RogueKiller V10.7.0.0 [May 25 2015] by Adlice Softwaremail : http://www.adlice

1. RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
2. mail : http://www.adlice.com/contact/
3. Feedback : http://forum.adlice.com
4. Website : http://www.adlice.com/softwares/roguekiller/
5. Blog : http://www.adlice.com
6.  
7. Operating System : Windows 8 (6.2.9200 ) 64 bits version
8. Started in : Normal mode
9. User : maribell1 [Administrator]
10. Started from : C:\Users\maribell1\Desktop\RogueKiller.exe
11. Mode : Delete -- Date : 05/25/2015 16:26:54
12.  
13. ¤¤¤ Processes : 1 ¤¤¤
14. [Suspicious.Path] Windows Startupservice.exe(1572) -- C:\Users\maribell1\AppData\Roaming\Windows Startup\Windows Startupservice.exe[-] -> Killed [TermProc]
15.  
16. ¤¤¤ Registry : 15 ¤¤¤
17. [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
18. [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
19. [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Not selected
20. [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Not selected
21. [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected
22. [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2178466231-3421997683-3247184078-1001\Software\Microsoft\Windows\CurrentVersion\Run | Windows Startup : "C:\Users\maribell1\AppData\Roaming\Windows Startup\Windows Startupservice.exe" [-] -> Deleted
23. [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2178466231-3421997683-3247184078-1001\Software\Microsoft\Windows\CurrentVersion\Run | Windows Startup : "C:\Users\maribell1\AppData\Roaming\Windows Startup\Windows Startupservice.exe" [-] -> ERROR [2]
24. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iscFlash (\??\C:\Users\ADMINI~1\AppData\Local\Temp\7zS5813.tmp\iscflashx64.sys) -> Deleted
25. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iscFlash (\??\C:\Users\ADMINI~1\AppData\Local\Temp\7zS5813.tmp\iscflashx64.sys) -> Deleted
26. [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2178466231-3421997683-3247184078-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com -> Not selected
27. [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2178466231-3421997683-3247184078-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com -> Not selected
28. [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
29. [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
30. [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
31. [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
32.  
33. ¤¤¤ Tasks : 0 ¤¤¤
34.  
35. ¤¤¤ Files : 2 ¤¤¤
36. [Suspicious.Path][File] Adobe Dreamweaver.lnk -- C:\Users\maribell1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Dreamweaver.lnk [LNK@] C:\ProgramData\{de468cd3-df45-7c80-de46-68cd3df4334f}\Adobe Dreamweaver.exe --startup=1 -> Deleted
37. [Suspicious.Path][File] CE80.lnk -- C:\Users\maribell1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CE80.lnk [LNK@] C:\ProgramData\{5a0d553e-b07f-7de1-5a0d-d553eb0754fa}\CE80.exe --startup=1 -> Deleted
38.  
39. ¤¤¤ Hosts File : 0 ¤¤¤
40.  
41. ¤¤¤ Antirootkit : 5 (Driver: Not loaded [0xc000036b]) ¤¤¤
42. [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x74b74230 (ret)
43. [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x74b740e0 (ret)
44. [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x74b74040 (ret)
45. [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x74b74180 (ret)
46. [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - IsDialogMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x74b73fc0 (ret)
47.  
48. ¤¤¤ Web browsers : 1 ¤¤¤
49. [FIREFX:Addon] 8qz62uar.default : MEGA extension [firefox@mega.co.nz] -> Deleted
50.  
51. ¤¤¤ MBR Check : ¤¤¤
52. +++++ PhysicalDrive0: ST500LT012-9WS142 +++++
53. --- User ---
54. [MBR] f52a92d80b5c0bc50ee753c3c6829d56
55. [BSP] b3ed8a006b54b0fba9e5b9afe6cbc64c : Empty MBR Code
56. Partition table:
57. 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
58. 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
59. 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
60. 3 - Basic data partition | Offset (sectors): 1697792 | Size: 459972 MB
61. 4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 943720448 | Size: 16139 MB
62. User = LL1 ... OK
63. User = LL2 ... OK
64.  
65.  
66. ============================================
67. RKreport_SCN_05252015_155511.log