RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : Marouane [Administrator] Started from : C:\Users\Marouane\Downloads\RogueKiller.exe Mode : Scan -- Date : 12/18/2015 13:31:08 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-651050213-2844997319-2814757456-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dma%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAzz0BzytA0A0A0AyE0D0DtBtAtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCyB0ByByBtCyCtBtGtCtC0DyCtG0AyEtA0DtGtCyBtBtCtGyE0BtAyDtByEtC0AtD0EtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytD0DyE0DyCzztGyByEtDtAtGyEyD0CzytGzztB0EyBtG0F0BtBtA0E0AyC0C0ByC0EyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzytC%26cr%3D938631316%26a%3Dwncy_pwrisofs_15_30%26os%3DWindows%2B8.1%2BPro -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-651050213-2844997319-2814757456-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dma%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAzz0BzytA0A0A0AyE0D0DtBtAtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCyB0ByByBtCyCtBtGtCtC0DyCtG0AyEtA0DtGtCyBtBtCtGyE0BtAyDtByEtC0AtD0EtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytD0DyE0DyCzztGyByEtDtAtGyEyD0CzytGzztB0EyBtG0F0BtBtA0E0AyC0C0ByC0EyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzytC%26cr%3D938631316%26a%3Dwncy_pwrisofs_15_30%26os%3DWindows%2B8.1%2BPro -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] xxtvx9gb.default : user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_30&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dma%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAzz0BzytA0A0A0AyE0D0DtBtAtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCyB0ByByBtCyCtBtGtCtC0DyCtG0AyEtA0DtGtCyBtBtCtGyE0BtAyDtByEtC0AtD0EtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzytD0DyE0DyCzztGyByEtDtAtGyEyD0CzytGzztB0EyBtG0F0BtBtA0E0AyC0C0ByC0EyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzytC%26cr%3D938631316%26a%3Dwncy_pwrisofs_15_30%26os%3DWindows%2B8.1%2BPro"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9250827AS ATA Device +++++ --- User --- [MBR] 9dfbc53ac04f5c8e5036bc103d9c94f7 [BSP] 2ec60e88e6e2e72ee0f84e23859891a6 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 129650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 266242048 | Size: 58473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 385994752 | Size: 50000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK