RogueKiller Anti-Malware V14.8.6.0 [Mar 24 2021] (Premium) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19042) 64 bits Started in : Normal mode User : Mariusz [Administrator] Started from : C:\Users\Mariusz\Downloads\RogueKiller.exe Signatures : 20210324_143238, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2021/03/29 21:15:52 (Duration : 00:06:39) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Miner.Gen (Malicious)] AutoIt3_x64.exe [AutoIt Consulting Ltd] -- %localappdata%\Disk\AutoIt3\AutoIt3_x64.exe -> Killed [Tree] [Miner.Gen (Malicious)] \Services\Diagnostic -- "C:\Users\Mariusz\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe" ("C:\Users\Mariusz\AppData\Local\Disk\AutoIt3\Settings.au3") -> Deleted [PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS\.DEFAULT\Software\Nico Mak Computing -- -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2384729773-2530975304-3792660739-1002\Software\IM -- -> Deleted [PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS\S-1-5-21-2384729773-2530975304-3792660739-1002\Software\Nico Mak Computing -- -> Deleted [PUP.WinZipDiskTools (Potentially Malicious)] HKEY_USERS\S-1-5-18\Software\Nico Mak Computing -- -> Deleted [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2) [PUP.HackTool (Potentially Malicious)] AutoKMS -- %SystemRoot%\AutoKMS -> Deleted => AutoKMS.log -- C:\Windows\AutoKMS\AutoKMS.log -> Deleted [Tr.Injector (Malicious)] Mxmetamux -- %_Mariusz_appdata%\Mxmetamux -> ERROR [5] [PUP.OnlineIO (Potentially Malicious)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Deleted => tracking.ini -- C:\Users\Mariusz\AppData\Local\ADVINS~1\57BEC7~1\27F29F~1.0\tracking.ini -> Deleted => 2.7.0 -- C:\Users\Mariusz\AppData\Local\ADVINS~1\57BEC7~1\27F29F~1.0 -> Deleted => 57bec79515c1ec525f8858bf -- C:\Users\Mariusz\AppData\Local\ADVINS~1\57BEC7~1 -> Deleted [Miner.Gen (Malicious)] Disk -- %localappdata%\Disk -> ERROR [5] [PUP.WinZipDiskTools (Potentially Malicious)] Nico Mak Computing -- %localappdata%\Nico Mak Computing -> Deleted => INSTALLTIME -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\INSTAL~1 -> Deleted => log-0311- 39.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-03~1.TXT -> Deleted => log-0312- 93.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOD7B8~1.TXT -> Deleted => log-0312-262.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOE3C1~1.TXT -> Deleted => log-0312-328.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO5A4D~1.TXT -> Deleted => log-0312-712.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-03~4.TXT -> Deleted => log-0312-729.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-03~2.TXT -> Deleted => log-0312-804.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO088A~1.TXT -> Deleted => log-0312-983.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-03~3.TXT -> Deleted => log-0313-458.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOB092~1.TXT -> Deleted => log-0313-493.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOD8F8~1.TXT -> Deleted => log-0313-662.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO77D3~1.TXT -> Deleted => log-0313-733.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOB75D~1.TXT -> Deleted => log-0314- 81.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO5663~1.TXT -> Deleted => log-0314-344.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOC024~1.TXT -> Deleted => log-0314-731.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO0218~1.TXT -> Deleted => log-0315-693.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO84DC~1.TXT -> Deleted => log-0315-903.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO938F~1.TXT -> Deleted => log-0317-905.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOB744~1.TXT -> Deleted => log-0318- 32.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO2656~1.TXT -> Deleted => log-0318-303.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO870D~1.TXT -> Deleted => log-0318-403.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOE077~1.TXT -> Deleted => log-0318-867.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO358F~1.TXT -> Deleted => log-0318-882.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO4C1E~1.TXT -> Deleted => log-0319-664.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOABF4~1.TXT -> Deleted => log-0320- 24.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO07AC~1.TXT -> Deleted => log-0320-459.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO8E8E~1.TXT -> Deleted => log-0320-617.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO6523~1.TXT -> Deleted => log-0320-866.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOA61B~1.TXT -> Deleted => log-0321-570.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO8325~1.TXT -> Deleted => log-0321-685.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO0B5A~1.TXT -> Deleted => log-0321-921.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO5A20~1.TXT -> Deleted => log-0322-529.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO33D1~1.TXT -> Deleted => log-0322-897.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO2C5E~1.TXT -> Deleted => log-0322-911.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO9E2E~1.TXT -> Deleted => log-0322-914.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOAE81~1.TXT -> Deleted => log-0323-403.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOEA7D~1.TXT -> Deleted => log-0323-629.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO1A03~1.TXT -> Deleted => log-0323-718.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOBA35~1.TXT -> Deleted => log-0324-413.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOCFD6~1.TXT -> Deleted => log-0324-867.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO8F33~1.TXT -> Deleted => log-0325-115.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO5FA9~1.TXT -> Deleted => log-0325-209.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO3A8C~1.TXT -> Deleted => log-0325-302.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LODD20~1.TXT -> Deleted => log-0325-509.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOC396~1.TXT -> Deleted => log-0325-687.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOE689~1.TXT -> Deleted => log-0326-332.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO340F~1.TXT -> Deleted => log-0326-334.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO06CC~1.TXT -> Deleted => log-0326-568.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO94D3~1.TXT -> Deleted => log-0326-836.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO027F~1.TXT -> Deleted => log-0327- 8.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO7D08~1.TXT -> Deleted => log-0327-334.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO49E8~1.TXT -> Deleted => log-0327-521.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO2C0F~1.TXT -> Deleted => log-0327-654.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOB53E~1.TXT -> Deleted => log-0328-366.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO3013~1.TXT -> Deleted => log-0329-314.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOC1F4~1.TXT -> Deleted => log-0330-695.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO4B7F~1.TXT -> Deleted => log-0330-728.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO8B18~1.TXT -> Deleted => log-0331-130.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO29CF~1.TXT -> Deleted => log-0331-623.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO01D2~1.TXT -> Deleted => log-0331-753.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LO8707~1.TXT -> Deleted => log-0401- 69.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-04~2.TXT -> Deleted => log-0401-133.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-04~1.TXT -> Deleted => log-0402-261.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-04~3.TXT -> Deleted => log-0402-680.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOE58E~1.TXT -> Deleted => log-0402-780.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOG-04~4.TXT -> Deleted => log-0402-961.txt -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log\LOA228~1.TXT -> Deleted => Log -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1\Log -> Deleted => WinZip Update Notifier -- C:\Users\Mariusz\AppData\Local\NICOMA~1\WINZIP~1 -> Deleted [PUP.Gen1 (Potentially Malicious)] vghd -- %localappdata%\vghd -> Deleted => description.txt -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\HARLEY~1\DESCRI~1.TXT -> Deleted => img_left.jpg -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\HARLEY~1\img_left.jpg -> Deleted => palette.txt -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\HARLEY~1\palette.txt -> Deleted => skinThumbnail.png -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\HARLEY~1\SKINTH~1.PNG -> Deleted => Harley XX -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\HARLEY~1 -> Deleted => description.txt -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena\DESCRI~1.TXT -> Deleted => img_left.jpg -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena\img_left.jpg -> Deleted => palette.txt -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena\palette.txt -> Deleted => skinThumbnail.png -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena\SKINTH~1.PNG -> Deleted => tuto-skin.txt -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena\TUTO-S~1.TXT -> Deleted => melena -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1\melena -> Deleted => iStripper -- C:\Users\Mariusz\AppData\Local\vghd\data\skins\ISTRIP~1 -> Deleted => skins -- C:\Users\Mariusz\AppData\Local\vghd\data\skins -> Deleted => http_domain_0.localstorage -- C:\Users\Mariusz\AppData\Local\vghd\data\web\LOCALS~1\HTTP_D~1.LOC -> Deleted => LocalStorage -- C:\Users\Mariusz\AppData\Local\vghd\data\web\LOCALS~1 -> Deleted => WebpageIcons.db -- C:\Users\Mariusz\AppData\Local\vghd\data\web\WEBPAG~1.DB -> Deleted => web -- C:\Users\Mariusz\AppData\Local\vghd\data\web -> Deleted => data -- C:\Users\Mariusz\AppData\Local\vghd\data -> Deleted