RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov 6 2018] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17134) 64 bits Started in : Normal mode User : F3o0x [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Standard Scan, Scan -- Date : 2018/11/11 19:20:30 (Duration : 00:20:45) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Uninstall [PUP.HackTool (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetCut_is1 -- N/A -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6CE74527-8568-450A-A886-1C4381B47CE3}C:\users\teminator\appdata\roaming\utorrent\utorrent.exe -- (BitTorrent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\teminator\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe| (C:\users\teminator\appdata\roaming\utorrent\utorrent.exe) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1187185F-EB6E-49A9-9BEF-0B3D2CD464A1}C:\users\teminator\appdata\roaming\utorrent\utorrent.exe -- (BitTorrent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\teminator\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe| (C:\users\teminator\appdata\roaming\utorrent\utorrent.exe) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C7D8A660-01A0-45C0-862B-E2C1AB4C2A4E}C:\users\teminator\appdata\roaming\utorrent web\utweb.exe -- (BitTorrent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\teminator\appdata\roaming\utorrent web\utweb.exe|Name=utweb.exe|Desc=utweb.exe| (C:\users\teminator\appdata\roaming\utorrent web\utweb.exe) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6F5E89DF-8AC7-4F66-9F15-58B791B9448D}C:\users\teminator\appdata\roaming\utorrent web\utweb.exe -- (BitTorrent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\teminator\appdata\roaming\utorrent web\utweb.exe|Name=utweb.exe|Desc=utweb.exe| (C:\users\teminator\appdata\roaming\utorrent web\utweb.exe) -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found [PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.HackTool (Potentially Malicious)] (shortcut) netcut.lnk -- C:\Users\F3o0x\Desktop\netcut.lnk => C:\Program Files (x86)\netcut\netcut.exe -> Found [PUP.HackTool (Potentially Malicious)] (shortcut) Arcai.com's NetCut.lnk -- C:\Users\F3o0x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk => C:\Program Files (x86)\netcut\netcut.exe -> Found [PUP.HackTool (Potentially Malicious)] (shortcut) Uninstall NetCut.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com\Uninstall NetCut.lnk => C:\PROGRA~2\netcut\unins000.exe -> Found [PUP.HackTool (Potentially Malicious)] (shortcut) netcut.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com\netcut.lnk => C:\Program Files (x86)\netcut\netcut.exe -> Found [PUP.HackTool (Potentially Malicious)] (folder) netcut -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut -> Found [Test.EICAR (Malicious)] (file) vrcpp.dll -- (Doctor Web Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\vrcpp.dll -> Found [PUP.HackTool (Potentially Malicious)] (folder) netcut -- C:\Program Files (x86)\netcut -> Found [PUP.HackTool (Potentially Malicious)] (folder) netcut -- C:\Program Files (x86)\netcut -> Found [PUP.HackTool (Potentially Malicious)] (shortcut) netcut.lnk -- C:\Users\F3o0x\Desktop\netcut.lnk => C:\Program Files (x86)\netcut\netcut.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Chrome Addon [PUP.Gen0 (Potentially Malicious)] Chameleon (C:\Users\F3o0x\AppData\Local\Google\Chrome\User Data\Default\Extensions\DMPOJJ~1) -- dmpojjilddefgnhiicjcmhbkjgbbclob -> Found