0% found this document useful (0 votes)

36 views

RR 2 Log

The document reports the results of an anti-malware scan, including the detection and removal of potentially malicious files and software on a system. Several unwanted and suspicious programs were identified and deleted, along with temporary and junk files. The scan also made some approved file replacements.

Uploaded by

José Tomas Varas Collao

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

36 views

RR 2 Log

Uploaded by

José Tomas Varas Collao

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 23

Anti-malware scan started at: 20.12.

2019 18:17:06
OpenService Update Orchestrator Service :Acceso denegado
20.12.2019 18:27:19 Applications
Probably Malicious: PetGame =
IMAGECONVERTER is similar to: ICOCONVERTER
21.12.2019 2:06:56 Unwanted Software Files
Probably Malicious: C:\Users\Jos� Tom�s\AppData\Roaming\1337\ = C:\Users\Jos�
Tom�s\AppData\Roaming\1337\
21.12.2019 2:06:56 Unwanted Software Files
Probably Malicious: = C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666\
21.12.2019 2:06:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\GARBAGE CLEANER\ = C:\ProgramData\GARBAGE
CLEANER\
21.12.2019 2:06:56 Unwanted Software Files
Suspicious: ImageConverter = C:\PROGRAM FILES (X86)\IMAGECONVERTER\
21.12.2019 2:06:56 Unwanted Software Files
Probably Malicious: SoftwareUpdater = C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\
21.12.2019 2:06:56 Unwanted Software Files
Probably Malicious: Babylon = C:\PROGRAMDATA\BABYLON\
Delete Marked Items Auto Start Apps->Unwanted Software Files. C:\Users\Jos�
Tom�s\AppData\Roaming\1337\=C:\Users\Jos� Tom�s\AppData\Roaming\1337\
Deleted: C:\Users\Jos� Tom�s\AppData\Roaming\1337\43534.exe
Deleted: C:\Users\Jos� Tom�s\AppData\Roaming\1337
Cannot remove folder: C:\Users\Jos� Tom�s\AppData\Roaming\1337\
Error: 0
Delete At reboot: C:\Users\Jos� Tom�s\AppData\Roaming\1337
-------------------------------------------------------
21.12.2019 2:07:15 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete Marked Items Auto Start Apps->Unwanted Software Files. =C:\Users\Jos�
Tom�s\AppData\Roaming\prunld1666\
Deleted: C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666\he94351.exe
Deleted: C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666
Cannot remove folder: C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666\
Error: 0
Delete At reboot: C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666
-------------------------------------------------------
21.12.2019 2:07:16 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666
Delete Marked Items Auto Start Apps->Unwanted Software Files.
C:\ProgramData\GARBAGE CLEANER\=C:\ProgramData\GARBAGE CLEANER\
Deleted: C:\ProgramData\GARBAGE CLEANER\Bunifu_UI_v1.5.3.dll
Deleted: C:\ProgramData\GARBAGE CLEANER\Garbage Cleaner.exe
Deleted: C:\ProgramData\GARBAGE CLEANER
Cannot remove folder: C:\ProgramData\GARBAGE CLEANER\
Error: 0
Delete At reboot: C:\ProgramData\GARBAGE CLEANER
-------------------------------------------------------
21.12.2019 2:07:16 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: C:\ProgramData\GARBAGE CLEANER
Delete Marked Items Auto Start Apps->Unwanted Software Files.
SoftwareUpdater=C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\AppsUpdater.exe
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\AppsUpdater.exe.config
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\config.xml
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\Interop.Shell32.dll
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\KeyGen.dll
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\translations.xml
Deleted: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Cannot remove folder: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER\
Error: 0
Delete At reboot: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
-------------------------------------------------------
21.12.2019 2:07:16 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete Marked Items Auto Start Apps->Unwanted Software Files.
Babylon=C:\PROGRAMDATA\BABYLON\
Deleted: C:\PROGRAMDATA\BABYLON
Cannot remove folder: C:\PROGRAMDATA\BABYLON\
Error: 0
Delete At reboot: C:\PROGRAMDATA\BABYLON
-------------------------------------------------------
21.12.2019 2:07:16 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: \??\C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete: C:\PROGRAMDATA\BABYLON
Delete Marked Items Auto Start Apps->Unwanted Software Files.
ImageConverter=C:\PROGRAM FILES (X86)\IMAGECONVERTER\
Deleted: C:\PROGRAM FILES (X86)\IMAGECONVERTER\config.ini
Deleted: C:\PROGRAM FILES (X86)\IMAGECONVERTER\ImageConverter.exe
Deleted: C:\PROGRAM FILES (X86)\IMAGECONVERTER\unins000.dat
Deleted: C:\PROGRAM FILES (X86)\IMAGECONVERTER\unins000.exe
Deleted: C:\PROGRAM FILES (X86)\IMAGECONVERTER
Cannot remove folder: C:\PROGRAM FILES (X86)\IMAGECONVERTER\
Error: 0
Delete At reboot: C:\PROGRAM FILES (X86)\IMAGECONVERTER
-------------------------------------------------------
21.12.2019 2:07:16 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: \??\C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete: \??\C:\PROGRAMDATA\BABYLON
Delete: C:\PROGRAM FILES (X86)\IMAGECONVERTER
21.12.2019 2:07:49 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Setup\EOSNotify = %windir
%\system32\EOSNotify.exe
21.12.2019 2:07:49 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Sk12966Pl = "C:\Users\Jos�
Tom�s\AppData\Roaming\prunld1666\he94351.exe"
21.12.2019 2:07:49 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
21.12.2019 2:07:49 Scheduled Tasks 2.0 Cached
Probably Malicious: Sk12966Pl = "C:\Users\Jos�
Tom�s\AppData\Roaming\prunld1666\he94351.exe"
Delete Marked Items Auto Start Apps->Scheduled Tasks 2.
C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck="%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
-------------------------------------------------------
21.12.2019 2:08:04 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: \??\C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete: \??\C:\PROGRAMDATA\BABYLON
Delete: \??\C:\PROGRAM FILES (X86)\IMAGECONVERTER
Delete: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck
Delete Marked Items Auto Start Apps->Scheduled Tasks 2.
C:\WINDOWS\SYSNATIVE\TASKS\Sk12966Pl="C:\Users\Jos�
Tom�s\AppData\Roaming\prunld1666\he94351.exe"
-------------------------------------------------------
21.12.2019 2:08:05 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: \??\C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete: \??\C:\PROGRAMDATA\BABYLON
Delete: \??\C:\PROGRAM FILES (X86)\IMAGECONVERTER
Delete: \??\C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck
Delete: C:\WINDOWS\SYSNATIVE\TASKS\Sk12966Pl
Delete Marked Items Auto Start Apps->Scheduled Tasks 2.0 Cached.
Sk12966Pl="C:\Users\Jos� Tom�s\AppData\Roaming\prunld1666\he94351.exe"
Deleted Key:SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Sk12966Pl
Error deleting registry key:SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Boot\{328F8556-9779-44C0-B0FC-E32C2C756964}
The DelAnyKey failed too.
Deleted Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\
{328F8556-9779-44C0-B0FC-E32C2C756964}
Error deleting registry key:SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Maintenance\{328F8556-9779-44C0-B0FC-
E32C2C756964}
The DelAnyKey failed too.
Error deleting registry key:SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{328F8556-9779-44C0-B0FC-E32C2C756964}
The DelAnyKey failed too.
Deleted Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\
{328F8556-9779-44C0-B0FC-E32C2C756964}
21.12.2019 2:08:12 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Setup\EOSNotify = %windir
%\system32\EOSNotify.exe
Delete Marked Items Auto Start Apps->Scheduled Tasks 2.
C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Setup\EOSNotify=%windir
%\system32\EOSNotify.exe
-------------------------------------------------------
21.12.2019 2:08:21 Approved File Replacement
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hppcl-
pipelineconfig.xml Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hppcl-
pipelineconfig.xml
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbxpsrender.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbxpsrender.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxdrv11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxdrv11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbytxUI11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbytxUI11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpvplres11.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpvplres11.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpfime52.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpfime52.dll
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\hpbx3config.ini
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpbx3config.ini
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UIDialog.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UIDialog.dll
Rename:
Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\sRGB_Color_Space_Profile.ic
m
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\sRGB_Color_Space_Profile.i
cm
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\AdobeRGB.icc
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\AdobeRGB.icc
Rename: Source: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\xpssvcs.dll
Destination: \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\xpssvcs.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nst62CA.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsfFC81.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsj3B24.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\AccessControl.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\nsisStartMenu.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\uac.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsz8468.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\nsProcess.dll
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\nsh7F7.tmp\
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.BUD
Delete: \??\C:\WINDOWS\system32\spool\V4Dirs\E9D5342B-9958-4D5A-BFA1-
9E3C3E9BBA2C\444ba601.gpd
Delete: \??\C:\WINDOWS\system32\spool\drivers\x64\3\temp\E_Y15F1.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\_iu14D2N.tmp
Rename: Source: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
Destination: \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsu.tmp
Delete: \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe
Delete: \??\C:\Users\JOSTOM~1\AppData\Local\Temp\~nsuA.tmp
Delete: \??\C:\ProgramData\uninstall278507.exe
Delete: \??\C:\Users\Jos� Tom�s\AppData\Roaming\1337
Delete: \??\C:\ProgramData\GARBAGE CLEANER
Delete: \??\C:\PROGRAM FILES (X86)\SOFTWAREUPDATER
Delete: \??\C:\PROGRAMDATA\BABYLON
Delete: \??\C:\PROGRAM FILES (X86)\IMAGECONVERTER
Delete: \??\C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck
Delete: \??\C:\WINDOWS\SYSNATIVE\TASKS\Sk12966Pl
Delete: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Setup\EOSNotify
21.12.2019 2:09:43 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
21.12.2019 2:11:13 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
21.12.2019 2:11:13 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
21.12.2019 2:11:13 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
21.12.2019 2:11:17 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
21.12.2019 2:11:17 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
OpenService Update Orchestrator Service :Acceso denegado
RegRun Reanimator - Scan for Malware... Start check 21.12.2019 at:2:15:01
Prohibited:8 Suspicious:0 Warnings:0
Prohibited:Browser Helper Objects
{8E8F97CD-60B5-456F-A201-73065652D099}=C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
[email protected] Mail.Ru [email protected] 3.12.0.19 ->IESEARCHPLUGIN.DLL !
$*C:\Users\Jos� Tom�s\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
******************************
Prohibited:Pre-installed extensions
beliehdniadoecbonbhlcgbdldccfigp=https://clients2.google.com/service/update2/crx
update_url: https://clients2.google.com/service/update2/crx
******************************
Prohibited:Pre-installed extensions
iepoegkaoeljnbhagabakjodgpfniimo=https://clients2.google.com/service/update2/crx
update_url: https://clients2.google.com/service/update2/crx
******************************
Prohibited:List of Injected DLLs(x64)
AppInit_DLLs=c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
******************************
Prohibited:Eventlog Application DLL
SrvUpdater=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EVENTLOGMESSAGES.DLL
EventLogMessages.dll Microsoft Corporation Microsoft� .NET Framework 4.7.3056.0 !
$*C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll
******************************
-------------------------------------------------------
Anti-malware scan started at: 21.12.2019 4:30:38
21.12.2019 4:30:55 Applications
Probably Malicious: PetGame =
21.12.2019 4:33:15 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
21.12.2019 4:33:15 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
21.12.2019 4:33:19 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
21.12.2019 4:33:19 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
21.12.2019 4:33:19 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
21.12.2019 4:33:20 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
21.12.2019 4:33:20 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 21.12.2019 4:33:21
Anti-malware scan started at: 21.12.2019 4:41:10
21.12.2019 4:41:20 Running Processes
Unknown: CxUtilSvc.exe = C:\PROGRAM FILES\CONEXANT\SAII\CXUTILSVC.EXE
21.12.2019 4:41:20 Running Processes
Unknown: BrLauncher.exe = C:\PROGRAM FILES (X86)\BROTHER\BRLAUNCHER\BRLAUNCHER.EXE
21.12.2019 4:41:20 Running Processes
Unknown: SkypeApp.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE
21.12.2019 4:41:20 Running Processes
Unknown: SkypeBackgroundHost.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEBACKGROUNDH
OST.EXE
21.12.2019 4:41:20 Running Processes
Unknown: OneDrive.exe = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\ONEDRIVE.EXE
21.12.2019 4:41:20 Running Processes
Unknown: BrStMonW.exe = C:\PROGRAM FILES (X86)\BROWNY02\BROTHER\BRSTMONW.EXE
21.12.2019 4:41:20 Running Processes
Unknown: BrotherHelp.exe = C:\PROGRAM FILES (X86)\BROTHER\BROTHER
HELP\BROTHERHELP.EXE
21.12.2019 4:41:20 Running Processes
Unknown: BrYNSvc.exe = C:\PROGRAM FILES (X86)\BROWNY02\BRYNSVC.EXE
21.12.2019 4:41:20 Running Processes
Unknown: SkypeBridge.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEBRIDGE\SKYP
EBRIDGE.EXE
21.12.2019 4:41:56 Applications
Probably Malicious: PetGame =
21.12.2019 4:42:21 User Shortcuts
Unknown: C:\Users\Public\Desktop\Brother Utilities.lnk = C:\PROGRAM FILES
(X86)\BROTHER\BRLAUNCHER\BRLAUNCHER.EXE
21.12.2019 4:42:21 User Shortcuts
Unknown: C:\Users\Public\Desktop\Nitro Pro.lnk = C:\PROGRAM
FILES\NITRO\PRO\12\NITROPDF.EXE
21.12.2019 4:42:21 Registry Run
Unknown: OneDrive = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\ONEDRIVE.EXE
21.12.2019 4:42:21 Registry Run
Unknown: EPLTarget\P0000000000000000 =
C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE /EPT
"EPLTarget\P0000000000000000" /M "L210 Series"
21.12.2019 4:42:21 Registry Run
Unknown: =
21.12.2019 4:42:21 Registry Run
Unknown: BrStsMon00 = C:\PROGRAM FILES (X86)\BROWNY02\BROTHER\BRSTMONW.EXE
21.12.2019 4:42:21 Registry Run
Unknown: BrHelp = C:\PROGRAM FILES (X86)\BROTHER\BROTHER HELP\BROTHERHELP.EXE
21.12.2019 4:42:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Workplace Join\Automatic-
Workplace-Join = %SystemRoot%\System32\AutoWorkplace.exe
21.12.2019 4:42:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\OneDrive Standalone Update Task v2 =
C:\Users\Jos� Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\OneDrive Standalone Update Task-S-1-5-21-
2111669150-4279617329-3644551284-1001 = C:\Users\Jos�
Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\OneDrive Standalone Update Task-S-1-5-21-
2111669150-4279617329-3644551284-1004 = C:\Users\Jos�
Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:21 Scheduled Tasks 2.0 Cached
Unknown: OneDrive Standalone Update Task v2 = C:\Users\Jos�
Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:21 Scheduled Tasks 2.0 Cached
Unknown: OneDrive Standalone Update Task-S-1-5-21-2111669150-4279617329-3644551284-
1001 = C:\Users\Jos�
Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:21 Scheduled Tasks 2.0 Cached
Unknown: OneDrive Standalone Update Task-S-1-5-21-2111669150-4279617329-3644551284-
1004 = C:\Users\Jos�
Tom�s\AppData\Local\MICROSOFT\ONEDRIVE\ONEDRIVESTANDALONEUPDATER.EXE
21.12.2019 4:42:46 Auto Services
Unknown: BrYNSvc = C:\PROGRAM FILES (X86)\BROWNY02\BRYNSVC.EXE
21.12.2019 4:42:46 Auto Services
Unknown: CxUtilSvc = C:\PROGRAM FILES\CONEXANT\SAII\CXUTILSVC.EXE
21.12.2019 4:42:46 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
21.12.2019 4:42:46 Eventlog Application DLL
Probably Malicious: SrvUpdater =
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EVENTLOGMESSAGES.DLL
21.12.2019 4:42:52 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
21.12.2019 4:42:52 Browser Helper Objects
Unknown: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} =
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
21.12.2019 4:42:52 Browser Helper Objects
Unknown: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:\Program Files
(x86)\PSafe\Total\safemon\safemon.dll
21.12.2019 4:42:52 Browser Helper Objects(x64)
Unknown: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} =
c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
21.12.2019 4:42:52 Browser Helper Objects(x64)
Unknown: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:\Program Files
(x86)\PSafe\Total\safemon\safemon64.dll
21.12.2019 4:42:52 Toolbars
Unknown: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} =
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
21.12.2019 4:42:52 Toolbars(x64)
Unknown: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} =
c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
21.12.2019 4:42:52 IE Extensions - All Users
Unknown: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} =
21.12.2019 4:42:52 Google Chrome Addons
Unknown: pppagaglfkmlpgobnlenhknilehpmcbo = C:\PROGRAM FILES
(X86)\PSAFE\PSAFEAV\SAFEMON\360WEBSHIELD.CRX
21.12.2019 4:42:52 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
21.12.2019 4:42:52 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
21.12.2019 4:42:52 Pre-installed extensions
Unknown: pppagaglfkmlpgobnlenhknilehpmcbo = C:\Program Files
(x86)\PSafe\PSafeAV\safemon\360webshield.crx
21.12.2019 4:43:30 Current Home Page
Unknown: Start Page = https://mail.ru/cnt/10445?gp=834423
21.12.2019 4:43:30 Current Home Page
Unknown: Default_Page_URL = http://acer13.msn.com
21.12.2019 4:43:30 Search Provider
Unknown: {FFEBBF0A-C22C-4172-89FF-45215A135AC7} = https://go.mail.ru/distib/ep/?
q={searchTerms}&fr=ntg&product_id=%7BC344C784-5D2A-4F5B-9185-
F33484657C30%7D&gp=811610
21.12.2019 4:43:30 Search Provider
Unknown: DefaultScope = {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
21.12.2019 4:43:30 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
21.12.2019 4:43:30 Search Provider for All Users
Unknown: DefaultScope = {4C34ADF6-43F8-4542-B855-6FBBC5FDC586}
21.12.2019 4:43:30 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
21.12.2019 4:43:30 Search Provider for All Users(x64)
Unknown: DefaultScope = {4C34ADF6-43F8-4542-B855-6FBBC5FDC586}
21.12.2019 4:43:30 Search Provider(x64)
Unknown: {FFEBBF0A-C22C-4172-89FF-45215A135AC7} = https://go.mail.ru/distib/ep/?
q={searchTerms}&fr=ntg&product_id=%7BC344C784-5D2A-4F5B-9185-
F33484657C30%7D&gp=811610
21.12.2019 4:43:30 Search Provider(x64)
Unknown: DefaultScope = {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
21.12.2019 4:43:46 Running Processes
Unknown: CxUtilSvc.exe = C:\PROGRAM FILES\CONEXANT\SAII\CXUTILSVC.EXE
21.12.2019 4:43:46 Running Processes
Unknown: BrLauncher.exe = C:\PROGRAM FILES (X86)\BROTHER\BRLAUNCHER\BRLAUNCHER.EXE
21.12.2019 4:43:46 Running Processes
Unknown: SkypeApp.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE
21.12.2019 4:43:46 Running Processes
Unknown: SkypeBackgroundHost.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEBACKGROUNDH
OST.EXE
21.12.2019 4:43:46 Running Processes
Unknown: OneDrive.exe = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\ONEDRIVE.EXE
21.12.2019 4:43:46 Running Processes
Unknown: BrStMonW.exe = C:\PROGRAM FILES (X86)\BROWNY02\BROTHER\BRSTMONW.EXE
21.12.2019 4:43:46 Running Processes
Unknown: BrotherHelp.exe = C:\PROGRAM FILES (X86)\BROTHER\BROTHER
HELP\BROTHERHELP.EXE
21.12.2019 4:43:46 Running Processes
Unknown: BrYNSvc.exe = C:\PROGRAM FILES (X86)\BROWNY02\BRYNSVC.EXE
21.12.2019 4:43:46 Running Processes
Unknown: SkypeBridge.exe = C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.48.51.0_X64__KZF8QXF38ZG5C\SKYPEBRIDGE\SKYP
EBRIDGE.EXE
21.12.2019 4:43:59 Applications
Probably Malicious: PetGame =
Anti-malware scan started at: 21.12.2019 18:45:38
21.12.2019 18:45:53 Applications
Probably Malicious: PetGame =
21.12.2019 18:48:18 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
21.12.2019 18:48:18 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
21.12.2019 18:48:23 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
21.12.2019 18:48:23 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
21.12.2019 18:48:23 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
21.12.2019 18:48:24 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
21.12.2019 18:48:24 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 21.12.2019 18:48:25
Anti-malware scan started at: 22.12.2019 14:09:52
22.12.2019 14:10:07 Applications
Probably Malicious: PetGame =
22.12.2019 14:12:27 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
22.12.2019 14:12:27 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
22.12.2019 14:12:30 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
22.12.2019 14:12:30 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
22.12.2019 14:12:30 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
22.12.2019 14:12:31 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
22.12.2019 14:12:31 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 22.12.2019 14:12:32
Anti-malware scan started at: 23.12.2019 0:48:16
23.12.2019 0:48:32 Applications
Probably Malicious: PetGame =
23.12.2019 0:49:09 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
23.12.2019 0:49:09 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
23.12.2019 0:49:11 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
23.12.2019 0:49:11 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
23.12.2019 0:49:11 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
23.12.2019 0:49:13 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
23.12.2019 0:49:13 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 23.12.2019 0:49:13
Anti-malware scan started at: 23.12.2019 4:03:12
23.12.2019 4:03:28 Applications
Probably Malicious: PetGame =
23.12.2019 4:03:58 Search Provider for All Users
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
23.12.2019 4:03:58 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Delete Marked Items Internet Explorer->Search Provider for All Users. {AA9A4890-
4262-4441-8977-E2FFCBFB706C}=http://cl.yhs4.search.yahoo.com/yhs/search?
hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
23.12.2019 4:05:04 Search Provider for All Users(x64)
Probably Malicious: {AA9A4890-4262-4441-8977-E2FFCBFB706C} =
http://cl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-
acer_001&p={searchTerms}
Delete Marked Items Internet Explorer->Search Provider for All Users(x64).
{AA9A4890-4262-4441-8977-E2FFCBFB706C}=http://cl.yhs4.search.yahoo.com/yhs/search?
hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
23.12.2019 4:05:37 Applications
Probably Malicious: PetGame =
23.12.2019 4:07:43 List of Injected DLLs(x64)
Probably Malicious: AppInit_DLLs = c:\progra~3\bitguard\271769~1.27\
{c16c1~1\loader.dll
Delete Marked Items Kernel Auto Boot->List of Injected DLLs(x64).
AppInit_DLLs=c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 28.12.2019 1:08:26
Anti-malware scan started at: 28.12.2019 6:01:19
29/12/2019 1:20:25 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
29/12/2019 1:20:29 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
29/12/2019 1:20:29 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
29/12/2019 1:20:29 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29/12/2019 1:20:30
Anti-malware scan started at: 29.12.2019 15:20:03
01.01.2020 1:58:27 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
01.01.2020 1:58:32 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
01.01.2020 1:58:32 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
01.01.2020 1:58:32 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 01.01.2020 1:58:33
Anti-malware scan started at: 01.01.2020 5:23:07
OpenService Update Orchestrator Service :Acceso denegado
01.01.2020 5:29:53 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
01.01.2020 5:29:53 Pre-installed extensions
Probably Malicious: beliehdniadoecbonbhlcgbdldccfigp =
https://clients2.google.com/service/update2/crx
01.01.2020 5:29:53 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
Delete Marked Items Browsers->Pre-installed extensions.
beliehdniadoecbonbhlcgbdldccfigp=https://clients2.google.com/service/update2/crx
01.01.2020 5:38:05 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
01.01.2020 5:38:05 Pre-installed extensions
Probably Malicious: iepoegkaoeljnbhagabakjodgpfniimo =
https://clients2.google.com/service/update2/crx
Delete Marked Items Browsers->Pre-installed extensions.
iepoegkaoeljnbhagabakjodgpfniimo=https://clients2.google.com/service/update2/crx
01.01.2020 5:44:11 Browser Helper Objects
Probably Malicious: {8E8F97CD-60B5-456F-A201-73065652D099} = C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
Delete Marked Items Internet Explorer->Browser Helper Objects. {8E8F97CD-60B5-456F-
A201-73065652D099}=C:\USERS\JOS�
TOM�S\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 01.01.2020 5:45:19
Anti-malware scan started at: 01.01.2020 9:45:30
01.01.2020 9:46:16 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 01.01.2020 9:46:19
Anti-malware scan started at: 01.01.2020 17:05:48
01.01.2020 17:07:28 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 01.01.2020 17:07:32
Anti-malware scan started at: 01.01.2020 23:38:51
02.01.2020 0:57:46 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.01.2020 0:57:52
Anti-malware scan started at: 02.01.2020 6:49:28
02/01/2020 20:15:02 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02/01/2020 20:15:06
Anti-malware scan started at: 03.01.2020 10:40:25
04.01.2020 3:43:12 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.01.2020 3:43:18
Anti-malware scan started at: 05.01.2020 5:42:09
05.01.2020 5:44:50 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 05.01.2020 5:44:58
Anti-malware scan started at: 05.01.2020 14:16:09
05.01.2020 14:20:05 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 05.01.2020 14:20:12
Anti-malware scan started at: 06.01.2020 3:21:50
06.01.2020 3:24:30 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 06.01.2020 3:24:36
Anti-malware scan started at: 07.01.2020 23:58:53
08/01/2020 0:02:57 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08/01/2020 0:03:05
Anti-malware scan started at: 08.01.2020 4:03:26
08.01.2020 4:04:59 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.01.2020 4:05:03
Anti-malware scan started at: 08.01.2020 8:05:18
08.01.2020 8:06:07 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.01.2020 8:06:11
Anti-malware scan started at: 08.01.2020 12:06:26
08.01.2020 12:07:51 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.01.2020 12:07:55
Anti-malware scan started at: 08.01.2020 16:08:11
08.01.2020 16:08:54 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.01.2020 16:08:56
Anti-malware scan started at: 08.01.2020 20:09:13
08.01.2020 20:09:55 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.01.2020 20:09:58
Anti-malware scan started at: 09.01.2020 0:10:13
09.01.2020 0:11:02 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 0:11:04
Anti-malware scan started at: 09.01.2020 4:11:18
09.01.2020 4:12:10 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 4:12:14
Anti-malware scan started at: 09.01.2020 8:12:44
09.01.2020 8:13:35 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 8:13:38
Anti-malware scan started at: 09.01.2020 12:13:53
09.01.2020 12:14:40 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 12:14:43
Anti-malware scan started at: 09.01.2020 16:14:56
09.01.2020 16:15:41 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 16:15:44
Anti-malware scan started at: 09.01.2020 20:15:57
09.01.2020 20:16:46 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.01.2020 20:16:48
Anti-malware scan started at: 10.01.2020 0:17:02
10.01.2020 0:17:46 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 10.01.2020 0:17:48
Anti-malware scan started at: 10.01.2020 4:18:03
10.01.2020 4:18:46 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 10.01.2020 4:18:49
Anti-malware scan started at: 10.01.2020 11:30:30
10.01.2020 11:31:52 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 10.01.2020 11:31:56
Anti-malware scan started at: 10.01.2020 15:32:17
10.01.2020 15:33:38 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 10.01.2020 15:33:41
Anti-malware scan started at: 10.01.2020 23:02:36
10.01.2020 23:03:27 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 10.01.2020 23:03:30
Anti-malware scan started at: 11.01.2020 12:58:54
12.01.2020 1:19:41 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.01.2020 1:19:45
Anti-malware scan started at: 12.01.2020 5:20:00
12.01.2020 5:22:05 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.01.2020 5:22:10
Anti-malware scan started at: 12.01.2020 19:33:09
12.01.2020 19:35:35 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.01.2020 19:35:39
Anti-malware scan started at: 12.01.2020 23:50:58
12.01.2020 23:51:43 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.01.2020 23:51:47
Anti-malware scan started at: 13.01.2020 13:31:58
13.01.2020 13:34:24 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.01.2020 13:34:29
Anti-malware scan started at: 13.01.2020 17:34:43
13.01.2020 17:35:35 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.01.2020 17:35:38
Anti-malware scan started at: 13.01.2020 21:39:30
13.01.2020 21:40:18 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.01.2020 21:40:21
Anti-malware scan started at: 14.01.2020 4:13:46
14.01.2020 22:48:13 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 14.01.2020 22:48:20
Anti-malware scan started at: 15.01.2020 10:40:00
15.01.2020 10:41:44 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.01.2020 10:41:48
Anti-malware scan started at: 15.01.2020 14:46:06
15.01.2020 14:46:58 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.01.2020 14:47:01
Anti-malware scan started at: 15.01.2020 18:49:03
15.01.2020 18:50:40 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.01.2020 18:50:44
Anti-malware scan started at: 15.01.2020 22:50:54
15.01.2020 22:51:42 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.01.2020 22:51:44
Anti-malware scan started at: 16.01.2020 3:07:05
16.01.2020 15:04:08 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.01.2020 15:04:14
Anti-malware scan started at: 16.01.2020 22:02:54
17.01.2020 19:46:14 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.01.2020 19:46:21
Anti-malware scan started at: 17.01.2020 23:49:27
17/01/2020 23:53:06 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17/01/2020 23:53:12
Anti-malware scan started at: 18.01.2020 6:19:07
18.01.2020 14:20:12 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 18.01.2020 14:20:17
Anti-malware scan started at: 18.01.2020 18:28:21
18.01.2020 18:29:09 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 18.01.2020 18:29:11
Anti-malware scan started at: 19.01.2020 6:32:28
19.01.2020 17:06:50 Auto Services
Suspicious: wust = C:\OSRSS\WUST.EXE
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 19.01.2020 17:06:57

RR 2 Log
No ratings yet
RR 2 Log
8 pages
RR 2 Log
No ratings yet
RR 2 Log
108 pages
UsbFix Report
No ratings yet
UsbFix Report
5 pages
RR 2 Log
No ratings yet
RR 2 Log
568 pages
Av 221114
No ratings yet
Av 221114
3 pages
Test
No ratings yet
Test
3 pages
NN
No ratings yet
NN
2 pages
Sign
No ratings yet
Sign
4 pages
OTL
No ratings yet
OTL
19 pages
Files
No ratings yet
Files
17 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
UsbFix Report
No ratings yet
UsbFix Report
752 pages
UsbFix Report
No ratings yet
UsbFix Report
16 pages
UsbFix Report
No ratings yet
UsbFix Report
2 pages
Cortex XDR Issues
No ratings yet
Cortex XDR Issues
9 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
Prueba Uni
No ratings yet
Prueba Uni
8 pages
Log
No ratings yet
Log
117 pages
UsbFix Report
No ratings yet
UsbFix Report
194 pages
FRST
No ratings yet
FRST
9 pages
1
No ratings yet
1
8 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
FRST - 21-09-2022 14.25.50
No ratings yet
FRST - 21-09-2022 14.25.50
10 pages
B
No ratings yet
B
4 pages
UsbFix (Clean 1) PC6
No ratings yet
UsbFix (Clean 1) PC6
6 pages
Test 2
No ratings yet
Test 2
4 pages
UsbFix (Clean 1) MILAGROS-PC
No ratings yet
UsbFix (Clean 1) MILAGROS-PC
3 pages
Bug Report
No ratings yet
Bug Report
31 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
MB Clean Results
No ratings yet
MB Clean Results
19 pages
BitDefender Log File
No ratings yet
BitDefender Log File
3 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
AdwCleaner (S00)
No ratings yet
AdwCleaner (S00)
2 pages
UsbFix Report
No ratings yet
UsbFix Report
2 pages
UsbFix Report
No ratings yet
UsbFix Report
6 pages
JRT
No ratings yet
JRT
2 pages
Upd 2
No ratings yet
Upd 2
9 pages
Combo Fix
No ratings yet
Combo Fix
4 pages
AdwCleaner[C00]
No ratings yet
AdwCleaner[C00]
3 pages
Process List
No ratings yet
Process List
7 pages
RR 2 Log
No ratings yet
RR 2 Log
23 pages
Otl Log
No ratings yet
Otl Log
60 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
AdwCleaner (C00)
No ratings yet
AdwCleaner (C00)
2 pages
UsbFix Report
No ratings yet
UsbFix Report
3 pages
Serial Number Software
No ratings yet
Serial Number Software
6 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
Mal Wares List
No ratings yet
Mal Wares List
13 pages
UsbFix R
No ratings yet
UsbFix R
3 pages
L
No ratings yet
L
1 page
Scanning Report 01 December 2010 00:30:30 - 01:11:02: Result: 36 Malware Found
No ratings yet
Scanning Report 01 December 2010 00:30:30 - 01:11:02: Result: 36 Malware Found
27 pages
HGHHD
No ratings yet
HGHHD
5 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
UsbFix Report
No ratings yet
UsbFix Report
4 pages
HGHHDDD
No ratings yet
HGHHDDD
5 pages
Evaluation of Some Android Emulators and Installation of Android OS on Virtualbox and VMware
From Everand
Evaluation of Some Android Emulators and Installation of Android OS on Virtualbox and VMware
Dr. Hidaia Mahmood Alassouli
No ratings yet
Quick Guide for Using External Memory Card to Increase Internal Storage Space of Android Devices
From Everand
Quick Guide for Using External Memory Card to Increase Internal Storage Space of Android Devices
Dr. Hidaia Mahmood Alassouli
No ratings yet

RR 2 Log

Uploaded by

RR 2 Log

Uploaded by

Anti-malware scan started at: 20.12.

You might also like