RogueKiller V12.9.6.0 [Jan 30 2017] (Premium) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : CyberAbdo [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Delete -- Date : 01/30/2017 16:43:32 (Duration : 00:40:59) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 13 ¤¤¤ [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll) -> Deleted [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58} (C:\Users\CyberAbdo\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll) -> Deleted [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Deleted [PUP.Gen1] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\csastats -> Deleted [PUP.Gen1] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\Pokki -> Deleted [PUP.Gen1] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\ProductSetup -> Deleted [PUP.Gen1] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper -> Deleted [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll) -> Deleted [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Deleted [Suspicious.Path] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\Microsoft\Windows\CurrentVersion\Run | SysinfYhX : C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfYhX.db [x][x][x] -> Deleted [Suspicious.Path] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : explorer.exe,C:\Users\CyberAbdo\AppData\Roaming\WindowsUpdate\mobsync.exe [x] -> Deleted [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2) [PUM.StartMenu] HKEY_USERS\S-1-5-21-1119879957-2025897805-3966961949-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Gen0|PUP.Gen1][Folder] C:\Users\CyberAbdo\AppData\Local\Pokki -> Deleted [PUP.Gen0|PUP.Gen1][File] C:\Users\CyberAbdo\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll -> Deleted [PUP.Gen0|PUP.Gen1][File] C:\Users\CyberAbdo\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe -> Deleted [PUP.Gen0|PUP.Gen1][Folder] C:\Users\CyberAbdo\AppData\Local\Pokki\Download Helper -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] f53939b911ff558ef69eaee1beb5e3fa [BSP] 6ec4f645c50fa1e9b6704eced832cf7f : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 90 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 186368 | Size: 244593 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 501112832 | Size: 232256 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )