Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Software
- mail : http://www.adlice.com/contact/
- Feedback : http://forum.adlice.com
- Website : http://www.adlice.com/softwares/roguekiller/
- Blog : http://www.adlice.com
- Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
- Started in : Normal mode
- User : smith [Administrator]
- Started from : C:\Users\smith\Downloads\Programs\RogueKiller.exe
- Mode : Scan -- Date : 08/28/2015 21:12:45
- ¤¤¤ Processes : 5 ¤¤¤
- [Suspicious.Path|VT.Unknown] nvdtrays.exe(3652) -- C:\Users\smith\AppData\Local\Temp\Cannot Knowledge\nvdtrays.exe[-] -> Killed [TermProc]
- [Suspicious.Path|VT.Unknown] dwn.exe(3660) -- C:\Users\smith\AppData\Local\Temp\Plan drive\dwn.exe[-] -> Killed [TermProc]
- [Proc.Injected] RegAsm.exe(4408) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe[7] -> Killed [TermProc]
- [Proc.Injected] RegAsm.exe(4416) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe[7] -> Killed [TermProc]
- [VT.Unknown] FRST64.exe(5288) -- C:\Users\smith\Downloads\Programs\FRST64.exe[-] -> Killed [TermThr]
- ¤¤¤ Registry : 13 ¤¤¤
- [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
- [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
- ¤¤¤ Tasks : 2 ¤¤¤
- [Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found
- [Suspicious.Path] \GoogleUpdateTaskMachineUA -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found
- ¤¤¤ Files : 0 ¤¤¤
- ¤¤¤ Hosts File : 1 ¤¤¤
- [C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.com
- ¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
- [IAT:Inl(Hook.IEAT)] (firefox.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffc2eb3f19 (call 0x4b003f09)
- ¤¤¤ Web browsers : 1 ¤¤¤
- [PUM.HomePage][FIREFX:Config] klg1j0ax.default-1437252853417 : user_pref("browser.startup.homepage", "http://ar.hao123.com/?tn=sdkc_inner_hp_09_hao123_ar&fr=HEkW7VokS%2BJ46DBwMDRh1RdFMfZXIUnjLaE%3D%2CJFwS91EgV6owog%3D%3D%2CJFwS91EgV9li9Tl7KylL%2FH8M"); -> Found
- ¤¤¤ MBR Check : ¤¤¤
- +++++ PhysicalDrive0: WDC WD10EZRX-00L4HB0 ATA Device +++++
- --- User ---
- [MBR] d72ec1b2ada31261d2be96b1f485b3ee
- [BSP] 679ec91a5255518f10861567bfb59195 : Windows Vista/7/8|VT.Unknown MBR Code
- Partition table:
- 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 199899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600000 | Size: 753868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- User = LL1 ... OK
- User = LL2 ... OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement