RogueKiller V8.8.11 [Mar 14 2014] by Adlice Softwaremail : http://www.adlice.c

1. RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
2. mail : http://www.adlice.com/contact/
3. Feedback : http://forum.adlice.com
4. Website : http://www.adlice.com/softwares/roguekiller/
5. Blog : http://www.adlice.com
6.  
7. Operating System : Windows 7 (6.1.7600 ) 32 bits version
8. Started in : Normal mode
9. User : Siyar [Admin rights]
10. Mode : Scan -- Date : 03/14/2014 16:34:31
11. | ARK || FAK || MBR |
12.  
13. ¤¤¤ Bad processes : 1 ¤¤¤
14. [SUSP PATH][DLL] explorer.exe -- C:\Users\Siyar\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll [x] -> UNLOADED
15.  
16. ¤¤¤ Registry Entries : 6 ¤¤¤
17. [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Siyar\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 477528af873947d1976ed154d4c7221c-ace776aea56d0a0deac3e8203236c80400a0cf40 --CMPID 0913b [-][x][x]) -> FOUND
18. [RUN][SUSP PATH] HKUS\S-1-5-21-4022737933-1016067012-279495612-1001\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Siyar\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 477528af873947d1976ed154d4c7221c-ace776aea56d0a0deac3e8203236c80400a0cf40 --CMPID 0913b [-][x][x]) -> FOUND
19. [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
20. [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
21. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
22. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
23.  
24. ¤¤¤ Scheduled tasks : 0 ¤¤¤
25.  
26. ¤¤¤ Startup Entries : 0 ¤¤¤
27.  
28. ¤¤¤ Web browsers : 0 ¤¤¤
29.  
30. ¤¤¤ Browser Addons : 0 ¤¤¤
31.  
32. ¤¤¤ Particular Files / Folders: ¤¤¤
33.  
34. ¤¤¤ Driver : [LOADED] ¤¤¤
35. [Inline] SSDT[50] : NtClose @ 0x8309279C -> HOOKED (Unknown @ 0x85A70DE0)
36. [Address] Shadow SSDT[536] : NtUserSendInput -> HOOKED (C:\Windows\system32\drivers\EagleXNt.sys @ 0xA4198FC0)
37.  
38. ¤¤¤ External Hives: ¤¤¤
39.  
40. ¤¤¤ Infection : ¤¤¤
41.  
42. ¤¤¤ HOSTS File: ¤¤¤
43. --> %SystemRoot%\System32\drivers\etc\hosts
44.  
45.  
46.  
47.  
48. ¤¤¤ MBR Check: ¤¤¤
49.  
50. +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AACS-00ZUB0 ATA Device +++++
51. --- User ---
52. [MBR] 4c5c5fcf7bba6971293adf1b0f715404
53. [BSP] 15917931272a77cf13a97d97b053cf2e : MBR Code unknown
54. Partition table:
55. 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
56. User = LL1 ... OK!
57. User = LL2 ... OK!
58.  
59. Finished : << RKreport[0]_S_03142014_163431.txt >>