RogueKiller V8.5.1 [Feb 12 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : SYSTEM [Admin rights] Mode : Scan -- Date : 06/16/2013 11:57:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 22 ¤¤¤ [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : ASYNCMAC (rundll32.exe streamci,StreamingDeviceSetup {eeab7790-c514-11d1-b42b-00805fc1270e},asyncmac,{ad498944-762f-11d0-8dcb-00c04fc3358c},X:\windows\INF\netrasa.inf,Ndis-Mp-AsyncMac) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [RUN][SUSP PATH] [ON_C:]HKLM\Software[...]\Run : Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0} (C:\Windows\test.bat) [x] -> FOUND [RUN][BLACKLISTDLL] [ON_C:LENOVO]HKCU[...]\Run : ctfmon32.exe (C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jev26z.dat,XFG00) -> FOUND [STARTUP][BLACKLISTDLL] regmonstd.lnk @LENOVO : X:\Windows\System32\rundll32.exe|C:\PROGRA~2\jev26z.dat,XFG00 -> FOUND [STARTUP][BLACKLISTDLL] regmonstd.lnk @Public : X:\Windows\System32\rundll32.exe|C:\PROGRA~2\jev26z.dat,XFG00 -> FOUND [RUN][BLACKLISTDLL] [ON_C:LENOVO]HKCU[...]\Run : ctfmon32.exe (C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jev26z.dat,XFG00) -> FOUND [STARTUP][BLACKLISTDLL] regmonstd.lnk @LENOVO : X:\Windows\System32\rundll32.exe|C:\PROGRA~2\jev26z.dat,XFG00 -> FOUND [STARTUP][BLACKLISTDLL] regmonstd.lnk @Public : X:\Windows\System32\rundll32.exe|C:\PROGRA~2\jev26z.dat,XFG00 -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> C:\windows\system32\config\SOFTWARE -> C:\windows\system32\config\SYSTEM -> C:\Users\Default\NTUSER.DAT -> C:\Users\Default User\NTUSER.DAT -> C:\Users\LENOVO\NTUSER.DAT -> C:\Documents and Settings\Default\NTUSER.DAT -> C:\Documents and Settings\Default User\NTUSER.DAT -> C:\Documents and Settings\LENOVO\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> X:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 +++++ --- User --- [MBR] 7b5ca311f100dde4313a8d47aa6ca1aa [BSP] d4ccd5d2389ab5bb45eac76087676e25 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 258880 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 530188288 | Size: 31255 Mo 2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++ --- User --- [MBR] 67f0191e56b974505505e14897f44151 [BSP] f6eca64e135a202b1ced04c632f522e1 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 128 | Size: 7385 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_06162013_02d1157.txt >> RKreport[1]_S_06162013_02d1157.txt