SangrailRougekiller16Jun2014

1. RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software
2. mail : http://www.adlice.com/contact/
3. Feedback : http://forum.adlice.com
4. Website : http://www.adlice.com/softwares/roguekiller/
5. Blog : http://www.adlice.com
6.  
7. Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
8. Started in : Normal mode
9. User : Kristof [Admin rights]
10. Mode : Scan -- Date : 06/16/2014 22:50:41
11.  
12. ¤¤¤ Bad processes : 0 ¤¤¤
13.  
14. ¤¤¤ Registry Entries : 16 ¤¤¤
15. [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1113a : C:\Users\Kristof\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=48591036437447d3b569a113f09f20ef-aaa8842c62d8757010e2ca1c1aa8ddc4ca837d4b /CMPID=1113a -> FOUND
16. [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1113a : C:\Users\Kristof\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=48591036437447d3b569a113f09f20ef-aaa8842c62d8757010e2ca1c1aa8ddc4ca837d4b /CMPID=1113a -> FOUND
17. [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
18. [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
19. [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
20. [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1479523844-115908511-3653597545-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
21. [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
22. [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
23. [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
24. [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
25. [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
26. [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
27. [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
28. [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
29. [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
30. [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
31.  
32. ¤¤¤ Scheduled tasks : 1 ¤¤¤
33. [Rans.Crypto] \\{C05C4082-94C9-4F23-BD1D-7CF59624FBBF} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Kristof\Desktop\Revo Uninstaller\Revouninstaller.exe" -d "C:\Users\Kristof\Desktop\Revo Uninstaller") -> FOUND
34.  
35. ¤¤¤ Files : 0 ¤¤¤
36.  
37. ¤¤¤ HOSTS File : 0 ¤¤¤
38.  
39. ¤¤¤ Antirootkit : 0 ¤¤¤
40.  
41. ¤¤¤ Web browsers : 0 ¤¤¤
42.  
43. ¤¤¤ MBR Check : ¤¤¤
44. +++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
45. --- User ---
46. [MBR] 5c291b785f386d8bf4b5a5f5f44d88ef
47. [BSP] 5cc2e2a542d6910e28d47f45ffb1b657 : Windows Vista/7/8 MBR Code
48. Partition table:
49. 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
50. 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 152622 MB
51. 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 313391104 | Size: 152222 MB
52. User = LL1 ... OK
53. User = LL2 ... OK