RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 8.1 (6.3.9600) 64 bits Started in : Normal mode User : Byaku [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210115_124938, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/01/18 11:38:04 (Duration : 01:59:51) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Cloud.Generic (Malicious)] notepad2.exe (2256) -- C:\Program Files (x86)\notepad2\notepad2.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] p1483448096am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bk5470.tmp\p1483448096am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1484835112am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bkEDAE.tmp\p1484835112am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1484835200am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bk4138.tmp\p1484835200am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1487606898am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bkA65A.tmp\p1487606898am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1486202128am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bkC03A.tmp\p1486202128am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1486561471am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bk6057.tmp\p1486561471am.sys -> Found [Suspicious.Path (Potentially Malicious)] p1487607019am (0) -- \??\C:\Users\Byaku\AppData\Local\Temp\bk89FF.tmp\p1487607019am.sys -> Found [Ads.Generic (Malicious)] ucdrv (0) -- (TAOBAO (CHINA) SOFTWARE CO.,LTD.) \??\C:\Windows\System32\drivers:ucdrv-x64.sys -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O101 - Clsid [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC} -- "C:\Program Files\My Web Shield\mweshieldup.exe" (missing) -> Found >>>>>> XX - Software [Adw.Elex (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Elex-tech -- N/A -> Found [PUP.Ghokswa (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -- N/A -> Found [PUP.UCBrowser|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\AutoTime -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\dobreprogramy -- N/A -> Found [PUP.Ghokswa (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Firefox -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Installer -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\IM -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\KuaiZipSFX -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\KuaiZip -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\SNDA -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\UCBrowserPID -- N/A -> Found [PUP.UCBrowser|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -- N/A -> Found >>>>>> XX - Uninstall [PUP.MyWebShield (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mweshield -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU -- N/A -> Found [PUP.QRss (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63} -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2709180964-3026329352-173763364-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -- N/A -> Found >>>>>> O23 - Services [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1483448096am -- C:\Users\Byaku\AppData\Local\Temp\bk5470.tmp\p1483448096am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1484835112am -- C:\Users\Byaku\AppData\Local\Temp\bkEDAE.tmp\p1484835112am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1484835200am -- C:\Users\Byaku\AppData\Local\Temp\bk4138.tmp\p1484835200am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1486561471am -- C:\Users\Byaku\AppData\Local\Temp\bk6057.tmp\p1486561471am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1486202128am -- C:\Users\Byaku\AppData\Local\Temp\bkC03A.tmp\p1486202128am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1487607019am -- C:\Users\Byaku\AppData\Local\Temp\bk89FF.tmp\p1487607019am.sys (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p1487606898am -- C:\Users\Byaku\AppData\Local\Temp\bkA65A.tmp\p1487606898am.sys (missing) -> Found [Ads.Generic (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv -- (TAOBAO (CHINA) SOFTWARE CO.,LTD.) C:\Windows\System32\drivers:ucdrv-x64.sys -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2D1B475A-CE87-4B75-9116-3F40D8D6C2E2} -- v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe|Name=???| (C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe) (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AAC1EC51-FBBA-4F98-8844-D1D9C5D8D125} -- v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe|Name=???| (C:\Users\Byaku\AppData\Local\Temp\00003467\inst_buychannel_07.exe) (missing) -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EBA2869B-5A63-40B9-A6AF-B2999C8F599D} -- v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Byaku\AppData\Local\Temp\is-69JNP.tmp\download\MiniThunderPlatform.exe|Name=MiniThunderPlatform| (C:\Users\Byaku\AppData\Local\Temp\is-69JNP.tmp\download\MiniThunderPlatform.exe) (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Ghokswa (Potentially Malicious)] (folder) Firefox -- C:\Users\Byaku\AppData\Roaming\Firefox -> Found [PUP.Gen1 (Potentially Malicious)] (folder) KuaiZip -- C:\Users\Byaku\AppData\Roaming\KuaiZip -> Found [PUP.UCBrowser (Potentially Malicious)] (shortcut) UC???.lnk -- C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC???.lnk => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe -> Found [PUP.Ghokswa (Potentially Malicious)] (folder) Firefox -- C:\Users\Byaku\AppData\Local\Firefox -> Found [Adw.Snarasite (Malicious)] (folder) SNARE -- C:\Users\Byaku\AppData\Local\SNARE -> Found [PUP.Gen1 (Potentially Malicious)] (folder) StormFall -- C:\Users\Byaku\AppData\Local\StormFall -> Found [Adw.Elex (Malicious)] (folder) terana -- C:\Users\Byaku\AppData\Local\terana -> Found [Adw.Xunlei (Malicious)] (folder) Thunder Network -- C:\ProgramData\Thunder Network -> Found [PUP.Ghokswa (Potentially Malicious)] (folder) Firefox -- C:\Program Files (x86)\Firefox -> Found [PUP.Gen1 (Potentially Malicious)] (folder) mpck -- C:\Program Files (x86)\mpck -> Found [PUP.UCBrowser (Potentially Malicious)] (folder) UCBrowser -- C:\Program Files (x86)\UCBrowser -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤