RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Premium) بواسطة برنامج Adlice البريد الإلكتروني : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com الموقع : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com نظام التشغيل : Windows 7 (6.1.7601 Service Pack 1) 64 bits version يبدأ في : الوضع الطبيعي المستخدم : sk [مسؤول] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe الوضع : فحص -- اليوم : 02/01/2017 22:47:45 (Duration : 00:19:23) ¤¤¤ العملية : 2 ¤¤¤ [VT.PUP.Optional.EmployeeMonitor] NLSAgentSvc.exe(1088) -- C:\Program Files (x86)\Net Monitor for Employees Pro\bin\NLSAgentSvc.exe[7] -> ??? [VT.W32.HfsAdware.A934] NLSupervisorPro.exe(4884) -- C:\Program Files (x86)\Net Monitor for Employees Pro\bin\NLSupervisorPro.exe[7] -> ??? ¤¤¤ المسجل : 26 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\Mobogenie -> ??? [PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\Mobogenie -> ??? [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\IM -> ??? [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\ProductSetup -> ??? [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\Torch -> ??? [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\IM -> ??? [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\ProductSetup -> ??? [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1118053748-3941602973-2339576242-1000\Software\Torch -> ??? [PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\Mobogenie -> ??? [PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\Mobogenie -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OVPNService ("C:\Users\sk\AppData\Local\TotalVPN\OVPN.Service.exe") -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OVPNService ("C:\Users\sk\AppData\Local\TotalVPN\OVPN.Service.exe") -> ??? [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> ??? [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> ??? [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4B5B2A62-4D66-4795-9084-6D39E16F51CE} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> ??? [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4B5B2A62-4D66-4795-9084-6D39E16F51CE} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{9260C696-C811-4C3D-9D80-F8BD700F1201}C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe|Name=lanlaunch.exe|Desc=lanlaunch.exe|Defer=User| [x] -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C707D6F8-91F0-485D-B8FC-1CA8DEEA67DF}C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe|Name=lanlaunch.exe|Desc=lanlaunch.exe|Defer=User| [x] -> ??? [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {85AC8BCF-954D-493B-A3FE-DB355588EF3D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe|Name=downloader| [x] -> ??? [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {699B2E40-3C4B-4E97-871F-82FDDE1EED25} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe|Name=downloader| [x] -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{9260C696-C811-4C3D-9D80-F8BD700F1201}C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe|Name=lanlaunch.exe|Desc=lanlaunch.exe|Defer=User| [x] -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C707D6F8-91F0-485D-B8FC-1CA8DEEA67DF}C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\sk\appdata\local\temp\rar$exa0.727\lanlaunch\lanlaunch.exe|Name=lanlaunch.exe|Desc=lanlaunch.exe|Defer=User| [x] -> ??? [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {85AC8BCF-954D-493B-A3FE-DB355588EF3D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe|Name=downloader| [x] -> ??? [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {699B2E40-3C4B-4E97-871F-82FDDE1EED25} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe|Name=downloader| [x] -> ??? [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> ??? [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> ??? ¤¤¤ المهام : 0 ¤¤¤ ¤¤¤ الملفات : 4 ¤¤¤ [PUP.Gen1][ملف] C:\Users\sk\AppData\Roaming\Mobogenie -> ??? [PUP.Gen1][ملف] C:\Users\sk\AppData\Local\Torch -> ??? [PUP.Gen1][ملف] C:\Program Files (x86)\Mobogenie3 -> ??? [PUP.Firefox][ملف] C:\Users\sk\AppData\Roaming\Mozilla\Firefox\Profiles\xvmpq9hm.default\Invalidprefs.js -> ??? ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ ملف الهوست : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: محمل) ¤¤¤ ¤¤¤ المتصفح : 0 ¤¤¤ ¤¤¤ فحص ال MBR : ¤¤¤ +++++ PhysicalDrive0: ST4000DM000-1F2168 ATA Device +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST4000DM000-1F2168 ATA Device +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: ST4000DM000-1F2168 ATA Device +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: ST250DM000-1BD141 ATA Device +++++ --- User --- [MBR] ba8dcd0e83194c54ddade66c21229935 [BSP] b5ef7adda760a6c590a47b374998465a : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238379 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive4: ST4000DX001-1CE168 ATA Device +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive5: SanDisk Cruzer Blade USB Device +++++ --- User --- [MBR] 3d2c9e9c28b964a9e55b905505c2c8e8 [BSP] 574103611cef5986b7571fedf65a3777 : Legit.Unknown|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 15263 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] ??????? ??? ?????. )