RogueKiller V12.11.1.0 [Jun 4 2017] (Premium) (H'37) (1F'E, Adlice 'D(1J/ 'D%DC*1HFJ : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com 'DEHB9 : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com F8'E 'D*4:JD : Windows 7 (6.1.7601 Service Pack 1) 32 bits version J(/# AJ : 'DH69 'D7(J9J 'DE3*./E : win7 [E3$HD] Started from : C:\Program Files\RogueKiller\RogueKiller.exe 'DH69 : A-5 -- 'DJHE : 06/12/2017 03:00:00 (Duration : 00:23:02) ¤¤¤ 'D9EDJ) : 0 ¤¤¤ ¤¤¤ 'DE3,D : 37 ¤¤¤ [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{51A00247-40A8-4845-9F17-7DBFCC9A8783} (C:\Program Files\Tencent\QQPlayer\avi.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{53D9DE0B-FC61-4650-9773-74D13CC7E582} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{64F2005C-6CF5-4652-B94F-600360B15B27} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{7B63A013-DC2C-462E-9292-CAF8C867100F} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> ??? [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{7FBEA058-DE40-11E6-83E9-64006A5CFC23} (C:\Users\win7\AppData\Roaming\Kowelystzother\Ghikuy.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{895322C5-84A1-450C-8478-C57793CAE86F} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{90C7D10E-CE9A-479B-A238-1A0F2396DE43} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC} (C:\Program Files\Tencent\QQPlayer\mp4.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{B841F346-4835-4de8-AA5E-2E7CD2D4C435} (C:\Program Files\Tencent\QQPlayer\ts.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{BD4FB4BE-809D-487b-ADD6-F7D164247E52} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{DB43B405-43AA-4f01-82D8-D84D47E6019C} (C:\Program Files\Tencent\QQPlayer\ogm.dll) -> ??? [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{F97757C6-D3F6-11E6-A8B4-64006A5CFC35} (C:\Users\win7\AppData\Roaming\Griberse\Grtotherariha.dll) -> ??? [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{FB50EEA7-2E65-4BA7-8AE1-465C7393F695} (C:\Program Files\Tencent\QQPlayer\QPShellExt.dll) -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Elex-tech -> ??? [PUP.UCBrowser|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\UCBrowser -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> ??? [PUP.UCBrowser|PUP.Gen1] HKEY_USERS\.DEFAULT\Software\UCBrowser -> ??? [PUP.Gen1] HKEY_USERS\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\IM -> ??? [PUP.UCBrowser|PUP.Gen1] HKEY_USERS\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\UCBrowser -> ??? [PUP.Gen1] HKEY_USERS\S-1-5-21-1175016655-2442003890-1713799225-1000\Software\UCBrowserPID -> ??? [PUP.UCBrowser|PUP.Gen1] HKEY_USERS\S-1-5-18\Software\UCBrowser -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe -> ??? [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct -> ??? [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {7FBEA058-DE40-11E6-83E9-64006A5CFC23} : (C:\Users\win7\AppData\Roaming\Kowelystzother\Ghikuy.dll) [x] -> ??? [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 197.39.242.222 197.39.242.222 ([Egypt][Egypt]) -> ??? [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 197.39.242.222 197.39.242.222 ([Egypt][Egypt]) -> ??? [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{180DC0B1-2FC8-4E59-8C7D-BE47D8DF09CD} | DhcpNameServer : 197.39.242.222 197.39.242.222 ([Egypt][Egypt]) -> ??? [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{180DC0B1-2FC8-4E59-8C7D-BE47D8DF09CD} | DhcpNameServer : 197.39.242.222 197.39.242.222 ([Egypt][Egypt]) -> ??? [PUP.UCBrowser] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9A5BB6B-7C28-4BB7-9B81-ADDBBDB2BB10} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\UCBrowser\Application\UCBrowser.exe|Name=Chromium (mDNS-In)|Desc=?????? ?????? ??? Chromium ?????? ????? ???? mDNS.|EmbedCtxt=UC???| [7] -> ??? [PUP.Ghokswa] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A82E1AC9-A23A-4446-9B0F-61D9EE0C56D4} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> ??? [PUP.Ghokswa] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BDF317AA-7913-4BB4-B9C1-058DAF2FCA1A} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Firefox\Firefox.exe|Name=Firefox browser| [x] -> ??? [Tr.Vilsel] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2CD5EB4A-A709-42B3-B6A3-FA9AC78940DF} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe|Name=MaohaWifiSvr.exe| [x] -> ??? [PUP.UCBrowser] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9A5BB6B-7C28-4BB7-9B81-ADDBBDB2BB10} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\UCBrowser\Application\UCBrowser.exe|Name=Chromium (mDNS-In)|Desc=?????? ?????? ??? Chromium ?????? ????? ???? mDNS.|EmbedCtxt=UC???| [7] -> ??? [PUP.Ghokswa] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A82E1AC9-A23A-4446-9B0F-61D9EE0C56D4} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> ??? [PUP.Ghokswa] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BDF317AA-7913-4BB4-B9C1-058DAF2FCA1A} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Firefox\Firefox.exe|Name=Firefox browser| [x] -> ??? [Tr.Vilsel] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2CD5EB4A-A709-42B3-B6A3-FA9AC78940DF} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe|Name=MaohaWifiSvr.exe| [x] -> ??? [PUP.UCBrowser] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | StubPath : "C:\Program Files\UCBrowser\Application\6.0.1121.13\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files\UCBrowser" [x] -> ??? ¤¤¤ 'DEG'E : 0 ¤¤¤ ¤¤¤ 'DEDA'* : 6 ¤¤¤ [PUP.UCBrowser][EDA] C:\Users\Public\Desktop\UC???.lnk [LNK@] C:\PROGRA~1\UCBROW~1\APPLIC~1\UCBROW~1.EXE --wow-marketing-shortcut=1001 https://alimarket.taobao.com/markets/browser/fan?f=desk&uc_shortcut_id=1001&uc_marketing_id=1 -> ??? [Ads.Generic|Hidden.ADS][Stream] C:\Windows\System32\drivers:ucdrv-x86.sys -> ??? [Ads.Generic|Hidden.ADS][Stream] C:\Windows\System32\drivers:x86 -> ??? [PUP.UCBrowser][EDA] C:\Users\win7\AppData\Local\UCBrowser -> ??? [PUP.UCBrowser][EDA] C:\Program Files\UCBrowser -> ??? [PUP.UCBrowser][EDA] C:\Users\Public\Desktop\UC???.lnk [LNK@] C:\PROGRA~1\UCBROW~1\APPLIC~1\UCBROW~1.EXE --wow-marketing-shortcut=1001 https://alimarket.taobao.com/markets/browser/fan?f=desk&uc_shortcut_id=1001&uc_marketing_id=1 -> ??? ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ EDA 'DGH3* : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: E-ED) ¤¤¤ ¤¤¤ 'DE*5A- : 0 ¤¤¤ ¤¤¤ A-5 'D MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++ --- User --- [MBR] 1bf96127c8613092b08e3bfb9f88ab17 [BSP] 7f09747448eee5d9f451ca5e7c39ec33 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76936 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 157565520 | Size: 132999 MB [Windows XP Bootstrap | Windows XP Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 429947595 | Size: 132999 MB [Windows XP Bootstrap | Windows XP Bootloader] 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 702329670 | Size: 134003 MB [Windows XP Bootstrap | Windows XP Bootloader] User = LL1 ... OK User = LL2 ... OK