Malware Log Analysis

shared / Telephonelcy2056
Login
content copied

content

Start:: CreateRestorePoint: CloseProcesses: 2026-03-31 15:26 - 2025-09-01 14:10 - 000000000 ____D C:\Users\Acer\AppData\Roaming\RenPy CustomCLSID: HKU\S-1-5-21-2659399760-2999786362-2711997334-1001_Classes\CLSID\{18A68F64-72DD-42CE-A75D-EDBDAC226F5D}\localserver32 -> "C:\Users\Acer\AppData\Roaming\Spotify\SpotifyLauncher.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2659399760-2999786362-2711997334-1001_Classes\CLSID\{2F3DBC5F-77E5-4696-A3E0-8F78B0091F82}\localserver32 -> "c:\program files\musehub\current\musehub.exe" ----AppNotificationActivated: => No File CustomCLSID: HKU\S-1-5-21-2659399760-2999786362-2711997334-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2659399760-2999786362-2711997334-1001_Classes\CLSID\{5F86DC52-D653-4CFF-BAC7-C3A406AF8946}\localserver32 -> "C:\Users\Acer\AppData\Roaming\Spotify\Spotify.exe" -ToastActivated => No File AlternateDataStreams: C:\Windows\tracing:? [16] HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Acer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) 2026-03-19 20:27 - 2026-03-19 20:27 - 000002264 _____ C:\Users\Acer\AppData\LocalLow\576f54ed4b978854f790d7842b7a6ebdbc67070d8c4800d485a329b103936c03 2026-04-15 10:23 - 2025-11-18 17:00 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\75799594f5106f8554bd28755df7cea4363289874bd7476a2a18f2bcb81a24f6 2026-04-15 10:16 - 2025-08-31 09:15 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\05f2a2e91a42453168eb85ad8e2fad3c54f0b463b70edca88e2ab4c571fe91a5 2026-04-15 09:50 - 2025-09-22 20:53 - 001414061 _____ C:\Users\Acer\AppData\LocalLow\3790edf8c43600d5e37b8382e3c0e71798c796e70c306d7b8f4ecf2fb4451cb5 2026-04-15 09:41 - 2025-08-31 09:24 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\1200a7146be44de5d7e4933bba92fbf62e200cae64fc37f56462371d1d9f7ebc 2026-04-15 00:28 - 2025-09-22 20:53 - 000001474 _____ C:\Users\Acer\AppData\LocalLow\3fb547855fb3d3c7cb2c06aca33a9c3f354a22a4517aeb6e3c4558bfccca078a 2026-04-14 23:50 - 2025-08-31 15:22 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\3a320a53e298c65994944589b86f741f340445dd273095332097e58569de6ed3 2026-04-14 22:37 - 2025-09-02 16:09 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\5d9cee3caf49d819f5568b621b12dcb68287345205ee26e80e81785c8a8ef3aa 2026-04-14 22:37 - 2025-08-31 14:05 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\4ba92db74adb126d1885cd21a1d62e9a15b03a65c9f8fdb9a18258cc786268fa 2026-04-14 22:37 - 2025-08-31 09:24 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\9e1b02abbea81c645b66e7a00689c2ddc61b7f0bb24a7daf6e00030cac52a8ff 2026-04-14 21:28 - 2025-08-31 12:16 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\a53df6361f129bc7dfdb3119af483edc3d2da78bb3ba4ccb799c53af4ce76cb3 2026-04-13 14:11 - 2025-09-26 14:42 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\c128e33a9d0746f9675aa6bfa95c9e8ed1e9dd7821e0d9f8303aee95d2127b63 2026-04-07 12:22 - 2026-01-27 22:04 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\62bbf21d8202880177745ec6891de30fe378d61e669f801c434534ca1e228ea8 2026-03-30 21:41 - 2025-09-26 14:42 - 000339661 _____ C:\Users\Acer\AppData\LocalLow\56d00d88f258c6b9d5eafaa2ad53cf54b204f1342ea5a3a062980e0752dc4571 2026-03-27 00:39 - 2025-09-01 12:48 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\75a937fffe60544463a91efae99b75e60c71aa112f2e8235ec259c1d03b50934 2026-03-19 22:24 - 2026-01-02 14:22 - 000000130 _____ C:\Users\Acer\AppData\LocalLow\6964f82651bdc40d99f4c4f9673fe5932736931a2728ee2ed124bbfc5eee4958 2026-03-19 22:14 - 2026-01-02 14:22 - 000001810 _____ C:\Users\Acer\AppData\LocalLow\8d1ee48bde9e229d2bf6aaf00718b34ddf04ccff8f6ca96586dff2deec3586f2 HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\Software\Classes\.cmd: => <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-5-21-2659399760-2999786362-2711997334-1001\...\RunOnce: [Uninstall 26.040.0301.0001_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Acer\AppData\Local\Microsoft\OneDrive\26.040.0301.0001_1" [0 2026-04-14] () <==== ATTENTION [zero byte File/Folder] HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION FirewallRules: [TCP Query User{B93DCAD9-3C29-477B-837F-0870DD72D6EC}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\acer\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [UDP Query User{DF914130-B7A3-43C1-8224-E5DD459B900A}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\acer\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [{3F00D61A-AD05-46E4-BF93-6266804436D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{E2C020F3-3048-4C6D-99E3-CAB92AAEDEC0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{5789babd-e77d-47a6-9f34-e8523995299f}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe => No File FirewallRules: [{9d1b2c42-e492-48db-9cbf-387ba84e6195}] => (Allow) C:\Program Files\ldplayer9box\VBoxNetNAT.exe => No File FirewallRules: [{5cd8a5f6-23ad-4bdc-9465-83f877fab660}] => (Allow) D:\LDPlayer\LDPlayer9\dnplayer.exe => No File FirewallRules: [{3C384981-5D82-453F-A40E-BC317A52FD9F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [{18255E5B-7663-4726-A86D-3826F8577FE3}] => (Allow) C:\Program Files\AppsAnywhere\AppsAnywhere\AppsAnywhere.exe => No File FirewallRules: [{82F1CEC3-D4F1-4EEA-ABBB-4FE566872C71}] => (Allow) C:\Program Files\AppsAnywhere\AppsAnywhere\AppsAnywhere.exe => No File FirewallRules: [{2847328A-5C65-42DC-8FD0-F470FDE6D22C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{8E63AA42-617F-4DED-B399-EBDE1EB20B23}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{58B4C33E-B01A-4F50-82ED-D12175D3B78B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{DA3CCDBF-4F7B-4165-865C-07A6B30CD3BD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{58B80DAF-042A-441E-923F-FA6C31736A4C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{ADE57046-C5B8-4A12-A909-8213F8A2EF8A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{8F4C23A7-62FC-4D15-BD9C-24F7F83ABCF7}] => (Allow) D:\SteamLibrary\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [{D95D200F-3773-4F57-9AF3-1E2E7C7B779E}] => (Allow) D:\SteamLibrary\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [{B7C2CBB3-B185-44D1-B4FE-F285919AE421}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.0.23\OverwolfBrowser.exe => No File FirewallRules: [{BC7B9961-99AB-4937-91C6-4AF3A9EAF340}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.0.23\OverwolfBrowser.exe => No File FirewallRules: [{940E011C-F86A-49AE-9529-40FC88CA382F}] => (Block) C:\Program Files (x86)\Overwolf\0.296.0.23\OverwolfBrowser.exe => No File FirewallRules: [{8FAE799D-F166-47F2-B259-265EA2FFC7C0}] => (Block) C:\Program Files (x86)\Overwolf\0.296.0.23\OverwolfBrowser.exe => No File StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: EmptyTemp: End::