RogueKiller log
RogueKiller V12.10.7.0 (x64) [May 1 2017] (Free) by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
https://forum.adlice.comWebsite :
http://www.adlice.com/download/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : logo [Administrator]
Started from : C:\Users\logo\Desktop\RogueKillerX64(1).exe
Mode : Delete -- Date : 05/06/2017 10:31:05 (Duration : 00:26:29)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[Adw.Elex] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WANARE : (C:\Users\logo\AppData\Local\WANARE\Snare.dll) [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WANARE (C:\Users\logo\AppData\Local\WANARE\Snare.dll) -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2F37166D-05D6-4629-9D15-7986FEA8AFE0}C:\program files (x86)\popcorn time\chromecast\node.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\popcorn time\chromecast\node.exe|Name=node.exe|Desc=Evented I/O for V8 JavaScript|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F1498064-CA1A-487E-9B7A-5904C322B179}C:\program files (x86)\popcorn time\chromecast\node.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\popcorn time\chromecast\node.exe|Name=node.exe|Desc=Evented I/O for V8 JavaScript|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{5954D41F-071E-4449-B339-983E49B688B9}C:\program files (x86)\popcorn time\popcorntimedesktop.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\popcorn time\popcorntimedesktop.exe|Name=Popcorn Time|Desc=popcorntimedesktop|Edge=TRUE|Defer=App| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{19EA2853-B959-4525-AD83-E1F49843557A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\popcorn time\popcorntimedesktop.exe|Name=Popcorn Time|Desc=popcorntimedesktop|Edge=TRUE|Defer=App| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1046166E-079C-404D-9228-E0BC9AAF387C} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BF4EBAEA-27CA-4EA9-B774-BE5A76ABD927} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4DB47A16-354C-46D0-9FA2-629A6099DF13}C:\users\logo\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\logo\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{7C95D467-9D7C-42AE-98A9-0989778AC831}C:\users\logo\appdata\local\popcorn-time\popcorn-time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\logo\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {61B07F92-9BDC-4E0A-AAE4-F95CF91DC2BF} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C5F7B803-9198-4B99-A1FC-512D5AAE3EB2} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{71BA7F4B-5A0D-4277-B9C4-B5A8B6A0E97C}C:\program files (x86)\popcorn time\popcorntimedesktop.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\popcorn time\popcorntimedesktop.exe|Name=Popcorn Time|Desc=popcorntimedesktop|Edge=TRUE|Defer=App| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{45435A2A-A585-44F4-B9BD-9F745E02F74F}C:\program files (x86)\popcorn time\popcorntimedesktop.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\popcorn time\popcorntimedesktop.exe|Name=Popcorn Time|Desc=popcorntimedesktop|Edge=TRUE|Defer=App| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{ACAE303E-B049-456B-89D2-71A7E92348B3}C:\program files (x86)\popcorn time\chromecast\node.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\popcorn time\chromecast\node.exe|Name=node.exe|Desc=Evented I/O for V8 JavaScript|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{FF800A58-8812-411B-94A7-45CB1DF2FD36}C:\program files (x86)\popcorn time\chromecast\node.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\popcorn time\chromecast\node.exe|Name=node.exe|Desc=Evented I/O for V8 JavaScript|Defer=User| [x] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 941699 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1931167744 | Size: 837 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1932881920 | Size: 10079 MB
User = LL1 ... OK
User = LL2 ... OK