Scribd
Upload
129 views2 pages

Fix List

The document contains log entries from a system that appears to have been infected with malware. It lists alternate data streams, scheduled tasks, installed software, and browser/system settings that indicate the presence of unwanted programs. The log also shows the system attempting to remove traces of the infection by deleting directories and scheduled tasks.

Uploaded by

Paweł Gajec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
129 views2 pages

Fix List

The document contains log entries from a system that appears to have been infected with malware. It lists alternate data streams, scheduled tasks, installed software, and browser/system settings that indicate the presence of unwanted programs. The log also shows the system attempting to remove traces of the infection by deleting directories and scheduled tasks.

Uploaded by

Paweł Gajec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

AlternateDataStreams: C:\Windows\system32\drivers:x64 [371912]

AlternateDataStreams: C:\Windows\system32\drivers:x86 [1213218]


Task: {F18C542D-481B-4BED-8B1A-AA6F224A9785} - System32\Tasks\{FB617491-FCE7-4104-
87EB-4970177D9F63} => pcalua.exe -a "C:\Program Files (x86)\Common
Files\Tinlight\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common
Files\Tinlight\uninstall.dat" -a uninstallme 73F4AD6B-8807-45FD-AB18-FFD932AC922C
DeviceId=13a43911-51c5-0291-9bbd-91f88a8079e9 BarcodeId=51107003 ChannelId=3
DistributerName=APSFClickMeIn
Task: {B4E98DAA-2A6F-4784-BFB9-1FC8DD961E7E} - System32\Tasks\{AEACB68B-E47D-49CE-
BF20-44AC116B6DB3} => pcalua.exe -a
C:\Users\Marcin\AppData\Local\Temp\Temp1_GTA_Vice_City_-
_spolszczenie[www.instalki.pl].zip\Vice.exe <==== UWAGA
Task: {991345EA-EF62-4F9E-AC54-552C0F417214} - System32\Tasks\Qirakmomse =>
msiexec/i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?
u=CT250BX100SSD1_1543F00EEEB5&amp;v=201724 /q
Task: {A66D46CA-9847-467A-98BC-CD3E02D1A616} - System32\Tasks\113e48l22n3326 =>
Rundll32.exe "C:\ProgramData\113e48l22n3326\113e48l22n3326.dll",elnfxjw <==== UWAGA
2017-02-04 12:10 - 2017-02-04 11:59 - 00000000 ___HD C:\ProgramData\113e48l22n3326
2017-02-04 12:10 - 2017-02-04 11:58 - 00000000 ____D
C:\Users\Marcin\AppData\Local\IWWsoft
2017-02-04 12:07 - 2017-02-08 18:29 - 00000000 ____D
C:\Users\Marcin\AppData\Local\AdvinstAnalytics
2017-02-04 12:04 - 2017-02-08 18:30 - 00000000 ____D C:\Program Files
(x86)\Ghanatchicupy
2017-02-04 12:04 - 2017-02-08 18:29 - 00000000 ____D
C:\Users\Marcin\AppData\Roaming\UCChannel
2017-02-04 12:04 - 2017-02-08 18:29 - 00000000 ____D C:\ProgramData\Avira
2017-02-04 12:04 - 2017-02-08 18:29 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-04 12:04 - 2017-02-04 12:04 - 00003674 _____
C:\Windows\System32\Tasks\Qirakmomse
2017-02-04 12:04 - 2017-02-04 12:04 - 00000000 ____D
C:\Users\Marcin\AppData\Local\Druserchnoiry
2017-02-04 12:04 - 2017-02-04 12:04 - 00000000 ____D C:\Program Files
(x86)\mem4jqty
2017-02-04 12:04 - 2017-02-04 11:58 - 00000000 ____D
C:\Users\Marcin\AppData\Roaming\Premerchanosck
RemoveDirectory: C:\ProgramData\113e48l22n3326
RemoveDirectory: C:\Program Files (x86)\Ghanatchicupy
Task: {50A39F19-96E4-4CFC-BCAB-8EC24CB1DE7E} - \UCBrowserSecureUpdater -> Brak
pliku <==== UWAGA
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S2 Plegerph; C:\Program Files (x86)\Ghanatchicupy\ttkClient.dll [X]
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://google.pl/
CHR StartupUrls: ChromeDefaultData -> "hxxp://google.pl/"
CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData [2017-02-08] <==== UWAGA
CHR Extension: (Adblock Plus) - C:\Users\Marcin\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-08]
C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
ShellExecuteHooks: Brak nazwy - {305EB69A-DE4C-11E6-BED1-64006A5CFC23} - -> Brak
pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}
=> -> Brak pliku
GroupPolicy: Ograniczenia <======= UWAGA
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-21-2433464868-3341001813-413371545-1000\...\Run: [] => [X]
HOSTS:
EmptyTemp:

You might also like