RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Premium) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.10586) 64 bits version Started in : Normal mode User : Mr ysn [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 12/26/2016 21:38:25 (Duration : 00:42:43) ¤¤¤ Processes : 3 ¤¤¤ [Adw.Elex|Suspicious.Path] service.exe(1676) -- C:\ProgramData\service.exe[-] -> Killed [TermProc] [PUP.HackTool|Suspicious.Path] KMS-R@1n.exe(1908) -- C:\Windows\KMS-R@1n.exe[-] -> Killed [TermProc] [PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (SVC) KMS-R@1n -- C:\Windows\KMS-R@1n.exe[-] -> ERROR [6d] ¤¤¤ Registry : 17 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\csastats -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\DriverToolkit -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\IM -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Installer -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\ProductSetup -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\csastats -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\DriverToolkit -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\IM -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Installer -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\ProductSetup -> Deleted [Suspicious.Path|VT.Adware.Agent] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Microsoft\Windows\CurrentVersion\Run | msiql : C:\Users\Mr ysn\AppData\Local\Temp\00024854\msiql.exe /RUNNING [-] -> Deleted [Suspicious.Path|VT.Adware.Agent] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Microsoft\Windows\CurrentVersion\Run | msiql : C:\Users\Mr ysn\AppData\Local\Temp\00024854\msiql.exe /RUNNING [-] -> ERROR [2] [PUP.Gen0|VT.PUP.Optional.HahoMedia] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BugFixxer (C:\Windows\BugFixxer\1004\BugFixxer.exe) -> Deleted [PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Deleted [PUP.Gen0|PUP.HahoMedia] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Policies (C:\Windows\system32\Policies\161011\Policies.exe) -> Deleted [PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {62714C1E-DE41-4392-B623-BFD6DADEE9DD} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Deleted [PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C789FE12-C35E-4459-A3CA-C4D614150DA8} : v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Deleted ¤¤¤ Tasks : 1 ¤¤¤ [Tr.Gen0|Suspicious.Path|VT.Adware.OxyPumper] \Microsoft\Windows\Multimedia\Manager -- C:\Users\Mr ysn\AppData\Roaming\Adobe\Manager.exe (604C4206-B430-43E1-A102-8BF11249AEC2) -> Deleted ¤¤¤ Files : 7 ¤¤¤ [Adw.Elex][File] C:\ProgramData\service.exe -> Deleted [PUP.HackTool][File] C:\Windows\KMS-R@1n.exe -> Deleted [PUP.HackTool][File] C:\Windows\KMS-R@1nHook.exe -> Deleted [PUP.HahoMedia][Folder] C:\Windows\SysWOW64\Policies -> Deleted [PUP.HahoMedia][File] C:\Windows\SysWOW64\Policies\161011\aUtil.dll -> Deleted [PUP.HahoMedia][File] C:\Windows\SysWOW64\Policies\161011\aUtil.dll.config -> Deleted [PUP.HahoMedia][File] C:\Windows\SysWOW64\Policies\161011\Policies.exe -> Deleted [PUP.HahoMedia][File] C:\Windows\SysWOW64\Policies\161011\Policies.exe.config -> Deleted [PUP.HahoMedia][Folder] C:\Windows\SysWOW64\Policies\161011 -> Deleted [Tr.Gen0][File] C:\Users\Mr ysn\AppData\Roaming\Adobe\Manager.exe -> Deleted [Tr.Gen0][File] C:\Users\Mr ysn\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted [Adw.Elex][File] C:\ProgramData\service.exe -> Removed at reboot [2] ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUP.Gen1][Firefox:Addon] 7vml8ba5.default-1466085183021 : Add-ons Manager Context Menu [amcontextmenu@loucypher] -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BPVT-80ZEST0 +++++ --- User --- [MBR] 51cad808cb71806fa55453011f4ba6b9 [BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 149450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 306280448 | Size: 450 MB 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307202048 | Size: 155243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ALCATEL Mass Storage USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )