RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Safe mode with network support User : seb [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20190204_072850, Driver : Not Loaded Mode : Standard Scan, Scan -- Date : 2019/02/13 21:21:57 (Duration : 00:31:25) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\simplitec -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\IM -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\.DEFAULT\Software\IM -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-538220665-914173731-789976379-1000\Software\eSupport.com -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-538220665-914173731-789976379-1000\Software\eSupport.com -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\IM -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-18\Software\IM -- N/A -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found [PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found >>>>>> XX - System Restore [PUM.Desktop (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore|DisableSR -- 1 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Firefox Config [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename (C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\3h7ocm78.default\prefs.js) -- Yahoo! Powered Search -> Found [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\3h7ocm78.default\prefs.js) -- Yahoo! Powered Search -> Found >>>>>> Chrome Addon [PUP.Gen0 (Potentially Malicious)] SPOTS - A better way to start (C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\EJOCEK~1) -- ejocekekgcaldnmjngfdbmbeebcekelc -> Found