Program : RogueKiller Anti-Malware Version : 15.8.2.0 x64 : Yes Program Date : Mar 21 2023 Location : C:\Users\marta\Desktop\RogueKiller_portable64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 11 (10.0.22621) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : marta User is Admin : Yes Date : 2023/04/24 21:05:36 Type : Scan Aborted : No Scan Mode : Standard Duration : 208 Found items : 24 Total scanned : 66816 Signatures Version : 20230424_134233 Truesight Driver : Yes Updates Count : 4 ************************* Warnings ************************* ************************* Updates ************************* CCleaner (64-bit), version 6.07 [+] Available Version : 6.10 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\CCleaner VLC media player (64-bit), version 3.0.16 [+] Available Version : 3.0.18 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\VideoLAN\VLC WinRAR 5.71 (64-bit) (64-bit), version 5.71.0 [+] Available Version : 6.21 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\WinRAR\ WinRAR 6.02 (32-bit) (32-bit), version 6.02.0 [+] Available Version : 6.21 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\WinRAR\ ************************* Processes ************************* ************************* Modules ************************* >>>>>> rundll32.exe (14320) -- C:\Windows\SysWOW64\rundll32.exe %%% [Suspicious.Path (Potencialmente Malicioso)] clip64.dll (14320) -- C:\Users\marta\AppData\Roaming\b1062eb64a0f99\clip64.dll -> Encontrado >>>>>> rundll32.exe (3720) -- C:\Windows\SysWOW64\rundll32.exe %%% [Suspicious.Path (Potencialmente Malicioso)] clip64.dll (3720) -- C:\Users\marta\AppData\Roaming\b1062eb64a0f99\clip64.dll -> Encontrado >>>>>> rundll32.exe (8968) -- C:\Windows\SysWOW64\rundll32.exe %%% [Suspicious.Path (Potencialmente Malicioso)] clip64.dll (8968) -- C:\Users\marta\AppData\Roaming\b1062eb64a0f99\clip64.dll -> Encontrado ************************* Services ************************* ************************* Scheduled Tasks ************************* [Tr.Gen (Malicioso)] \RuntimeBroker_kKGAC -- C:\Users\marta\AppData\Roaming\kKGAC.vbs -> Encontrado [Tr.Gen (Malicioso)] \RuntimeBroker_bMcWu -- C:\Users\marta\AppData\Roaming\bMcWu.vbs -> Encontrado [Tr.Gen (Malicioso)] \RuntimeBroker_CPqwa -- C:\Users\marta\AppData\Roaming\CPqwa.vbs -> Encontrado [Tr.Gen (Malicioso)] \RuntimeBroker_olTsz -- C:\Users\marta\AppData\Roaming\olTsz.vbs -> Encontrado ************************* Registry ************************* >>>>>> O4 - Run %%% [Adw.Gen (Malicioso)] (X86) (Wondershare software CO., LIMITED) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Wondershare Helper Compact.exe -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe -> Encontrado >>>>>> O23 - Services %%% [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Yhruddwfe -- (missing) -> Encontrado >>>>>> R5 - Proxy %%% [PUM.Proxy (Potencialmente Malicioso)] (X64) HKEY_USERS\S-1-5-21-362333004-2431477229-1529422493-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Encontrado %%% [PUM.Proxy (Potencialmente Malicioso)] (X64) HKEY_USERS\S-1-5-21-362333004-2431477229-1529422493-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- N/A -> Encontrado %%% [PUM.Proxy (Potencialmente Malicioso)] (X64) HKEY_USERS\S-1-5-21-362333004-2431477229-1529422493-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- 127.0.0.1:24594 -> Encontrado %%% [PUM.Proxy (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 1127.0.0.1:24594 -> Encontrado >>>>>> XX - System Policies %%% [PUM.Policies (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Encontrado ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* [Tr.Gen (Malicioso)] (folder) SystemID -- C:\SystemID -> Encontrado [Tr.Gen (Malicioso)] (file) bMcWu.vbs -- C:\Users\marta\AppData\Roaming\bMcWu.vbs -> Encontrado [Tr.Gen (Malicioso)] (file) CPqwa.vbs -- C:\Users\marta\AppData\Roaming\CPqwa.vbs -> Encontrado [Tr.Gen (Malicioso)] (file) kKGAC.vbs -- C:\Users\marta\AppData\Roaming\kKGAC.vbs -> Encontrado [Miner.Gen (Malicioso)] (folder) Sysfiles -- C:\Users\marta\AppData\Roaming\Sysfiles -> Encontrado [Tr.Gen (Malicioso)] (file) olTsz.vbs -- C:\Users\marta\AppData\Roaming\olTsz.vbs -> Encontrado [Tr.Gen (Malicioso)] (folder) Chrome -- C:\Program Files\Notepad\Chrome -> Encontrado [Adw.Gen (Malicioso)] (folder) Wondershare Helper Compact -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact -> Encontrado [Tr.Zusy (Malicioso)] (folder) PowerControl1 -- C:\Program Files (x86)\PowerControl1 -> Encontrado ************************* Web Browsers ************************* >>>>>> Chrome Addon %%% [PUP.Gen0 (Potencialmente Malicioso)] Amazon Assistant for Chrome (C:\Users\marta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\PBJIKB~1) -- pbjikboenpfhbbejgkoklgkhjpfogcam -> Encontrado ************************* Antirootkit *************************