RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : giyomu [Administrator] Started from : C:\Users\giyomu\Desktop\ah.exe Mode : Scan -- Date : 11/17/2016 20:17:37 (Duration : 00:12:41) ¤¤¤ Processes : 1 ¤¤¤ [Proc.Injected] Itunes.exe(8008) -- C:\Users\giyomu\Documents\Itunes.exe[-] -> Found ¤¤¤ Registry : 10 ¤¤¤ [Hj.Name|Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\Software\Microsoft\Windows\CurrentVersion\Run | explorer.exe : C:\Users\giyomu\AppData\Roaming\explorer.exe [-] -> Found [Hj.Name|Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\Software\Microsoft\Windows\CurrentVersion\Run | explorer.exe : C:\Users\giyomu\AppData\Roaming\explorer.exe [-] -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://gmail.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://gmail.com/ -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.119.40.1 ([]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1b7137d0-5ff3-4f1b-a5de-39d5be26c8da} | DhcpNameServer : 10.119.40.1 ([]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ae702ac-d988-47e2-8f79-c099dcffb9c3} | DhcpNameServer : 10.13.0.1 ([]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7fe98acd-2243-4d83-8e93-0a2828de5396} | DhcpNameServer : 10.5.0.1 ([]) -> Found [Hj.Name|Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{ACE0649F-EDBC-D6DA-DFFC-AAD3ECDDCDAD} | StubPath : C:\Users\giyomu\AppData\Roaming\explorer.exe [-] -> Found [Hj.Name|Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4122877414-3997298003-4144928055-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{ACE0649F-EDBC-D6DA-DFFC-AAD3ECDDCDAD} | StubPath : C:\Users\giyomu\AppData\Roaming\explorer.exe [-] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [Hj.Name][File] C:\Users\giyomu\AppData\Roaming\explorer.exe -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google.fr_] -> Found [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++ --- User --- [MBR] c1bedd1930dde08a3983822b4540498a [BSP] 5bc2146e88e24ce1f3fa7679636557dc : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 237973 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 +++++ --- User --- [MBR] c505b2ee81229776b333336dbc5b3105 [BSP] 2c32cd10bcf021a758f26552359aae68 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK