RogueKiller V12.7.5.0 (x64) [Oct 31 2016] (Premium) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : JAOUDHBOUB [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 11/04/2016 21:02:17 (Duration : 00:57:11) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤ [PUP] (X64) HKEY_CLASSES_ROOT\metnsd -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Found [PUP] (X64) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\APN PIP -> Found [PUP] (X64) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\PIP -> Found [PUP] (X86) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\APN PIP -> Found [PUP] (X86) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\PIP -> Found [PUP] (X64) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer -> Found [PUP] (X86) HKEY_USERS\S-1-12-1-1227376218-1127487552-3009783178-2957316744\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5911B1F3-1AF3-4D74-B362-E3A5402092E0} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQPlayer\QQDeskUpdate.exe|Name=QQPlayerUpdate| [7] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {870FE759-5B48-439B-AA79-2D7214E9D8CA} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQPlayer\QQDeskUpdate.exe|Name=QQPlayerUpdate| [7] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {947BC5B1-640A-446B-8117-9050B38DEFF3} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe|Name=QQPlayer| [7] -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F63CC78-CD0F-42A7-8074-E61A5930E1F2} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Tencent\QQPlayer\QPToolbox.exe|Name=QPToolBox|Desc=QPToolBox|EmbedCtxt=QPToolBox| [7] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 7 ¤¤¤ [Hj.Name][File] C:\$SysReset\Scratch\csrss.exe -> Found [PUP][Folder] C:\ProgramData\Tencent -> Found [PUP][File] C:\Users\JAOUDHBOUB\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.bahaty.com/red/i.php -> Found [PUP][File] C:\Users\JAOUDHBOUB\Desktop\QQ??.lnk [LNK@] C:\PROGRA~2\Tencent\QQPlayer\QQPlayer.exe -> Found [PUP][Folder] C:\Users\JAOUDHBOUB\AppData\Roaming\Tencent -> Found [PUP][Folder] C:\ProgramData\Tencent -> Found [PUP][Folder] C:\Program Files (x86)\Tencent -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUP][CHROME:Addon] Default : Alexa Traffic Rank [cknebhggccemgcnbidipinkifmmegdel] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: LITEONIT LCS-128M6S 2.5 7mm 128GB +++++ --- User --- [MBR] a870a5887d0dfc8dd6748ecf859be057 [BSP] 6b7fa7baa97d7d0c03d7a241b50c7830 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 121603 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA USB FLASH DRIVE USB Device +++++ --- User --- [MBR] 7f19c3a5e66dc8d50aa0b982df55da0d [BSP] 46da370ee715b7b3df2114b48f473394 : Legit.Unknown MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7441 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive2: Kingston DataTraveler 2.0 USB Device +++++ --- User --- [MBR] 7d778ef742e7ed5771c4e4cefc6b20ce [BSP] 73f182b332449b82f0699b9fabd24d14 : Legit.Unknown MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 14880 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )