{"header": {"program": {"project": "RogueKiller Anti-Malware", "version": "14.8.6.0", "x64": true, "date": "Mar 24 2021", "contact": "https://adlice.com/contact/", "website": "https://adlice.com/download/roguekiller/"}, "environment": {"operating_system": "Windows 10 (10.0.19041) 64 bits", "boot": 0, "winpe": false, "user": "frity", "user_admin": true, "program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe", "x64": true, "licensing": "free"}, "report": {"type": 1, "aborted": false, "date": "2021/05/15 18:20:15", "duration": 387, "count": 1, "scanned_count": 71103, "scan_mode": "standard", "signatures_version": "20210512_094316", "log_legit": false, "expert_mode": false, "truesight_loaded": true, "switches": ["-minimize"], "id": "1137CF5D652684F6"}}, "warnings": [], "results": {"processes": [{"name": "[System Process]", "pid": 0, "children": []}, {"name": "System", "pid": 4, "children": [{"name": "smss.exe", "pid": 460, "children": []}, {"name": "Memory Compression", "pid": 2544, "children": []}]}, {"name": "Registry", "pid": 124, "children": []}, {"name": "csrss.exe", "pid": 688, "children": []}, {"name": "wininit.exe", "pid": 788, "children": [{"name": "fontdrvhost.exe", "pid": 520, "children": []}, {"name": "services.exe", "pid": 860, "children": [{"name": "svchost.exe", "pid": 712, "children": [{"name": "UserOOBEBroker.exe", "pid": 2152, "children": []}, {"name": "CompPkgSrv.exe", "pid": 2692, "children": []}, {"name": "RuntimeBroker.exe", "pid": 3256, "children": []}, {"name": "explorer.exe", "pid": 4904, "children": []}, {"name": "WmiPrvSE.exe", "pid": 5500, "children": []}, {"name": "ApplicationFrameHost.exe", "pid": 6508, "children": []}, {"name": "dllhost.exe", "pid": 6844, "children": []}, {"name": "SearchApp.exe", "pid": 6932, "children": []}, {"name": "StartMenuExperienceHost.exe", "pid": 7152, "children": []}, {"name": "RuntimeBroker.exe", "pid": 7832, "children": []}, {"name": "RuntimeBroker.exe", "pid": 8056, "children": []}, {"name": "RuntimeBroker.exe", "pid": 8212, "children": []}, {"name": "SettingSyncHost.exe", "pid": 8300, "children": []}, {"name": "RuntimeBroker.exe", "pid": 8436, "children": []}, {"name": "ShellExperienceHost.exe", "pid": 8656, "children": []}, {"name": "YourPhone.exe", "pid": 8948, "children": []}, {"name": "TextInputHost.exe", "pid": 9180, "children": []}, {"name": "RuntimeBroker.exe", "pid": 9548, "children": []}, {"name": "smartscreen.exe", "pid": 9692, "children": []}, {"name": "SystemSettings.exe", "pid": 10708, "children": []}, {"name": "Video.UI.exe", "pid": 11892, "children": []}, {"name": "WinStore.App.exe", "pid": 12652, "children": []}]}, {"name": "NisSrv.exe", "pid": 868, "children": []}, {"name": "WUDFHost.exe", "pid": 1008, "children": []}, {"name": "svchost.exe", "pid": 1132, "children": []}, {"name": "svchost.exe", "pid": 1188, "children": []}, {"name": "svchost.exe", "pid": 1360, "children": []}, {"name": "svchost.exe", "pid": 1368, "children": []}, {"name": "svchost.exe", "pid": 1376, "children": []}, {"name": "svchost.exe", "pid": 1448, "children": []}, {"name": "svchost.exe", "pid": 1456, "children": []}, {"name": "svchost.exe", "pid": 1464, "children": []}, {"name": "svchost.exe", "pid": 1608, "children": []}, {"name": "svchost.exe", "pid": 1652, "children": [{"name": "taskhostw.exe", "pid": 6984, "children": []}]}, {"name": "svchost.exe", "pid": 1708, "children": []}, {"name": "svchost.exe", "pid": 1764, "children": []}, {"name": "svchost.exe", "pid": 1772, "children": []}, {"name": "svchost.exe", "pid": 1984, "children": [{"name": "sihost.exe", "pid": 6896, "children": []}]}, {"name": "svchost.exe", "pid": 2032, "children": []}, {"name": "svchost.exe", "pid": 2056, "children": []}, {"name": "NVDisplay.Container.exe", "pid": 2136, "children": [{"name": "NVDisplay.Container.exe", "pid": 2672, "children": []}]}, {"name": "svchost.exe", "pid": 2192, "children": []}, {"name": "svchost.exe", "pid": 2220, "children": []}, {"name": "svchost.exe", "pid": 2256, "children": []}, {"name": "svchost.exe", "pid": 2276, "children": []}, {"name": "svchost.exe", "pid": 2328, "children": []}, {"name": "svchost.exe", "pid": 2336, "children": []}, {"name": "svchost.exe", "pid": 2344, "children": []}, {"name": "svchost.exe", "pid": 2384, "children": []}, {"name": "svchost.exe", "pid": 2420, "children": []}, {"name": "svchost.exe", "pid": 2436, "children": []}, {"name": "svchost.exe", "pid": 2484, "children": []}, {"name": "svchost.exe", "pid": 2496, "children": []}, {"name": "svchost.exe", "pid": 2596, "children": []}, {"name": "igfxCUIService.exe", "pid": 2704, "children": []}, {"name": "svchost.exe", "pid": 2716, "children": []}, {"name": "svchost.exe", "pid": 2764, "children": []}, {"name": "svchost.exe", "pid": 2772, "children": []}, {"name": "svchost.exe", "pid": 2944, "children": [{"name": "audiodg.exe", "pid": 5696, "children": []}]}, {"name": "svchost.exe", "pid": 3100, "children": []}, {"name": "svchost.exe", "pid": 3220, "children": []}, {"name": "svchost.exe", "pid": 3320, "children": []}, {"name": "PresentationFontCache.exe", "pid": 3380, "children": []}, {"name": "svchost.exe", "pid": 3428, "children": []}, {"name": "spoolsv.exe", "pid": 3524, "children": []}, {"name": "svchost.exe", "pid": 3584, "children": []}, {"name": "svchost.exe", "pid": 3616, "children": []}, {"name": "svchost.exe", "pid": 3692, "children": []}, {"name": "svchost.exe", "pid": 3848, "children": []}, {"name": "AdminService.exe", "pid": 3856, "children": []}, {"name": "IntelCpHDCPSvc.exe", "pid": 3872, "children": []}, {"name": "svchost.exe", "pid": 3892, "children": []}, {"name": "svchost.exe", "pid": 3904, "children": []}, {"name": "armsvc.exe", "pid": 3920, "children": []}, {"name": "svchost.exe", "pid": 3928, "children": []}, {"name": "svchost.exe", "pid": 3940, "children": []}, {"name": "svchost.exe", "pid": 3956, "children": []}, {"name": "svchost.exe", "pid": 3984, "children": []}, {"name": "svchost.exe", "pid": 3996, "children": []}, {"name": "NortonSecurity.exe", "pid": 4004, "children": []}, {"name": "svchost.exe", "pid": 4032, "children": []}, {"name": "nsWscSvc.exe", "pid": 4040, "children": []}, {"name": "NvTelemetryContainer.exe", "pid": 4048, "children": []}, {"name": "MsMpEng.exe", "pid": 4076, "children": []}, {"name": "WildTangentHelperService.exe", "pid": 4088, "children": []}, {"name": "svchost.exe", "pid": 4136, "children": []}, {"name": "svchost.exe", "pid": 4180, "children": []}, {"name": "svchost.exe", "pid": 4324, "children": []}, {"name": "svchost.exe", "pid": 4332, "children": []}, {"name": "MBAMService.exe", "pid": 4380, "children": [{"name": "mbamtray.exe", "pid": 6760, "children": []}]}, {"name": "IntelCpHeciSvc.exe", "pid": 4420, "children": []}, {"name": "svchost.exe", "pid": 4428, "children": []}, {"name": "svchost.exe", "pid": 4664, "children": []}, {"name": "svchost.exe", "pid": 6232, "children": []}, {"name": "svchost.exe", "pid": 6408, "children": []}, {"name": "svchost.exe", "pid": 6424, "children": []}, {"name": "SearchIndexer.exe", "pid": 7060, "children": [{"name": "SearchProtocolHost.exe", "pid": 1724, "children": []}, {"name": "SearchFilterHost.exe", "pid": 2480, "children": []}]}, {"name": "svchost.exe", "pid": 7148, "children": []}, {"name": "svchost.exe", "pid": 7180, "children": [{"name": "ctfmon.exe", "pid": 7256, "children": []}]}, {"name": "svchost.exe", "pid": 7236, "children": []}, {"name": "svchost.exe", "pid": 7592, "children": []}, {"name": "svchost.exe", "pid": 7704, "children": []}, {"name": "svchost.exe", "pid": 7856, "children": []}, {"name": "svchost.exe", "pid": 8736, "children": []}, {"name": "svchost.exe", "pid": 9736, "children": []}, {"name": "svchost.exe", "pid": 9744, "children": [{"name": "CompatTelRunner.exe", "pid": 856, "children": [{"name": "conhost.exe", "pid": 3724, "children": []}]}]}, {"name": "svchost.exe", "pid": 9800, "children": []}, {"name": "svchost.exe", "pid": 10380, "children": []}, {"name": "SecurityHealthService.exe", "pid": 10588, "children": []}, {"name": "RogueKillerSvc.exe", "pid": 10784, "children": [{"name": "RogueKiller64.exe", "pid": 1576, "children": []}]}, {"name": "jhi_service.exe", "pid": 12340, "children": []}, {"name": "LMS.exe", "pid": 12456, "children": []}, {"name": "SgrmBroker.exe", "pid": 12712, "children": []}]}, {"name": "lsass.exe", "pid": 880, "children": []}]}, {"name": "csrss.exe", "pid": 796, "children": []}, {"name": "winlogon.exe", "pid": 952, "children": [{"name": "fontdrvhost.exe", "pid": 1032, "children": []}, {"name": "dwm.exe", "pid": 1248, "children": []}]}, {"name": "GoogleUpdate.exe", "pid": 5712, "children": []}, {"name": "explorer.exe", "pid": 7504, "children": [{"name": "SecurityHealthSystray.exe", "pid": 10488, "children": []}, {"name": "OneDrive.exe", "pid": 11056, "children": []}, {"name": "RAVBg64.exe", "pid": 11092, "children": []}, {"name": "RAVCpl64.exe", "pid": 11244, "children": []}]}, {"name": "igfxEM.exe", "pid": 7548, "children": []}, {"name": "firefox.exe", "pid": 9812, "children": [{"name": "plugin-container.exe", "pid": 1296, "children": []}, {"name": "firefox.exe", "pid": 1636, "children": []}, {"name": "firefox.exe", "pid": 2004, "children": []}, {"name": "firefox.exe", "pid": 4748, "children": []}, {"name": "firefox.exe", "pid": 7300, "children": []}, {"name": "firefox.exe", "pid": 8464, "children": []}, {"name": "firefox.exe", "pid": 8768, "children": []}, {"name": "firefox.exe", "pid": 9992, "children": []}, {"name": "firefox.exe", "pid": 10444, "children": []}, {"name": "firefox.exe", "pid": 10776, "children": []}, {"name": "firefox.exe", "pid": 10940, "children": []}, {"name": "firefox.exe", "pid": 11400, "children": []}, {"name": "firefox.exe", "pid": 12632, "children": []}]}, {"name": "MicrosoftEdgeUpdate.exe", "pid": 10316, "children": []}, {"name": "CCleaner64.exe", "pid": 11840, "children": []}, {"name": "hpwuschd2.exe", "pid": 12064, "children": []}, {"name": "WD Discovery.exe", "pid": 12136, "children": [{"name": "WD Discovery.exe", "pid": 6512, "children": []}, {"name": "WD Discovery.exe", "pid": 12748, "children": []}, {"name": "cmd.exe", "pid": 12796, "children": [{"name": "conhost.exe", "pid": 12384, "children": []}, {"name": "kdd.exe", "pid": 13248, "children": [{"name": "wdsync.exe", "pid": 9400, "children": [{"name": "conhost.exe", "pid": 12292, "children": []}]}, {"name": "kdd", "pid": 10916, "children": [{"name": "conhost.exe", "pid": 1916, "children": []}]}]}]}, {"name": "WD Discovery.exe", "pid": 12932, "children": []}]}, {"name": "WDDiscoveryMonitor.exe", "pid": 12892, "children": []}], "modules": [], "services": [], "tasks": [], "registry": [], "wmi": [], "hosts": {"is_too_big": false, "hosts_file_path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "lines": []}, "filesystem": [{"scan_what": 1, "scan_how": [1, 2, 3, 4], "vendors": ["PUP.Avanquest"], "type": 2, "name": "PC HelpSoft Driver Updater", "path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\PC HelpSoft Driver Updater", "target": "", "path_compressed": "%programdata%\\Microsoft\\Windows\\Start Menu\\Programs\\PC HelpSoft Driver Updater", "file_md5": "", "file_sha356": "", "target_params": "", "file_exists": false, "file_signed": false, "file_signer": "", "file_vtscore": -1, "file_vttotal": 0, "is_malicious": true, "detection_level": 3, "status_str": "Trouvé(e)", "status_choice": 2, "status_removal": 0, "malpe_score": -1.0, "id": 0}], "web_browsers": [], "antirootkit": {"is_driver_loaded": true, "driver_error": 1, "results": []}}}