mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal

Started from : C:\Users\Usuario\Desktop\RogueKillerX64.exe
Modo : Deletar -- Data : 09/02/2016 19:20:09 (Duration : 00:27:32)


[Suspicious.Path] MEGAsync.exe(3316) -- C:\Users\Usuario\AppData\Local\MEGAsync\MEGAsync.exe[7] -> Interrompido [TermProc]
[Suspicious.Path] (SVC) gkernel -- \??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys[x] -> ERROR [41c]


[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} (C:\Users\Usuario\AppData\Local\MEGAsync\ShellExtX64.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3} (C:\Users\Usuario\AppData\Local\Roblox\Versions\version-e6d872d544b64cd9\RobloxProxy64.dll) -> ERROR [4001]
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF} (C:\Users\Usuario\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\JambenP ("C:\ProgramData\Jamben\Jamben.exe") -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JambenP ("C:\ProgramData\Jamben\Jamben.exe") -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gkernel (\??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JambenP ("C:\ProgramData\Jamben\Jamben.exe") -> Deletado





[Suspicious.Path] %WINDIR%\Tasks\DropboxUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000Core.job -- C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe (/c) -> Deletado
[Suspicious.Path] %WINDIR%\Tasks\DropboxUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000UA.job -- C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe (/ua /installsource scheduler) -> Deletado
[Suspicious.Path] \DropboxUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000Core -- C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe (/c) -> Deletado
[Suspicious.Path] \DropboxUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000UA -- C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe (/ua /installsource scheduler) -> ERROR [0]
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000Core -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Deletado
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000UA -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Deletado


[Suspicious.Path][Arquivo] C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\Users\Usuario\AppData\Local\MEGAsync\MEGAsync.exe -> Deletado
[PUP][Arquivo] C:\Users\Usuario\AppData\Roaming\setup1\TSvr.exe -> Deletado
[PUP][Pasta] C:\Program Files\Sound+ -> Deletado
[PUP][Pasta] C:\Program Files\Sound+\config -> Deletado
[PUP][Arquivo] C:\Program Files\Sound+\config.conf -> Deletado








+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 51811279b4a706ecf67b0585a6bf3d5b
[BSP] 442d68e2e91329397aa53b159ad92453 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK