API tools faq
paste
Advertisement
eduardson

Untitled

eduardson
Oct 10th, 2017
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.08 KB | None | 0 0
raw download clone embed print report
  1. RogueKiller V12.11.19.0 (x64) [Oct 9 2017] (Free) by Adlice Software
  2. mail : http://www.adlice.com/contact/
  3. Feedback : https://forum.adlice.com
  4. Website : http://www.adlice.com/download/roguekiller/
  5. Blog : http://www.adlice.com
  6.  
  7. Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
  8. Started in : Normal mode
  9. User : BODIONGAN [Administrator]
  10. Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
  11. Mode : Scan -- Date : 10/10/2017 22:59:50 (Duration : 01:02:27)
  12. Switches : -refid
  13.  
  14. ¤¤¤ Processes : 1 ¤¤¤
  15. [Proc.Injected] chrome.exe(3460) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7] -> Found
  16.  
  17. ¤¤¤ Registry : 61 ¤¤¤
  18. [PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_F_079E\Software\Blabbers -> Found
  19. [PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_F_079E\Software\Blabbers -> Found
  20. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BabylonToolbar -> Found
  21. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Blabbers -> Found
  22. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BrowserCompanion -> Found
  23. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\facemoods.com -> Found
  24. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\iLivid -> Found
  25. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\IM -> Found
  26. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\ImInstaller -> Found
  27. [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Softonic -> Found
  28. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BabylonToolbar -> Found
  29. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Blabbers -> Found
  30. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BrowserCompanion -> Found
  31. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\facemoods.com -> Found
  32. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\iLivid -> Found
  33. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\IM -> Found
  34. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\ImInstaller -> Found
  35. [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Softonic -> Found
  36. [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1980599891-4258201064-1316590169-1000\Software\WebApp -> Found
  37. [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1980599891-4258201064-1316590169-1000\Software\WebApp -> Found
  38. [Tr.Gen] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TNod -> Found
  39. [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | TNOD UP : "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i [x] -> Found
  40. [Suspicious.Path] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\SURFIN~1\LOCALS~1\Temp\ccuiuo.cmd [x] -> Found
  41. [Suspicious.Path] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\SURFIN~1\LOCALS~1\Temp\ccuiuo.cmd [x] -> Found
  42. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\EagleNT (\??\C:\Users\SURFIN~1\AppData\Local\Temp\EagleNT.sys) -> Found
  43. [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
  44. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\EagleNT (\??\C:\Users\SURFIN~1\AppData\Local\Temp\EagleNT.sys) -> Found
  45. [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
  46. [PUM.Proxy] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
  47. [PUM.Proxy] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
  48. [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
  49. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  50. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  51. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14914389-F773-4093-BF9C-51BF5088FFE9} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  52. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9323AD75-C646-4C66-86D5-E70628501BDF} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  53. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14914389-F773-4093-BF9C-51BF5088FFE9} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  54. [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9323AD75-C646-4C66-86D5-E70628501BDF} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
  55. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F87E189F-FE75-4766-B74F-E48D43040779} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Surfing Zone\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Found
  56. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F2A45E88-A098-4491-8F7D-44968551A1E9}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
  57. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F94CD0F7-32B0-423E-ACD8-1F8648D229EB}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
  58. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E234FDE7-13EE-49D1-A9E9-AE57AD585EBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  59. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D69487E-CD32-45AE-928D-334432122A06} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  60. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BF5FF715-009F-4938-80FE-7FC725404478} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  61. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E0AAD90C-7F86-4EB2-9536-AFE505E4A26D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  62. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81BE28BF-A15C-44C3-88A1-184E753DD601} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  63. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA162C8E-693B-4CD8-B0DA-029881A5B2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  64. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9499AC26-1083-455D-9A4E-EB04DABE600D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  65. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FABBF3C4-B944-4D3F-A414-E47609D410EE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  66. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F87E189F-FE75-4766-B74F-E48D43040779} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Surfing Zone\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Found
  67. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F2A45E88-A098-4491-8F7D-44968551A1E9}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
  68. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F94CD0F7-32B0-423E-ACD8-1F8648D229EB}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
  69. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E234FDE7-13EE-49D1-A9E9-AE57AD585EBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  70. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D69487E-CD32-45AE-928D-334432122A06} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  71. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BF5FF715-009F-4938-80FE-7FC725404478} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  72. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E0AAD90C-7F86-4EB2-9536-AFE505E4A26D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  73. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81BE28BF-A15C-44C3-88A1-184E753DD601} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  74. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA162C8E-693B-4CD8-B0DA-029881A5B2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  75. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9499AC26-1083-455D-9A4E-EB04DABE600D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  76. [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FABBF3C4-B944-4D3F-A414-E47609D410EE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
  77. [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
  78. [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
  79.  
  80. ¤¤¤ Tasks : 5 ¤¤¤
  81. [Hj.Shortcut] \{25119510-AC1F-41D2-AC0F-8B055A32240E} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002) -> Found
  82. [Hj.Shortcut] \{724888B0-AB8C-4B6D-8CC1-DC52ADE21BCE} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar) -> Found
  83. [Hj.Shortcut] \{757962B0-B764-4D07-9BAC-FFB07E1DB61F} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsProgressBar) -> Found
  84. [Hj.Shortcut] \{7AE73405-A99D-4D5C-9091-D28E926C992F} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=6.10.0.104&LastError=12002) -> Found
  85. [Hj.Shortcut] \{E14BD42A-7B6C-48D8-AE8F-1BD91AD144DB} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.9.85.103/en/abandoninstall?page=tsProgressBar) -> Found
  86.  
  87. ¤¤¤ Files : 3 ¤¤¤
  88. [Hidden.ADS][Stream] C:\Windows:AstInfo -> Found
  89. [PUP.HackTool][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder -> Found
  90. [PUP.HackTool][Folder] C:\Program Files\TNod User & Password Finder -> Found
  91.  
  92. ¤¤¤ WMI : 0 ¤¤¤
  93.  
  94. ¤¤¤ Hosts File : 0 ¤¤¤
  95.  
  96. ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
  97.  
  98. ¤¤¤ Web browsers : 0 ¤¤¤
  99.  
  100. ¤¤¤ MBR Check : ¤¤¤
  101. +++++ PhysicalDrive0: ST3500418AS ATA Device +++++
  102. --- User ---
  103. [MBR] d3abb7f16239fdda55f6f0eac272d5b3
  104. [BSP] 9b3cbd9bc9c9796cd9f25b5c103ec7b7 : Windows Vista/7/8|VT.Unknown MBR Code
  105. Partition table:
  106. 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  107. 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 249652 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  108. 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 512007615 | Size: 226925 MB
  109. User = LL1 ... OK
  110. User = LL2 ... OK
  111.  
  112. +++++ PhysicalDrive1: ST3500418AS ATA Device +++++
  113. --- User ---
  114. [MBR] 69e1579e4b75186c283533c4d283b1aa
  115. [BSP] 1a37eaf50873ac4109b0624cf69ad357 : Windows Vista/7/8|VT.Unknown MBR Code
  116. Partition table:
  117. 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 176937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  118. 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 362369024 | Size: 300000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
  119. User = LL1 ... OK
  120. User = LL2 ... OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!