{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.1.1.0",
"x64": false,
"date": "Apr 4 2016",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/fr/logiciels/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",
"boot": 0,
"winpe": false,
"user": "space",
"user_admin": true,
"program_location": "C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe",
"x64": true,
"licensing": "premium"
},
"report": {
"type": 2,
"aborted": false,
"date": "12/07/2016 19:21:45",
"switches": 0,
"debug": false,
"count": 22,
"show_legit_hooks": false,
"expert_mode": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": ""
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": ""
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 360,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": ""
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 548,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 532,
"path_parent": ""
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 600,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "wininit.exe",
"pid_parent": 532,
"path_parent": ""
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 636,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 612,
"path_parent": ""
},
{
"name": "services.exe",
"name_parent": "wininit.exe",
"pid": 676,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "C:\\Windows\\system32\\services.exe",
"pid_parent": 600,
"path_parent": "C:\\Windows\\System32\\wininit.exe"
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 712,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 612,
"path_parent": ""
},
{
"name": "lsass.exe",
"name_parent": "wininit.exe",
"pid": 740,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\Windows\\system32\\lsass.exe",
"pid_parent": 600,
"path_parent": "C:\\Windows\\System32\\wininit.exe"
},
{
"name": "lsm.exe",
"name_parent": "wininit.exe",
"pid": 748,
"path": "C:\\Windows\\System32\\lsm.exe",
"command_line": "C:\\Windows\\system32\\lsm.exe",
"pid_parent": 600,
"path_parent": "C:\\Windows\\System32\\wininit.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 840,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "nvvsvc.exe",
"name_parent": "services.exe",
"pid": 908,
"path": "C:\\Windows\\System32\\nvvsvc.exe",
"command_line": "\"C:\\Windows\\system32\\nvvsvc.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "nvSCPAPISvr.exe",
"name_parent": "services.exe",
"pid": 932,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 976,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 372,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 540,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 792,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 1044,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "",
"pid_parent": 372,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1108,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "rundll32.exe",
"name_parent": "services.exe",
"pid": 1132,
"path": "C:\\Windows\\System32\\rundll32.exe",
"command_line": "rundll32 \"C:\\Program Files (x86)\\Common Files\\Services\\iThemes.dll\",fnde_svr",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "rundll32.exe",
"name_parent": "rundll32.exe",
"pid": 1152,
"path": "C:\\Windows\\SysWOW64\\rundll32.exe",
"command_line": "rundll32 \"C:\\Program Files (x86)\\Common Files\\Services\\iThemes.dll\",fnde_svr",
"pid_parent": 1132,
"path_parent": "C:\\Windows\\System32\\rundll32.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1292,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "nvxdsync.exe",
"name_parent": "nvvsvc.exe",
"pid": 1392,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe\"",
"pid_parent": 908,
"path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
},
{
"name": "nvvsvc.exe",
"name_parent": "nvvsvc.exe",
"pid": 1400,
"path": "C:\\Windows\\System32\\nvvsvc.exe",
"command_line": "C:\\Windows\\system32\\nvvsvc.exe -session -first",
"pid_parent": 908,
"path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
},
{
"name": "spoolsv.exe",
"name_parent": "services.exe",
"pid": 1468,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\Windows\\System32\\spoolsv.exe",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1528,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "armsvc.exe",
"name_parent": "services.exe",
"pid": 1732,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "AdobeUpdateService.exe",
"name_parent": "services.exe",
"pid": 1760,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "taskhost.exe",
"name_parent": "services.exe",
"pid": 1840,
"path": "C:\\Windows\\System32\\taskhost.exe",
"command_line": "\"taskhost.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "AGSService.exe",
"name_parent": "services.exe",
"pid": 1888,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "avp.exe",
"name_parent": "services.exe",
"pid": 1960,
"path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe",
"command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe\" -r",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "dwm.exe",
"name_parent": "svchost.exe",
"pid": 1976,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"C:\\Windows\\system32\\Dwm.exe\"",
"pid_parent": 540,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 1984,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\Windows\\Explorer.EXE",
"pid_parent": 1900,
"path_parent": ""
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 2012,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {0A64AA2A-F7EB-4A69-AC75-04D59B27AD66}",
"pid_parent": 792,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "ggdllhost.exe",
"name_parent": "taskeng.exe",
"pid": 1572,
"path": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe",
"command_line": "\"C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe\" \"C:\\Program Files (x86)\\Garena Plus\\ggspawn.dll\",rundll_entry",
"pid_parent": 2012,
"path_parent": "C:\\Windows\\System32\\taskeng.exe"
},
{
"name": "HD-LogRotatorService.exe",
"name_parent": "services.exe",
"pid": 1616,
"path": "C:\\Program Files (x86)\\BlueStacks\\HD-LogRotatorService.exe",
"command_line": "\"C:\\Program Files (x86)\\BlueStacks\\HD-LogRotatorService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "ggdllhost.exe",
"name_parent": "ggdllhost.exe",
"pid": 1708,
"path": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe",
"command_line": "\"C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe\" \"C:\\Program Files (x86)\\Garena Plus\\ggspawn.dll\",rundll_entry -mmah",
"pid_parent": 1572,
"path_parent": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe"
},
{
"name": "HD-UpdaterService.exe",
"name_parent": "services.exe",
"pid": 2168,
"path": "C:\\Program Files (x86)\\BlueStacks\\HD-UpdaterService.exe",
"command_line": "\"C:\\Program Files (x86)\\BlueStacks\\HD-UpdaterService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "GfExperienceService.exe",
"name_parent": "services.exe",
"pid": 2348,
"path": "C:\\Program Files\\NVIDIA Corporation\\GeForce Experience Service\\GfExperienceService.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\GeForce Experience Service\\GfExperienceService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2380,
"path": "C:\\Windows\\SysWOW64\\svchost.exe",
"command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k hpdevmgmt",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "HeciServer.exe",
"name_parent": "services.exe",
"pid": 2444,
"path": "C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe",
"command_line": "\"C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "MaConfigAgent.exe",
"name_parent": "services.exe",
"pid": 2564,
"path": "C:\\Program Files\\ma-config.com\\MaConfigAgent.exe",
"command_line": "\"C:\\Program Files\\ma-config.com\\MaConfigAgent.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2740,
"path": "C:\\Windows\\SysWOW64\\svchost.exe",
"command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k Mihethoderly",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2760,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k HPZ12",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "RAVCpl64.exe",
"name_parent": "explorer.exe",
"pid": 2320,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "NvNetworkService.exe",
"name_parent": "services.exe",
"pid": 1784,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "nvstreamsvc.exe",
"name_parent": "services.exe",
"pid": 2272,
"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2824,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k HPZ12",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "NvBackend.exe",
"name_parent": "explorer.exe",
"pid": 3068,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\" ",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "BleServicesCtrl.exe",
"name_parent": "explorer.exe",
"pid": 1656,
"path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe\" ",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "rundll32.exe",
"name_parent": "explorer.exe",
"pid": 2812,
"path": "C:\\Windows\\System32\\rundll32.exe",
"command_line": "\"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Program Files (x86)\\Intel\\Bluetooth\\btmshellex.dll\",TrayApp",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "IDMan.exe",
"name_parent": "explorer.exe",
"pid": 2500,
"path": "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe",
"command_line": "\"C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe\" /onboot",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2652,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "TeamViewer_Service.exe",
"name_parent": "services.exe",
"pid": 2308,
"path": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
"command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "NvStreamNetworkService.exe",
"name_parent": "nvstreamsvc.exe",
"pid": 3428,
"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamNetworkService.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamNetworkService.exe\" e3c27918-175c-4106-9296-8e1c546e5c07 1",
"pid_parent": 2272,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe"
},
{
"name": "conhost.exe",
"name_parent": "csrss.exe",
"pid": 3436,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
"pid_parent": 548,
"path_parent": "C:\\Windows\\System32\\csrss.exe"
},
{
"name": "nvstreamsvc.exe",
"name_parent": "nvstreamsvc.exe",
"pid": 3444,
"path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe",
"command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe\" serviceapp",
"pid_parent": 2272,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe"
},
{
"name": "conhost.exe",
"name_parent": "csrss.exe",
"pid": 3456,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
"pid_parent": 636,
"path_parent": "C:\\Windows\\System32\\csrss.exe"
},
{
"name": "nvtray.exe",
"name_parent": "nvxdsync.exe",
"pid": 3740,
"path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe",
"command_line": "\"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe\" -user_has_logged_in 1",
"pid_parent": 1392,
"path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe"
},
{
"name": "UploaderService.exe",
"name_parent": "services.exe",
"pid": 3768,
"path": "C:\\Program Files (x86)\\Common Files\\TechSmith Shared\\Uploader\\UploaderService.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\TechSmith Shared\\Uploader\\UploaderService.exe\" /service",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "avpui.exe",
"name_parent": "avp.exe",
"pid": 3996,
"path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avpui.exe",
"command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avpui.exe\" -hidden",
"pid_parent": 1960,
"path_parent": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe"
},
{
"name": "WLIDSVC.EXE",
"name_parent": "services.exe",
"pid": 1192,
"path": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE",
"command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "CodeMeter.exe",
"name_parent": "services.exe",
"pid": 3800,
"path": "C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe",
"command_line": "\"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "WLIDSVCM.EXE",
"name_parent": "WLIDSVC.EXE",
"pid": 3024,
"path": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVCM.EXE",
"command_line": "WLIDSvcM.exe 1192",
"pid_parent": 1192,
"path_parent": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 4232,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "SearchIndexer.exe",
"name_parent": "services.exe",
"pid": 4292,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\Windows\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 4776,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "devmonsrv.exe",
"name_parent": "services.exe",
"pid": 2548,
"path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "obexsrv.exe",
"name_parent": "services.exe",
"pid": 5140,
"path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "mediasrv.exe",
"name_parent": "services.exe",
"pid": 5180,
"path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "btplayerctrl.exe",
"name_parent": "svchost.exe",
"pid": 5676,
"path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\BTPlayerCtrl.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\BTPlayerCtrl.exe\" -Embedding",
"pid_parent": 840,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "chrome.exe",
"name_parent": "explorer.exe",
"pid": 6060,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" ",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 6076,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler /prefetch:7 \"--database=C:\\Users\\space\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x7c",
"pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "msiexec.exe",
"name_parent": "svchost.exe",
"pid": 3248,
"path": "C:\\Windows\\SysWOW64\\msiexec.exe",
"command_line": "\"C:\\Windows\\System32\\msiexec.exe\" /i \"C:\\Program Files (x86)\\Cluneghtmernersh\\_ALLOWDEL_1d49c\\amuleins.msi\" ",
"pid_parent": 2740,
"path_parent": "C:\\Windows\\SysWOW64\\svchost.exe"
},
{
"name": "msiexec.exe",
"name_parent": "services.exe",
"pid": 1768,
"path": "C:\\Windows\\System32\\msiexec.exe",
"command_line": "C:\\Windows\\system32\\msiexec.exe /V",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 4736,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 6140,
"path": "C:\\Windows\\SysWOW64\\svchost.exe",
"command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k WinSAPSvc",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 6000,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 3416,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 1452,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2292,
"path": "C:\\Windows\\SysWOW64\\svchost.exe",
"command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k ArcherGroupEx",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "cmd.exe",
"name_parent": "chrome.exe",
"pid": 2980,
"path": "C:\\Windows\\System32\\cmd.exe",
"command_line": "C:\\Windows\\system32\\cmd.exe /c \"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe\" --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/ < \\\\.\\pipe\\chrome.nativeMessaging.in.2bd2de9a557ccc4a > \\\\.\\pipe\\chrome.nativeMessaging.out.2bd2de9a557ccc4a",
"pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "conhost.exe",
"name_parent": "csrss.exe",
"pid": 2632,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
"pid_parent": 636,
"path_parent": "C:\\Windows\\System32\\csrss.exe"
},
{
"name": "plugin-nm-server.exe",
"name_parent": "cmd.exe",
"pid": 4876,
"path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe",
"command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe\" --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/ ",
"pid_parent": 2980,
"path_parent": "C:\\Windows\\System32\\cmd.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 1124,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "chrome.exe",
"name_parent": "chrome.exe",
"pid": 4828,
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo "pid_parent": 6060,
"path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
},
{
"name": "Jhi_service.exe",
"name_parent": "services.exe",
"pid": 3540,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "LMS.exe",
"name_parent": "services.exe",
"pid": 3320,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe\"",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1164,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k secsvcs",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2412,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k SDRSVC",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "rundll32.exe",
"name_parent": "services.exe",
"pid": 4068,
"path": "C:\\Windows\\System32\\rundll32.exe",
"command_line": "C:\\Windows\\system32\\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy",
"pid_parent": 676,
"path_parent": "C:\\Windows\\System32\\services.exe"
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 4648,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 840,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 5896,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {A5A3C2A2-01D6-44BB-B629-69C0005AB522}",
"pid_parent": 792,
"path_parent": "C:\\Windows\\System32\\svchost.exe"
},
{
"name": "AdobeGCClient.exe",
"name_parent": "",
"pid": 816,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AdobeGCClient.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AdobeGCClient.exe\" --xmlFilePath=\"C:\\Users\\space\\AppData\\Local\\Temp\\adobegc_a03080\" --workflowInitiator=CSUpdater --xmlFilePath2=\"C:\\Users\\Public\\Documents\\AdobeGC\\adobegc_a03080\"",
"pid_parent": 4920,
"path_parent": ""
},
{
"name": "rads_user_kernel.exe",
"name_parent": "",
"pid": 2200,
"path": "C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe",
"command_line": "\"C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe\" updateandrun lol_launcher LoLLauncher.exe",
"pid_parent": 5784,
"path_parent": ""
},
{
"name": "LoLLauncher.exe",
"name_parent": "rads_user_kernel.exe",
"pid": 2092,
"path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_launcher\\releases\\0.0.1.34\\deploy\\LoLLauncher.exe",
"command_line": "LoLLauncher.exe ",
"pid_parent": 2200,
"path_parent": "C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe"
},
{
"name": "LoLPatcher.exe",
"name_parent": "LoLLauncher.exe",
"pid": 5380,
"path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcher.exe",
"command_line": "\"C:/Riot Games/League of Legends/RADS/projects/lol_patcher/releases/0.0.0.74/deploy/LoLPatcher.exe\" \"\"",
"pid_parent": 2092,
"path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_launcher\\releases\\0.0.1.34\\deploy\\LoLLauncher.exe"
},
{
"name": "LoLPatcherUx.exe",
"name_parent": "LoLPatcher.exe",
"pid": 1448,
"path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe",
"command_line": "\"C:/Riot Games/League of Legends/RADS/projects/lol_patcher/releases/0.0.0.74/deploy/LoLPatcherUx.exe\" \"\" \"--force-device-scale-factor=1\" \"--use-http\" \"--remoting-auth-token=InXQk_4GcGuCPBdLc1ZVrQ\" \"--rads-product-directory=C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\" \"--app-port=49499\" \"--install-directory=C:/Riot Games/League of Legends/\" \"--app-name=LoLPatcher\" \"--ux-name=LoLPatcherUx\" \"--ux-helper-name=\" \"--log-dir=Patcher Logs\" \"--bugsplat-name=\" \"--project=\" \"--app-log-file-path=C:/Riot Games/League of Legends/Logs/Patcher Logs/2016-12-07T18-36-20_LoLPatcher.log\" \"--disable-spell-checking\" \"--no-displaying-insecure-content\" \"--app-pid=5380\"",
"pid_parent": 5380,
"path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcher.exe"
},
{
"name": "LoLPatcherUx.exe",
"name_parent": "LoLPatcherUx.exe",
"pid": 1036,
"path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe",
"command_line": "\"C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe\" --type=renderer --force-device-scale-factor=1 --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --disable-spell-checking --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel=\"1448.1.89388757\\88509977\" --app-name=LoLPatcher --ux-name=LoLPatcherUx --ux-helper-name --log-dir=\"Patcher Logs\" --bugsplat-name --project=Release --app-port=49499 --remoting-auth-token=InXQk_4GcGuCPBdLc1ZVrQ /prefetch:673131151",
"pid_parent": 1448,
"path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe"
},
{
"name": "RogueKiller.exe",
"name_parent": "explorer.exe",
"pid": 2688,
"path": "C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe",
"command_line": "\"C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe\" ",
"pid_parent": 1984,
"path_parent": "C:\\Windows\\explorer.exe"
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [
{
"scan_what": 0,
"scan_how": [
1,
2,
3
],
"vendors": [
"Suspicious.Path"
],
"name": "gkernel",
"path": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"file_status": "[x]",
"file_exists": false,
"file_signed": false,
"file_signer": "",
"file_vtscore": -1,
"status_str": "ERROR [41c]",
"status_choice": 2,
"status_removed": 1
}
],
"registry": [
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 256,
"value": "Windows Update Installer",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
"path_compressed": "%APPDATA%\\WindowsUpdate\\Updater.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 256,
"value": "Gosesk",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
"path_compressed": "%APPDATA%\\Microsoft\\Windows\\Gosesk.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 256,
"value": "Windows Live Installer",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
"path_compressed": "%APPDATA%\\WindowsUpdate\\Live.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 5
},
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 512,
"value": "Windows Update Installer",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
"value_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
"path_compressed": "%APPDATA%\\WindowsUpdate\\Updater.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "ERROR [2]",
"status_choice": 2,
"status_removed": 1
},
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 512,
"value": "Gosesk",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
"value_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
"path_compressed": "%APPDATA%\\Microsoft\\Windows\\Gosesk.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "ERROR [2]",
"status_choice": 2,
"status_removed": 1
},
{
"scan_what": 1,
"scan_how": [
5,
6,
7
],
"scan_how_trigger": 7,
"vendors": [
"Suspicious.Path"
],
"rule_name": "RUN",
"view": 512,
"value": "Windows Live Installer",
"subkey": "",
"value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
"value_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
"path_compressed": "%APPDATA%\\WindowsUpdate\\Live.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "ERROR [2]",
"status_choice": 2,
"status_removed": 1
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "gkernel",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services",
"extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"path_compressed": "%localappdata%\\Temp\\gkernel.sys",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 3
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "gkernel",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
"extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"path_compressed": "%localappdata%\\Temp\\gkernel.sys",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 3
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "gkernel",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services",
"extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
"path_compressed": "%localappdata%\\Temp\\gkernel.sys",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Supprimé(e)",
"status_choice": 2,
"status_removed": 3
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Start Page",
"subkey": "",
"value_old_data": "",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Start Page",
"subkey": "",
"value_old_data": "",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.SearchPage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Search Page",
"subkey": "",
"value_old_data": "",
"value_data": "http://go.microsoft.com/fwlink/?LinkId=54896",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.SearchPage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Search Page",
"subkey": "",
"value_old_data": "",
"value_data": "http://go.microsoft.com/fwlink/?LinkId=54896",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.SearchPage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Search_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.SearchPage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Search_URL",
"subkey": "",
"value_old_data": "",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
8
],
"scan_how_trigger": 8,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 256,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "0",
"value_data": "2",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (2)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
8
],
"scan_how_trigger": 8,
"vendors": [
"PUM.Policies"
],
"rule_name": "Policies",
"view": 512,
"value": "ConsentPromptBehaviorAdmin",
"subkey": "",
"value_old_data": "0",
"value_data": "2",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Remplacé(e) (2)",
"status_choice": 2,
"status_removed": 6
}
],
"tasks": [],
"filesystem": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": false,
"driver_error": 3221226347,
"results": []
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST3750640NS ATA Device +++++\n--- User ---\n[MBR] d54850191bafc943eb77d44e64d01593\n[BSP] 3cfc57663abb2195f66e045b394cdbf0 : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 2470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 5060475 | Size: 343828 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 709221555 | Size: 369102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}