RogueKiller Anti-Malware V13.5.5.0 (x64) [Oct 23 2019] (Premium) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18362) 64 bits Started in : Normal mode User : USER [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20191105_102350, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/11/05 23:28:58 (Duration : 00:14:53) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BDDE7C4F-066E-4C3A-B27C-04F1B14432E5} -- [%localappdata%\Temp\pubg.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E1A4DB56-6AAD-4F79-B4F1-03FEA369F6D5} -- [%localappdata%\Temp\pubg.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA7AAEE1-2E90-4CA3-A53D-487D63720D0C} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5C66133B-DD2C-4126-947D-2FECF08A5F9E} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FF679B25-66E4-4F31-A8B6-2DA1B8916773} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{81F018AB-7DB3-4C5B-A39D-516CB5037545} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6610B8F9-3345-42CA-B7F2-DF26F2A8A555} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{804E577C-8F55-479A-B7C0-D353C8E9C459} -- [%_USER_appdata%\Tencent\TxGameAssistant\GameDownload\TenioDL.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{061EB0F2-3F57-4047-AC11-16587D13EC26} -- [%localappdata%\Temp\localhost.exe] -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{270C834F-DAC8-40D3-9368-A2D88AA36CED} -- [%localappdata%\Temp\localhost.exe] -> Deleted [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2) [Tr.Chapak (Malicious)] rss -- %SystemRoot%\rss -> Deleted [PUP.Gen1 (Potentially Malicious)] Tencent -- %_USER_appdata%\Tencent -> Deleted => GlobalMgr.db -- C:\Users\USER\AppData\Roaming\Tencent\DESKUP~1\GLOBAL~1.DB [1] => DeskUpdate -- C:\Users\USER\AppData\Roaming\Tencent\DESKUP~1 [1] => AppMarket.tlg -- C:\Users\USER\AppData\Roaming\Tencent\Logs\APPMAR~1.TLG [1] => Logs -- C:\Users\USER\AppData\Roaming\Tencent\Logs [1] => data_0 -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache\data_0 [1] => data_1 -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache\data_1 [1] => data_2 -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache\data_2 [1] => data_3 -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache\data_3 [1] => index -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache\index [1] => Cache -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cache [1] => Cookies -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\Cookies [1] => Cookies-journal -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\COOKIE~1 [1] => Visited Links -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1\VISITE~1 [1] => tbs_cache -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1\TBS_CA~1 [1] => WebkitCache -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1\WEBKIT~1 [1] => MobileGamePC -- C:\Users\USER\AppData\Roaming\Tencent\MOBILE~1 [1] => AOWKCheck.dat -- C:\Users\USER\AppData\Roaming\Tencent\TXGAME~1\BSODRE~1\AOWKCH~1.DAT [1] => BSODReport -- C:\Users\USER\AppData\Roaming\Tencent\TXGAME~1\BSODRE~1 [1] => TxGameAssistant -- C:\Users\USER\AppData\Roaming\Tencent\TXGAME~1 [1] => SSOTemp -- C:\Users\USER\AppData\Roaming\Tencent\TXSSO\SSOTemp [1] => TXSSO -- C:\Users\USER\AppData\Roaming\Tencent\TXSSO [1] [PUP.Gen1 (Potentially Malicious)] Tencent -- %localappdata%\Tencent -> Deleted => tbs.log -- C:\Users\USER\AppData\Local\Tencent\BROWSI~1\GFTBSW~1\tbs.log [1] => GFTBSWebCtrl -- C:\Users\USER\AppData\Local\Tencent\BROWSI~1\GFTBSW~1 [1] => BrowsingService -- C:\Users\USER\AppData\Local\Tencent\BROWSI~1 [1] [PUP.Gen0 (Potentially Malicious)] MyJDownloader Browser Extension -- fbcohnmimjicjdomonkcbcpbpnhggkip -> Deleted