zillo396
2015-04-22, 02:48
// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore-backups\previous.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\beacon[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\quant[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\6S15YPSM\ga[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\HitmanPro\HitmanPro.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\uninst.exe:$CmdTcID:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore-backups\previous.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\beacon[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\quant[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\6S15YPSM\ga[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\HitmanPro\HitmanPro.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\uninst.exe:$CmdTcID:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"