¤
41. [ZeroAccess][Folder] Install : C:\Users\Camilla\AppData\Local\Google\Desktop\Install [-] --> FOUND
42.  
43. ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
44.  
45. ¤¤¤ External Hives: ¤¤¤
46.  
47. ¤¤¤ Infection : ZeroAccess ¤¤¤
48.  
49. ¤¤¤ HOSTS File: ¤¤¤
50. --> %SystemRoot%\System32\drivers\etc\hosts
51.  
52.  
53. 127.0.0.1 activate.adobe.com
54. 127.0.0.1 practivate.adobe.com
55. 127.0.0.1 ereg.adobe.com
56. 127.0.0.1 activate.wip3.adobe.com
57. 127.0.0.1 wip3.adobe.com
58. 127.0.0.1 3dns-3.adobe.com
59. 127.0.0.1 3dns-2.adobe.com
60. 127.0.0.1 adobe-dns.adobe.com
61. 127.0.0.1 adobe-dns-2.adobe.com
62. 127.0.0.1 adobe-dns-3.adobe.com
63. 127.0.0.1 ereg.wip3.adobe.com
64. 127.0.0.1 activate-sea.adobe.com
65. 127.0.0.1 wwis-dubc1-vip60.adobe.com
66. 127.0.0.1 activate-sjc0.adobe.com
67. 127.0.0.1 practivate.adobe.com
68. 127.0.0.1 ereg.adobe.com
69. 127.0.0.1 activate.wip3.adobe.com
70. 127.0.0.1 wip3.adobe.com
71. 127.0.0.1 3dns-3.adobe.com
72. 127.0.0.1 3dns-2.adobe.com
73. [...]
74.  
75.  
76. ¤¤¤ MBR Check: ¤¤¤
77.  
78. +++++ PhysicalDrive0: FUJITSU MJA2320BH G2 ATA Device +++++
79. --- User ---
80. [MBR] 93feb000db0554a00a3421b15dcdb0d6
81. [BSP] 15acce822de47f8bd123cf5c652a0d29 : Windows Vista/7/8 MBR Code
82. Partition table:
83. 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
84. 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289895 Mo
85. 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 594114560 | Size: 15046 Mo
86. 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
87. User = LL1 ... OK!
88. User = LL2 ... OK!
89.  
90. Finished : << RKreport[0]_S_09142013_151735.txt >>