RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/29/2015 18:02:46
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] MP3SkypeRecorder.exe(9156) -- C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[7] -> Killed [TermProc]
¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3399570657-819039515-4050530942-1001\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3399570657-819039515-4050530942-1001\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - memcpy : Unknown @ 0x1f20009 (call 0x5|jmp 0x34|jmp 0xffffff6e)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB[Invalid]
Topic: Weird antirootkit entry (Read 5649 times)
