Program : RogueKiller Anti-Malware Version : 15.4.0.0 x64 : Yes Program Date : Mar 7 2022 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : Yes Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 8.1 (6.3.9600) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : bEEExx User is Admin : Yes Date : 2022/04/29 16:16:08 Type : Scan Aborted : No Scan Mode : Standard Duration : 3683 Found items : 10 Total scanned : 115789 Signatures Version : 20220425_082113 Truesight Driver : Yes Updates Count : 11 Arguments : -minimize ************************* Warnings ************************* ************************* Updates ************************* CCleaner (64-bit), version 5.91 [+] Available Version : 5.92 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\CCleaner Mozilla Firefox 86.0 (x64 pl) (64-bit), version 86.0 [+] Available Version : 99.0.1 [+] Size : 209 MB [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files (x86)\Mozilla Firefox Notepad++ (64-bit x64) (64-bit), version 7.2.2 [+] Available Version : 8.4 [+] Size : 6,62 MB [+] Wow6432 : No [+] Portable : No TeamSpeak 3 Client (64-bit), version 3.0.19 [+] Available Version : 3.5.6 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\TeamSpeak 3 Client VLC media player (64-bit), version 3.0.4 [+] Available Version : 3.0.17.4 [+] Wow6432 : No [+] Portable : No [+] update_location : d:\Program Files\VideoLAN\VLC Oracle VM VirtualBox 5.1.14 (64-bit), version 5.1.14 [+] Available Version : 6.1.34 [+] Size : 169 MB [+] Wow6432 : No [+] Portable : No Google Chrome (32-bit), version 100.0.4896.127 [+] Available Version : 101.0.4951.41 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Google\Chrome\Application TeamViewer (32-bit), version 15.6.7 [+] Available Version : 15.29.4 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\TeamViewer WinRAR 5.40 (32-bit) (32-bit), version 5.40.0 [+] Available Version : 6.11 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\WinRAR\ Adobe Acrobat Reader DC - Polish (32-bit), version 17.009.20044 [+] Available Version : 22.001.20117 [+] Size : 254 MB [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Adobe\Acrobat Reader DC\ PuTTY release 0.71 (32-bit), version 0.71.0.0 [+] Available Version : 0.76 [+] Size : 3,41 MB [+] Wow6432 : Yes [+] Portable : No ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* [Suspicious.Path (Potentially Malicious)] \Windows-System-API -- C:\ProgramData\win64\Windows-System-API.exe -> Found ************************* Registry ************************* >>>>>> XX - Software %%% [PUP.Tific (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Tific -- N/A -> Found %%% [Tr.Zusy (Malicious)] (X64) HKEY_USERS\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Application -- N/A -> Found %%% [PUP.Tific (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Tific -- N/A -> Found >>>>>> O4 - Run %%% [Keylog.Spyrix (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|localSPM -- N/A -> Found %%% [Suspicious.Path (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Microsoft\Windows\CurrentVersion\Run|Windows-System-API -- C:\ProgramData\win64\Windows-System-API.exe -> Found >>>>>> R5 - Proxy %%% [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://104.155.207.188/win.pac -> Found %%% [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 0http://104.155.207.188/win.pac -> Found ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* [Tr.Gen (Malicious)] (folder) SystemID -- C:\SystemID -> Found ************************* Web Browsers ************************* ************************* Antirootkit *************************