RR 2 Log

Anti-malware scan started at: 01.09.
2019 12:51:52 PM
OpenService Update Orchestrator Service :Access is denied
01.09.2019 1:01:43 PM Applications
Probably Malicious: McAfee Security Scan =
01.09.2019 1:01:43 PM Applications
Probably Malicious: McAfee Security Scan = "C:\Program Files\McAfee Security
Scan\uninstall.exe"
01.09.2019 1:06:04 PM Unwanted Software Files
Probably Malicious: C:\Users\Acer\AppData\Local\NICHROME\ =
C:\Users\Acer\AppData\Local\NICHROME\
01.09.2019 1:06:04 PM Unwanted Software Files
Probably Malicious: C:\Users\Acer\AppData\Local\XPOM\ =
C:\Users\Acer\AppData\Local\XPOM\
01.09.2019 1:06:04 PM Multi AV Detected Files
Suspicious: SETUP.EXE = C:\USERS\ACER\APPDATA\ROAMING\DRIVERPACK EASY
SEARCH\SETUP.EXE
Delete Marked Items Auto Start Apps->Unwanted Software Files.
C:\Users\Acer\AppData\Local\NICHROME\=C:\Users\Acer\AppData\Local\NICHROME\
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\Bookmarks
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\Favicons
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\History
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\Preferences
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User
Data\Default\Preferences_20170828174443.backup
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\Top Sites
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default\Web Data
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default
Cannot delete: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Default
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data\Local State
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data
Cannot delete: C:\Users\Acer\AppData\Local\NICHROME\Metro\User Data
Deleted: C:\Users\Acer\AppData\Local\NICHROME\Metro
Cannot delete: C:\Users\Acer\AppData\Local\NICHROME\Metro
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\Bookmarks
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\Favicons
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\History
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\Preferences
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User
Data\Default\Preferences_20170828174441.backup
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\Top Sites
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default\Web Data
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default
Cannot delete: C:\Users\Acer\AppData\Local\NICHROME\User Data\Default
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\First Run
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data\Local State
Deleted: C:\Users\Acer\AppData\Local\NICHROME\User Data
Cannot delete: C:\Users\Acer\AppData\Local\NICHROME\User Data
Deleted: C:\Users\Acer\AppData\Local\NICHROME
Cannot remove folder: C:\Users\Acer\AppData\Local\NICHROME\
Error: 0
Delete At reboot: C:\Users\Acer\AppData\Local\NICHROME
-------------------------------------------------------
01.09.2019 1:26:55 PM Approved File Replacement
Delete: \??\C:\Users\Acer\AppData\Local\Temp\_iu14D2N.tmp
Delete: \??\C:\Program Files
(x86)\Google\Chrome\Temp\scoped_dir8556_499408421\old_chrome.exe
Delete: \??\C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir8556_499408421
Delete: \??\C:\Program Files (x86)\Google\Chrome\Temp
Delete: \??\C:\Program
Files\TxGameAssistant\UI\2.0.12591.123\aow_drv_x64_ev.sys_524357765.bak
Delete: \??\C:\Program Files\TxGameAssistant\UI\aow_exe.exe_524357765.bak
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\adb_IObitDel.exe
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\AdbWinApi_IObitDel.dll
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\AdbWinUsbApi_IObitDel.dll
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\libgcc_s_dw2-1_IObitDel.dll
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\libwinpthread-1_IObitDel.dll
Delete: \??\C:\Program Files (x86)\Microvirt\MEmu\MemuService_IObitDel.exe
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Program Files (x86)\BlueStacks\HD-Common-x86.dll.old
Delete: \??\C:\Program Files (x86)\BlueStacks\HD-DeployTool_Uninstaller.exe.old
Delete: \??\C:\Program Files (x86)\BlueStacks\HD-InstallerUtils.dll.old
Delete: \??\C:\Windows\SysWOW64\Tasks\BlueStacksHelper
Delete: C:\Users\Acer\AppData\Local\NICHROME
Delete Marked Items Auto Start Apps->Unwanted Software Files.
C:\Users\Acer\AppData\Local\XPOM\=C:\Users\Acer\AppData\Local\XPOM\
Deleted: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data\Default\Preferences
Deleted: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data\Default
Cannot delete: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data\Default
Deleted: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data\Local State
Deleted: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data
Cannot delete: C:\Users\Acer\AppData\Local\XPOM\Metro\User Data
Deleted: C:\Users\Acer\AppData\Local\XPOM\Metro
Cannot delete: C:\Users\Acer\AppData\Local\XPOM\Metro
Deleted: C:\Users\Acer\AppData\Local\XPOM\User Data\Default\Preferences
Deleted: C:\Users\Acer\AppData\Local\XPOM\User Data\Default
Cannot delete: C:\Users\Acer\AppData\Local\XPOM\User Data\Default
Deleted: C:\Users\Acer\AppData\Local\XPOM\User Data\Local State
Deleted: C:\Users\Acer\AppData\Local\XPOM\User Data
Cannot delete: C:\Users\Acer\AppData\Local\XPOM\User Data
Deleted: C:\Users\Acer\AppData\Local\XPOM
Cannot remove folder: C:\Users\Acer\AppData\Local\XPOM\
Error: 0
Delete At reboot: C:\Users\Acer\AppData\Local\XPOM
-------------------------------------------------------
Delete: \??\C:\Users\Acer\AppData\Local\NICHROME
Delete: C:\Users\Acer\AppData\Local\XPOM
Delete Marked Items Auto Start Apps->Multi AV Detected Files.
SETUP.EXE=C:\USERS\ACER\APPDATA\ROAMING\DRIVERPACK EASY SEARCH\SETUP.EXE
01.09.2019 1:28:26 PM User Shortcuts
Unknown: C:\Users\Acer\Desktop\OTHERS\Skype.lnk = C:\Windows\Installer\{1845470B-
EB14-4ABC-835B-E36C693DC07D}\SkypeIcon.exe
01.09.2019 1:28:26 PM Registry Run
Probably Malicious: Chromium =
"c:\users\acer\appdata\local\chromium\application\chrome.exe" --auto-launch-at-
startup --profile-directory="Default" --restore-last-session
Delete Marked Items Auto Start Apps->Registry Run.
Chromium="c:\users\acer\appdata\local\chromium\application\chrome.exe" --auto-
launch-at-startup --profile-directory="Default" --restore-last-session
01.09.2019 1:50:35 PM User Shortcuts
Unknown: C:\Users\Acer\Desktop\OTHERS\Skype.lnk = C:\Windows\Installer\{1845470B-
EB14-4ABC-835B-E36C693DC07D}\SkypeIcon.exe
01.09.2019 1:51:29 PM Auto Services
Suspicious: aow_drv = C:\PROGRAM
FILES\TXGAMEASSISTANT\UI\2.0.12591.123\AOW_DRV_X64_EV.SYS
Suspicious: McAfee Vpn Service = "C:\PROGRAM FILES (X86)\MCAFEE SAFE
CONNECT\SERVICE\VPNSERVICE.EXE"
Suspicious: McComponentHostService = "C:\PROGRAM FILES\MCAFEE SECURITY
SCAN\3.11.766\MCCHSVC.EXE"
Suspicious: WsDrvInst = "C:\PROGRAM FILES (X86)\WONDERSHARE\VIDEO CONVERTER
ULTIMATE\TRANSFER\DRIVERINSTALL.EXE"
Delete Marked Items Kernel Auto Boot->Auto Services. aow_drv=C:\PROGRAM
FILES\TXGAMEASSISTANT\UI\2.0.12591.123\AOW_DRV_X64_EV.SYS
Delete Marked Items Kernel Auto Boot->Auto Services. WsDrvInst="C:\PROGRAM FILES
(X86)\WONDERSHARE\VIDEO CONVERTER ULTIMATE\TRANSFER\DRIVERINSTALL.EXE"
Suspicious: McAfee Vpn Service = "C:\PROGRAM FILES (X86)\MCAFEE SAFE
CONNECT\SERVICE\VPNSERVICE.EXE"
Suspicious: McComponentHostService = "C:\PROGRAM FILES\MCAFEE SECURITY
SCAN\3.11.766\MCCHSVC.EXE"
01.09.2019 1:54:44 PM Pre-installed extensions
Probably Malicious: nahhmpbckpgdidfnmfkfgiflpjijilce =
https://clients2.google.com/service/update2/crx
Probably Malicious: pilplloabdedfmialnfchjomjmpjcoej =
Delete Marked Items Browsers->Pre-installed extensions.
nahhmpbckpgdidfnmfkfgiflpjijilce=https://clients2.google.com/service/update2/crx
Delete Marked Items Browsers->Pre-installed extensions.
pilplloabdedfmialnfchjomjmpjcoej=https://clients2.google.com/service/update2/crx
01.09.2019 1:55:10 PM Current Home Page
Probably Malicious: Start Page = https://ph.search.yahoo.com/yhs/web?
hspart=iry&hsimp=yhs-
fullyhosted_003&type=wcg_dpyqptgki1320egikmoq9ay_19_12_ssg36d&param1=1&param2=f
%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd
%3D2XzuyEtN2Y1L1Qzu0EyCyEtB0AyCyE0CyD0FyBtBtD0EzzyCtN0D0Tzu0StByCtAyCtN1L2XzuyEtFyE
tDtFtDtFyBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0FyBtA0F0EtB0CtGyB0FtCtDtG0AtD0EyEtGyBy
CyDyDtGyC0CyCyByB0E0DtD0B0EtDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBtByCzyzztByCtGtC0F0DtC
tGyEtB0DzztG0A0C0F0AtGyEzz0FyDtD0E0C0DtB0BtB0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtDzztCt
CtN1Q2Z1B1P1RzutCyDyDtAtCyDzyyEyCtC%26cr%3D1007879751%26a
%3Dwcg_dpyqptgki1320egikmoq9ay_19_12_ssg36d%26os_ver%3D10.0%26os%3DWindows
%2B10%2BHome
01.09.2019 1:55:10 PM Current Home Page
%2B10%2BHome
01.09.2019 1:55:10 PM Current Home Page(x64)
%2B10%2BHome
01.09.2019 1:55:10 PM Search Provider
Probably Malicious: {2f23ab71-4ac6-41f2-a955-ea576e553146} =
https://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
%2B10%2BHome&p={searchTerms}
01.09.2019 1:55:10 PM Search Provider(x64)
Probably Malicious: {2f23ab71-4ac6-41f2-a955-ea576e553146} =
https://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
01.09.2019 1:55:10 PM FireFox Settings
Probably Malicious: browser.search.selectedEngine = yahoo! powered
Probably Malicious: browser.search.defaultEnginename = yahoo! powered
Probably Malicious: keyword.URL = true
Probably Malicious: browser.search.selectedEngine = yahoo! powered
01.09.2019 1:55:10 PM Firefox Search Engine (search-metadata)
Probably Malicious: [global].current = Yahoo! Powered
01.09.2019 1:55:10 PM Firefox SearchDefault (mozlz4)
Probably Malicious: metaData.searchDefault = Yahoo! Powered
01.09.2019 1:55:10 PM Firefox SearchDefault (mozlz4)
Probably Malicious: metaData.current = Yahoo! Powered
Delete Marked Items Internet Explorer->Search Provider. {2f23ab71-4ac6-41f2-a955-
ea576e553146}=https://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
Delete Marked Items Internet Explorer->Search Provider(x64). {2f23ab71-4ac6-41f2-
a955-ea576e553146}=https://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
File has been saved to:
C:\@RestoreQuarantine\2019-Sep-01_13hour\search-metadata.json
Added restore batch file to \@RestoreQuarantine
Deleting file:
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\search-
metadata.json
File will be deleted at next reboot.
-------------------------------------------------------
Delete: \??\C:\Users\Acer\AppData\Local\XPOM
Delete:
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\search-
metadata.json
C:\@RestoreQuarantine\2019-Sep-01_13hour\search.json.mozlz4
Deleting file:
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\search.json
.mozlz4
-------------------------------------------------------
Delete: \??\C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
\search-metadata.json
Delete:
.mozlz4

Deleting file:
.mozlz4
-------------------------------------------------------
\search-metadata.json
\search.json.mozlz4
Delete:
.mozlz4
01.09.2019 1:55:34 PM Running Processes
Unknown: aow_exe.exe = C:\PROGRAM FILES\TXGAMEASSISTANT\UI\AOW_EXE.EXE
Unknown: adb.exe = C:\PROGRAM FILES (X86)\MICROVIRT\MEMU\ADB.EXE
01.09.2019 1:56:02 PM Registry Run
Unknown: gtarcade = "C:\Users\Acer\AppData\Local\Gtarcade\app\gtarcade.exe"
/game_id=332 /startgame=RXJhIG9mIENlbGVzdGlhbHM=
01.09.2019 1:56:02 PM Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\AvastUpdateTaskMachineCore = C:\Program Files
(x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\AvastUpdateTaskMachineUA = C:\Program Files
01.09.2019 1:56:02 PM Scheduled Tasks 2.0 Cached
Unknown: AvastUpdateTaskMachineCore = C:\Program Files (x86)\AVAST
Software\Browser\Update\AvastBrowserUpdate.exe
Unknown: AvastUpdateTaskMachineUA = C:\Program Files (x86)\AVAST
Delete Marked Items Auto Start Apps->Registry Run.
gtarcade="C:\Users\Acer\AppData\Local\Gtarcade\app\gtarcade.exe" /game_id=332
/startgame=RXJhIG9mIENlbGVzdGlhbHM=
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\AvastUpdateTaskMachineCore = C:\Program Files
01.09.2019 1:58:23 PM IE Extensions - All Users
Unknown: {48A61126-9A19-4C50-A214-FF08CB94995C} =
01.09.2019 1:58:23 PM FireFox Components and Extensions
Unknown: e-webprint@epson.com = C:\Program Files (x86)\Epson Software\E-Web
Print\Firefox Add-on\
Unknown: e10ssaffplg = C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
Unknown: mbckjcfnjmoiinpgddefodcighgikkgn =
Unknown: adb.exe = C:\PROGRAM FILES (X86)\MICROVIRT\MEMU\ADB.EXE
01.09.2019 2:05:12 PM IE Extensions - All Users
Unknown: {48A61126-9A19-4C50-A214-FF08CB94995C} =
Unknown: mbckjcfnjmoiinpgddefodcighgikkgn =
01.09.2019 2:06:10 PM Search Provider
Unknown: 16EC7A4A8D2A644631C9BC3FE075AA8D = https://www.bing.com/search?
q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
01.09.2019 2:06:10 PM Search Provider(x64)
Unknown: browser.startup.homepage = https://www.malwarebytes.org/restorebrowser/
Unknown: browser.newtab.url = about:newtab
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 01.09.2019 2:09:14 PM
Anti-malware scan started at: 01.09.2019 6:10:05 PM
Sending Pipe to UnHackMe failure!
Anti-malware scan started at: 01.09.2019 8:27:20 PM
Sending Pipe to UnHackMe success!
RegRun Reanimator - Scan for Malware... Start check 01.09.2019 at:8:58:24 PM
Prohibited:5 Suspicious:0 Warnings:0
Prohibited:Browser Helper Objects
{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}=
******************************
Prohibited:Hosts File Contents
0.0.0.1 mssplus.mcafee.com=
******************************
-------------------------------------------------------
Delete Marked Items Internet Explorer->Browser Helper Objects. {D5FEC983-01DB-414A-
9456-AF95AC9ED7B5}=
File has been marked as as safe:

RR 2 Log

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

RR 2 Log

Загружено:

Авторское право:

Доступные форматы

Anti-malware scan started at: 01.09.

Added restore batch file to \@RestoreQuarantine

Вам также может понравиться