Adlice forum

Software feedback => RogueKiller => Topic started by: roshak on December 14, 2015, 10:37:52 pm

Title: [Split][Proc.Svchost]
Post by: roshak on December 14, 2015, 10:37:52 pm
RogueKiller V11.0.3.0 (x64) [Dec 14 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : () [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/14/2015 22:00:41

Processes : 1
[Proc.Svchost] svchost.exe(5180) -- C:\Windows\System32\svchost.exe[7] -> Killed [TermProc]

Registry : 1
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> ERROR [2]

Tasks : 0

Files : 1
[PUP][Folder] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> ERROR [3]
[PUP][File] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
--- User ---
[MBR] 6b1343ac4b8cc445be9a23efb6f184bb
[BSP] 32a1902de6527ec86a46e600c5cba02b : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 910197 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1868976128 | Size: 350 MB
6 - Basic data partition | Offset (sectors): 1869692928 | Size: 25600 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1922121728 | Size: 15333 MB
User = LL1 ... OK
User = LL2 ... OK
Title: Re: [Split][Proc.Svchost]
Post by: Curson on December 14, 2015, 10:49:27 pm
Hi roshak,

I've splitted your post in a new thread. Your problem is not an injection.
Please attach RogueKiller JSON report in your next reply.

Regards.
Title: Re: [Split][Proc.Svchost]
Post by: roshak on December 14, 2015, 11:06:06 pm
Here's the json report, thank you for the reply
Title: Re: [Split][Proc.Svchost]
Post by: Curson on December 14, 2015, 11:21:44 pm
Hi roshak,

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.
Regards.
Title: Re: [Split][Proc.Svchost]
Post by: roshak on December 14, 2015, 11:45:33 pm
Here are the files. Sorry for the delay but i wasn't logged in
Title: Re: [Split][Proc.Svchost]
Post by: Curson on December 15, 2015, 12:11:27 am
Hi roshak,

Your system seems to be damaged in some ways.
Do BSODs occur regularly ?

Do you know this program ?
Quote
C:\Users\Leke Qirezi\Downloads\x6epqj3t.exe

Regards.
Title: Re: [Split][Proc.Svchost]
Post by: roshak on December 15, 2015, 12:20:22 am
yes i downloaded it today, like 30 minutes ago.It restarted my pc without my permition, this is it's url       http://www.gmer.net/
but now i deleted it.
other than that is my system safe?
thank you
Title: Re: [Split][Proc.Svchost]
Post by: Curson on December 15, 2015, 12:22:51 am
Hi roshak,

Gmer is legit.
Taking apart the instabilities, your system is safe.

Regards.
Title: Re: [Split][Proc.Svchost]
Post by: roshak on December 15, 2015, 12:35:46 am
What kind of instabilities, and is there any way to turn these instabilities into sustainability.
Thank you for your time.
Title: Re: [Split][Proc.Svchost]
Post by: Curson on December 15, 2015, 11:27:08 pm
Hi roshak,

It seems Windows Update is not working properly :
Quote
Error: (12/14/2015 11:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: wuaueng.dll, version: 10.0.10240.16515, time stamp: 0x55fa55bd

A BSOD seems to have occured yesterday:
Quote
2015-12-14 23:26 - 2015-12-14 23:26 - 860276998 _____ C:\WINDOWS\MEMORY.DMP
2015-12-14 23:26 - 2015-12-14 23:26 - 00366696 _____ C:\WINDOWS\Minidump\121415-31359-01.dmp

A system repair may solve this.

Regards.