View Single Post
07 Sep 2012  
ajadepoju

windows 7 home premuim
 
 

Quote   Quote: Originally Posted by shawn77 View Post
Press the DELETE option

Copy the log and paste it here
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: RogueKiller - Geeks to Go Forums
Blog: tigzy-RK

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aarron [Admin rights]
Mode : Remove -- Date : 09/07/2012 16:43:04

Bad processes : 0

Registry Entries : 5
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\U\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\L --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 Registration
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]


MBR Check:

+++++ PhysicalDrive0: ST9750420AS ATA Device +++++
--- User ---
[MBR] 9a981f34d080484c3cd7bc255c8f7455
[BSP] 64a9930d5d65a8994b3e7890bf33f9f9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
My System SpecsSystem Spec