[CODE title="RougeKillerCMD - scаn all"]X:\>dir
[============= RogueKillerCMD V12.10.1.0 =============] - Free Version. - You are running the latest version. Current Step: Scan Finished.
Current Item: PhysicalDrive2
General Progress: 0% [ ]
Secondary Progress: 0% [ ]
Detections: 15
Last Detection: HKCU\RK_Xenos_ON_C_05EF\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_Trac...
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\Tcpip\Parameters\Interfaces\{371042d1-38ab-473b-913f-76d10a0e3fd6}|NameServer [PUM.Dns]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B749A152-D293-4112-8A4C-BEDA829319EC}C:\users\xenos\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5C496595-1754-4C63-A0AA-5E50BA08DFB7}C:\users\xenos\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{09528411-6D66-4E3D-BA4A-B0A40FD294A5}C:\users\xenos\appdata\local\yandex\yandexbrowser\application\browser.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6E879645-5D1F-4186-A715-47AB0B7D76EC}C:\users\xenos\appdata\local\yandex\yandexbrowser\application\browser.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AD2A6152-4D5B-44F8-B8DC-CC6BACB09317} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{08055C2B-3ACD-4A5F-A3AD-CC7ABBAEE11B} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B369A887-D85F-4ABE-8972-7575A7C8EB82} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1CC4549C-661E-4022-9E61-2838E55FF752} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8A3B25AA-1D18-4733-90CE-31AA43453DFC}C:\users\xenos\appdata\roaming\zona\plugins\zbrowser\webview2\msedgewebview2.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{78B5ACB5-7DCE-40A3-8EA5-F344DBBBE242}C:\users\xenos\appdata\roaming\zona\plugins\zbrowser\webview2\msedgewebview2.exe [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{815456AD-A222-428F-AB03-7DB703F6D376} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_LOCAL_MACHINE\RK_System_ON_C_3552\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4A1138BB-9693-47F5-A82F-80D3BEE0D518} [Suspicious.Path]
[-] Found [REGVAL] : HKEY_USERS\RK_Xenos_ON_C_05EF\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs [PUM.StartMenu]
[-] Found [REGVAL] : HKEY_USERS\RK_Xenos_ON_C_05EF\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs [PUM.StartMenu]
Please make a removal choice and hit enter.
- remove
- remove (PUP/PUM as well)
- exit without removing
[/CODE]