Zitat:
Zitat von
cosinus Und deswegen präsentierst du ein Log ohne Funde?
Korrektur:
Code:
Alles auswählen Aufklappen ATTFilter
Program : RogueKiller Anti-Malware
Version : 15.15.2.0
x64 : Yes
Program Date : Feb 19 2024
Location : C:\Users\Christopher\Downloads\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22631) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Christopher
User is Admin : Yes
Date : 2024/02/22 13:23:30
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 206
Found items : 15
Total scanned : 100576
Signatures Version : 20240216_101755
Truesight Driver : Yes
Updates Count : 21
************************* Warnings *************************
************************* Updates *************************
CPUID HWMonitor 1.52 (64-bit), version 1.52
[+] Available Version : 1.53
[+] Size : 3682304
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CPUID\HWMonitor\
CrystalDiskInfo 8.17.14 (64-bit), version 8.17.14
[+] Available Version : 9.2.3
[+] Size : 15324160
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CrystalDiskInfo\
Mozilla Firefox (x64 de) (64-bit), version 122.0.1
[+] Available Version : 123.0
[+] Size : 235853824
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Mozilla Firefox
TeamSpeak 3 Client (64-bit), version 3.5.6
[+] Available Version : 5.0.0
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\TeamSpeak 3 Client
Zoom (64-bit), version 5.16.5 (24296)
[+] Available Version : 5.17.31859
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Christopher\AppData\Roaming\Zoom\bin
CPUID CPU-Z Aorus 2.05 (64-bit), version 2.05
[+] Available Version : 2.08
[+] Size : 10494976
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CPUID\CPU-Z Aorus\
ROG Live Service (64-bit), version 2.3.6.0
[+] Available Version : 2.3.13.0
[+] Size : 17652736
[+] Wow6432 : No
[+] Portable : No
Elgato Game Capture HD (64-bit), version 3.70.55.3055
[+] Available Version : 3.70.56.3056
[+] Size : 487967744
[+] Wow6432 : No
[+] Portable : No
Bonjour (32-bit), version 3.0.0.10
[+] Available Version : 3.1.0.1
[+] Size : 2101248
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Bonjour\
NVIDIA Graphics Driver 551.23 (64-bit), version 551.23
[+] Available Version : 551.52
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{464C93EA-0C51-44BE-A327-C9061053AC93}
Paradox Launcher v2 (64-bit), version 2.2.0
[+] Available Version : 2.4.0
[+] Size : 91325440
[+] Wow6432 : No
[+] Portable : No
ARMOURY CRATE Lite Service (64-bit), version 5.7.9
[+] Available Version : 5.8.6
[+] Size : 88182784
[+] Wow6432 : No
[+] Portable : No
Creative App Version 1.13.07.00 (32-bit), version 1.13.07.00
[+] Available Version : 1.16.16.00
[+] Size : 101160960
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\Creative App\
Dolby Digital Live Pack Version 5.02.00 (32-bit), version 5.02.00
[+] Available Version : 5.02.01
[+] Size : 3031040
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\Dolby Digital Live Pack\
DTS Connect Pack Version 3.02.00 (32-bit), version 3.02.00
[+] Available Version : 3.02.01
[+] Size : 3319808
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Creative\DTS Connect Pack\
Escape from Tarkov (64-bit), version 0.14.0.1.28476
[+] Available Version : 0.14.1.0.28744
[+] Size : 438041600
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Battlestate Games\Escape from Tarkov
VGA (32-bit), version 3.01.04
[+] Available Version : 3.01.05
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
GOG GALAXY (32-bit), version 2.0.73.27
[+] Available Version : 51.1052.0.0
[+] Size : 536745984
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GOG Galaxy\
TechPowerUp GPU-Z (32-bit), version 2.56.0
[+] Available Version : 2.57.0
[+] Size : 9931776
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GPU-Z\
RGB Fusion (32-bit), version 3.22.0713.1
[+] Available Version : 3.23.0328.1
[+] Size : 187617280
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\GIGABYTE\RGBFusion\
Microsoft Teams classic (32-bit), version 1.6.00.29964
[+] Available Version : 1.7.00.5155
[+] Size : 142789632
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Users\Christopher\AppData\Local\Microsoft\Teams
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
>>>>>> O4 - Run
└── [Tr.Gen (Bösartig)] (X64) HKEY_USERS\S-1-5-21-2108826960-4211556212-834145737-1001\Software\Microsoft\Windows\CurrentVersion\Run|advapi32 -- wscript.exe "C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT\advapi32.js" -> Gefunden
>>>>>> O87 - Firewall
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{29F7DC2C-42EE-4685-9EDD-BB7262942A14}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{369E47C3-A8A2-4B06-9C56-9A6D1DF387A4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C1FC94E3-6D2B-4B1D-9E48-3DC359426A6D}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{39C14C15-E0EC-44AB-A449-1E85F6AE13F4}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4AF26082-75F0-4FC4-95AE-0FC67F4E1006}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A9AE98A6-1AB8-4A10-8129-0222CB7601C4}C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa20148.34676\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{982F0EFC-DDC0-4B7C-B834-359D854DE117}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8E8C038F-8237-43FA-BB42-C46586C72A9F}C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.33654\blobby-1.0\blobby-server.exe|Name=blobby-server.exe|Desc=blobby-server.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E7A75334-2147-425B-BE01-17D8EE47C867}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe|Name=blobby.exe|Desc=blobby.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{709BA635-26D0-4867-9A68-BEB9CACD639E}C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\christopher\appdata\local\temp\rar$exa19032.31036\blobby-1.0\blobby.exe|Name=blobby.exe|Desc=blobby.exe|Defer=User| (missing) -> Gefunden
├── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{38763CC1-B7C6-4EBA-9467-4A94E73803B6}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
└── [Suspicious.Path (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B73908E5-9F0F-4426-8F3C-DE3AFF3D5E79}E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\wpsystem\s-1-5-21-2108826960-4211556212-834145737-1001\appdata\local\packages\microsoft.254428597cfe2_8wekyb3d8bbwe\localcache\local\microsoft\writablepackageroot\game\haloinfinite.exe|Name=haloinfinite.exe|Desc=haloinfinite.exe|Defer=User| -> Gefunden
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
[Tr.Gen (Bösartig)] (folder) Windows NT -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows NT -> Gefunden
************************* Web Browsers *************************
>>>>>> Firefox Config
└── [PUM.Proxy (Potenziell bösartig)] network.proxy.type (C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\2q1on2jj.default-release\prefs.js) -- 2 -> Gefunden
************************* Antirootkit *************************
__________________
22.02.2024, 13:46
Hybrid-Darstellung
