API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 28th, 2015
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.86 KB | None | 0 0
raw download clone embed print report
  1. RogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Software
  2. mail : http://www.adlice.com/contact/
  3. Feedback : http://forum.adlice.com
  4. Website : http://www.adlice.com/softwares/roguekiller/
  5. Blog : http://www.adlice.com
  6.  
  7. Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
  8. Started in : Normal mode
  9. User : smith [Administrator]
  10. Started from : C:\Users\smith\Downloads\Programs\RogueKiller.exe
  11. Mode : Scan -- Date : 08/28/2015 21:12:45
  12.  
  13. ¤¤¤ Processes : 5 ¤¤¤
  14. [Suspicious.Path|VT.Unknown] nvdtrays.exe(3652) -- C:\Users\smith\AppData\Local\Temp\Cannot Knowledge\nvdtrays.exe[-] -> Killed [TermProc]
  15. [Suspicious.Path|VT.Unknown] dwn.exe(3660) -- C:\Users\smith\AppData\Local\Temp\Plan drive\dwn.exe[-] -> Killed [TermProc]
  16. [Proc.Injected] RegAsm.exe(4408) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe[7] -> Killed [TermProc]
  17. [Proc.Injected] RegAsm.exe(4416) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe[7] -> Killed [TermProc]
  18. [VT.Unknown] FRST64.exe(5288) -- C:\Users\smith\Downloads\Programs\FRST64.exe[-] -> Killed [TermThr]
  19.  
  20. ¤¤¤ Registry : 13 ¤¤¤
  21. [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Found
  22. [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
  23. [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
  24. [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
  25. [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
  26. [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QMUdisk (\??\C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys) -> Found
  27. [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QQPCRtp ("C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe" -r) -> Found
  28. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  29. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  30. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  31. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  32. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  33. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{51E3A9B6-0912-467E-8A0B-831C425EB956} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
  34.  
  35. ¤¤¤ Tasks : 2 ¤¤¤
  36. [Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found
  37. [Suspicious.Path] \GoogleUpdateTaskMachineUA -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found
  38.  
  39. ¤¤¤ Files : 0 ¤¤¤
  40.  
  41. ¤¤¤ Hosts File : 1 ¤¤¤
  42. [C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.com
  43.  
  44. ¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
  45. [IAT:Inl(Hook.IEAT)] (firefox.exe @ USER32.dll) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffc2eb3f19 (call 0x4b003f09)
  46.  
  47. ¤¤¤ Web browsers : 1 ¤¤¤
  48. [PUM.HomePage][FIREFX:Config] klg1j0ax.default-1437252853417 : user_pref("browser.startup.homepage", "http://ar.hao123.com/?tn=sdkc_inner_hp_09_hao123_ar&fr=HEkW7VokS%2BJ46DBwMDRh1RdFMfZXIUnjLaE%3D%2CJFwS91EgV6owog%3D%3D%2CJFwS91EgV9li9Tl7KylL%2FH8M"); -> Found
  49.  
  50. ¤¤¤ MBR Check : ¤¤¤
  51. +++++ PhysicalDrive0: WDC WD10EZRX-00L4HB0 ATA Device +++++
  52. --- User ---
  53. [MBR] d72ec1b2ada31261d2be96b1f485b3ee
  54. [BSP] 679ec91a5255518f10861567bfb59195 : Windows Vista/7/8|VT.Unknown MBR Code
  55. Partition table:
  56. 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  57. 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 199899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  58. 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600000 | Size: 753868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  59. User = LL1 ... OK
  60. User = LL2 ... OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!