Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
- mail : http://www.adlice.com/contact/
- Feedback : http://forum.adlice.com
- Website : http://www.adlice.com/download/roguekiller/
- Blog : http://www.adlice.com
- Operating System : Windows 10 (10.0.14393) 64 bits version
- Started in : Normal mode
- User : Jean-Michel Crapaud [Administrator]
- Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
- Mode : Scan -- Date : 03/11/2017 17:13:59 (Duration : 00:19:56)
- ¤¤¤ Processes : 2 ¤¤¤
- [PUP.AMule|VT.Adwareare.Elex.Gen7!c] ed2k.exe(5228) -- C:\Program Files (x86)\amulell\ed2k.exe[-] -> Found
- [PUP.AMule|VT.Adwareare.Elex.Gen7!c] (SVC) ed2kidle -- "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle[-] -> Found
- ¤¤¤ Registry : 22 ¤¤¤
- [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} (C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll) -> Found
- [Adw.Elex] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -> Found
- [Adw.Elex] (X64) HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\Software\WinSnare -> Found
- [Adw.Elex] (X86) HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\Software\WinSnare -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} : (C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll) [x] -> Found
- [Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSnare : (C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll) [x] -> Found
- [PUP.AMule|VT.Adwareare.Elex.Gen7!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ed2kidle ("C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle) -> Found
- [Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSnare (C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll) -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3B03F5D1-8C7E-44C8-80DD-C89D8193037F}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6972D8BB-B14F-45BD-8D74-03A2E0370CC7}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E66B562D-05B6-485F-84EC-31B7D2C16023}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3C859870-BD11-4564-9613-FED00E5377F1}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C4C2359C-2CB9-4C30-91CB-7AFEAB90B949}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{7434BB7D-48CA-4945-83BA-0EF158CFD540}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E0D3C6A8-23B2-46A8-83B1-EDCD9DDE3EF9}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{FB26FA68-FA1E-4030-9B41-2F222B36C122}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{696C3689-F155-4029-94F0-5EE383EA2E4A}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{62B81FD1-CFAA-4718-8AEC-F88EF93AD243}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AB7B46E4-A8FC-4CD3-AC59-724196F305A3}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [7] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{83FEAA0A-BC1B-42AD-B0CC-F5B706EF8875}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [7] -> Found
- [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
- [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
- ¤¤¤ Tasks : 6 ¤¤¤
- [Suspicious.Path] \9143B8360B8160r2323 -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- [Suspicious.Path] \9143B8360B8160r2323-dll -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- [Suspicious.Path] \boustrocode -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- [Suspicious.Path] \firefox -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- [Suspicious.Path] \manager -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- [Suspicious.Path] \updater -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
- ¤¤¤ Files : 13 ¤¤¤
- [PUP.AMule][Folder] C:\Users\Bernard\AppData\Roaming\aMule -> Found
- [PUP.Gen1][Folder] C:\Users\Bernard\AppData\Local\Free YouTube Downloader -> Found
- [PUP.QRss][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ -> Found
- [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Found
- [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\PREMIU~1.EXE -> Found
- [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Found
- [PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader -> Found
- [Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Documentation.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
- [Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Website.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
- [Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Windows OpenSSL Website.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
- [PUP.AMule][Folder] C:\Program Files (x86)\amulell -> Found
- [PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Found
- [PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader -> Found
- ¤¤¤ WMI : 0 ¤¤¤
- ¤¤¤ Hosts File : 0 ¤¤¤
- ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
- ¤¤¤ Web browsers : 0 ¤¤¤
- ¤¤¤ MBR Check : ¤¤¤
- +++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
- --- User ---
- [MBR] 9ae3a5b1a7b051516ee4448f137a2060
- [BSP] 048d9c92c4d7a399084fdf70c6629fce : Empty|VT.Unknown MBR Code
- Partition table:
- 0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
- User = LL1 ... OK
- User = LL2 ... OK
- +++++ PhysicalDrive1: SanDisk SD7SB3Q128G1002 +++++
- --- User ---
- [MBR] f075814b074a80a94120d88394e8fe2b
- [BSP] d98d44559707a9a2da67b1dc1cbbbeef : Empty|VT.Unknown MBR Code
- Partition table:
- 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
- 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
- 2 - Basic data partition | Offset (sectors): 567296 | Size: 121328 MB
- 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 249047040 | Size: 499 MB
- User = LL1 ... OK
- User = LL2 ... OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement