Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RogueKiller V12.11.19.0 (x64) [Oct 9 2017] (Free) by Adlice Software
- mail : http://www.adlice.com/contact/
- Feedback : https://forum.adlice.com
- Website : http://www.adlice.com/download/roguekiller/
- Blog : http://www.adlice.com
- Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
- Started in : Normal mode
- User : BODIONGAN [Administrator]
- Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
- Mode : Scan -- Date : 10/10/2017 22:59:50 (Duration : 01:02:27)
- Switches : -refid
- ¤¤¤ Processes : 1 ¤¤¤
- [Proc.Injected] chrome.exe(3460) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7] -> Found
- ¤¤¤ Registry : 61 ¤¤¤
- [PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_F_079E\Software\Blabbers -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_F_079E\Software\Blabbers -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BabylonToolbar -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Blabbers -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BrowserCompanion -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\facemoods.com -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\iLivid -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\IM -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\ImInstaller -> Found
- [PUP.Gen1] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Softonic -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BabylonToolbar -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Blabbers -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\BrowserCompanion -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\facemoods.com -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\iLivid -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\IM -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\ImInstaller -> Found
- [PUP.Gen1] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Softonic -> Found
- [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1980599891-4258201064-1316590169-1000\Software\WebApp -> Found
- [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1980599891-4258201064-1316590169-1000\Software\WebApp -> Found
- [Tr.Gen] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TNod -> Found
- [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | TNOD UP : "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i [x] -> Found
- [Suspicious.Path] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\SURFIN~1\LOCALS~1\Temp\ccuiuo.cmd [x] -> Found
- [Suspicious.Path] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\SURFIN~1\LOCALS~1\Temp\ccuiuo.cmd [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\EagleNT (\??\C:\Users\SURFIN~1\AppData\Local\Temp\EagleNT.sys) -> Found
- [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\EagleNT (\??\C:\Users\SURFIN~1\AppData\Local\Temp\EagleNT.sys) -> Found
- [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
- [PUM.Proxy] (X64) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
- [PUM.Proxy] (X86) HKEY_USERS\RK_Surfing Zone_ON_F_23A7\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
- [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14914389-F773-4093-BF9C-51BF5088FFE9} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9323AD75-C646-4C66-86D5-E70628501BDF} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14914389-F773-4093-BF9C-51BF5088FFE9} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9323AD75-C646-4C66-86D5-E70628501BDF} | DhcpNameServer : 121.1.3.81 121.1.3.16 121.1.3.66 ([-][Philippines][-]) -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F87E189F-FE75-4766-B74F-E48D43040779} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Surfing Zone\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F2A45E88-A098-4491-8F7D-44968551A1E9}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F94CD0F7-32B0-423E-ACD8-1F8648D229EB}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E234FDE7-13EE-49D1-A9E9-AE57AD585EBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D69487E-CD32-45AE-928D-334432122A06} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BF5FF715-009F-4938-80FE-7FC725404478} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E0AAD90C-7F86-4EB2-9536-AFE505E4A26D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81BE28BF-A15C-44C3-88A1-184E753DD601} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA162C8E-693B-4CD8-B0DA-029881A5B2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9499AC26-1083-455D-9A4E-EB04DABE600D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FABBF3C4-B944-4D3F-A414-E47609D410EE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_B6DA\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F87E189F-FE75-4766-B74F-E48D43040779} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Surfing Zone\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F2A45E88-A098-4491-8F7D-44968551A1E9}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F94CD0F7-32B0-423E-ACD8-1F8648D229EB}C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\bodiongan\appdata\local\playback\app-1.6.12\playback.exe|Name=playback.exe|Desc=playback.exe|Defer=User| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E234FDE7-13EE-49D1-A9E9-AE57AD585EBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D69487E-CD32-45AE-928D-334432122A06} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BF5FF715-009F-4938-80FE-7FC725404478} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E0AAD90C-7F86-4EB2-9536-AFE505E4A26D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81BE28BF-A15C-44C3-88A1-184E753DD601} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA162C8E-693B-4CD8-B0DA-029881A5B2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9499AC26-1083-455D-9A4E-EB04DABE600D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FABBF3C4-B944-4D3F-A414-E47609D410EE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
- [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
- [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
- ¤¤¤ Tasks : 5 ¤¤¤
- [Hj.Shortcut] \{25119510-AC1F-41D2-AC0F-8B055A32240E} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002) -> Found
- [Hj.Shortcut] \{724888B0-AB8C-4B6D-8CC1-DC52ADE21BCE} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar) -> Found
- [Hj.Shortcut] \{757962B0-B764-4D07-9BAC-FFB07E1DB61F} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsProgressBar) -> Found
- [Hj.Shortcut] \{7AE73405-A99D-4D5C-9091-D28E926C992F} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=6.10.0.104&LastError=12002) -> Found
- [Hj.Shortcut] \{E14BD42A-7B6C-48D8-AE8F-1BD91AD144DB} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.9.85.103/en/abandoninstall?page=tsProgressBar) -> Found
- ¤¤¤ Files : 3 ¤¤¤
- [Hidden.ADS][Stream] C:\Windows:AstInfo -> Found
- [PUP.HackTool][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder -> Found
- [PUP.HackTool][Folder] C:\Program Files\TNod User & Password Finder -> Found
- ¤¤¤ WMI : 0 ¤¤¤
- ¤¤¤ Hosts File : 0 ¤¤¤
- ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
- ¤¤¤ Web browsers : 0 ¤¤¤
- ¤¤¤ MBR Check : ¤¤¤
- +++++ PhysicalDrive0: ST3500418AS ATA Device +++++
- --- User ---
- [MBR] d3abb7f16239fdda55f6f0eac272d5b3
- [BSP] 9b3cbd9bc9c9796cd9f25b5c103ec7b7 : Windows Vista/7/8|VT.Unknown MBR Code
- Partition table:
- 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 249652 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 512007615 | Size: 226925 MB
- User = LL1 ... OK
- User = LL2 ... OK
- +++++ PhysicalDrive1: ST3500418AS ATA Device +++++
- --- User ---
- [MBR] 69e1579e4b75186c283533c4d283b1aa
- [BSP] 1a37eaf50873ac4109b0624cf69ad357 : Windows Vista/7/8|VT.Unknown MBR Code
- Partition table:
- 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 176937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 362369024 | Size: 300000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
- User = LL1 ... OK
- User = LL2 ... OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement