Anda di halaman 1dari 305

Anti-malware scan started at: 09.07.

2019 02:21:57
09.07.2019 02:32:23 Running Processes
Probably Malicious: KMS-R@1n.exe = C:\WINDOWS\KMS-R@1N.EXE
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 2019/07/10 04:06:12
Anti-malware scan started at: 10.07.2019 08:06:30
10.07.2019 08:06:51 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
10.07.2019 08:07:14 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
10.07.2019 08:07:14 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
10.07.2019 08:07:14 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 08:07:14 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
10.07.2019 08:07:14 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 08:07:35 User Shortcuts
Unknown: C:\Users\Home\Desktop\USB Disk Storage Format Tool.lnk = C:\PROGRAM
FILES\USB DISK STORAGE FORMAT TOOL\USBFORMATTOOL.EXE
10.07.2019 08:07:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\Free Rar Password Recovery.lnk = C:\PROGRAM FILES
(X86)\AMAZING-SHARE\FREE RAR PASSWORD RECOVERY\FREE RAR PASSWORD RECOVERY.EXE
10.07.2019 08:07:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
10.07.2019 08:07:35 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
10.07.2019 08:07:35 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
10.07.2019 08:07:35 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 08:07:35 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 08:08:59 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 08:09:05 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
10.07.2019 08:09:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
10.07.2019 08:09:05 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
10.07.2019 08:09:05 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
10.07.2019 08:09:05 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
10.07.2019 08:09:05 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
10.07.2019 08:09:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
10.07.2019 08:09:05 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
10.07.2019 08:09:08 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 10.07.2019 08:09:09
Anti-malware scan started at: 10.07.2019 12:10:25
10.07.2019 12:10:53 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
10.07.2019 12:10:53 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
10.07.2019 12:10:53 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 12:10:53 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
10.07.2019 12:10:53 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 12:11:11 User Shortcuts
Unknown: C:\Users\Home\Desktop\USB Disk Storage Format Tool.lnk = C:\PROGRAM
FILES\USB DISK STORAGE FORMAT TOOL\USBFORMATTOOL.EXE
10.07.2019 12:11:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\Free Rar Password Recovery.lnk = C:\PROGRAM FILES
(X86)\AMAZING-SHARE\FREE RAR PASSWORD RECOVERY\FREE RAR PASSWORD RECOVERY.EXE
10.07.2019 12:11:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
10.07.2019 12:11:11 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
10.07.2019 12:11:11 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
10.07.2019 12:11:11 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 12:11:11 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 12:12:12 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 12:12:16 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
10.07.2019 12:12:16 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
10.07.2019 12:12:16 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
10.07.2019 12:12:16 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
10.07.2019 12:12:16 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
10.07.2019 12:12:16 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
10.07.2019 12:12:16 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
10.07.2019 12:12:16 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
10.07.2019 12:12:18 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 10.07.2019 12:12:19
Anti-malware scan started at: 10.07.2019 21:48:53
10.07.2019 21:49:57 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
10.07.2019 21:49:57 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
10.07.2019 21:49:57 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 21:49:57 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
10.07.2019 21:49:57 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 21:50:24 User Shortcuts
Unknown: C:\Users\Home\Desktop\USB Disk Storage Format Tool.lnk = C:\PROGRAM
FILES\USB DISK STORAGE FORMAT TOOL\USBFORMATTOOL.EXE
10.07.2019 21:50:24 User Shortcuts
Unknown: C:\Users\Public\Desktop\Free Rar Password Recovery.lnk = C:\PROGRAM FILES
(X86)\AMAZING-SHARE\FREE RAR PASSWORD RECOVERY\FREE RAR PASSWORD RECOVERY.EXE
10.07.2019 21:50:24 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
10.07.2019 21:50:24 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
10.07.2019 21:50:24 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
10.07.2019 21:50:25 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 21:50:25 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
10.07.2019 21:52:08 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
10.07.2019 21:52:14 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
10.07.2019 21:52:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
10.07.2019 21:52:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
10.07.2019 21:52:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
10.07.2019 21:52:14 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
10.07.2019 21:52:14 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
10.07.2019 21:52:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
10.07.2019 21:52:14 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
10.07.2019 21:52:17 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 10.07.2019 21:52:18
Anti-malware scan started at: 11.07.2019 01:41:00
11.07.2019 01:46:37 Running Processes
Probably Malicious: setup.exe =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITCOINSOFTWARE\SETUP.EXE
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 11.07.2019 03:32:00
Anti-malware scan started at: 11.07.2019 07:32:21
11.07.2019 07:32:32 Running Processes
Probably Malicious: setup.exe =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITCOINSOFTWARE\SETUP.EXE
11.07.2019 07:32:54 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
11.07.2019 07:32:54 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
11.07.2019 07:32:54 Multi AV Detected Files
Suspicious: SETUP.EXE =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITCOINSOFTWARE\SETUP.EXE
11.07.2019 07:32:54 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 07:32:54 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
11.07.2019 07:32:54 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 07:33:14 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
11.07.2019 07:33:14 Registry RunOnce
Unknown: Delete Cached Update Binary = C:\Windows\system32\cmd.exe /q /c del /q
"C:\Users\Home\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
11.07.2019 07:33:14 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
11.07.2019 07:33:14 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 07:33:14 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 07:34:26 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 07:34:31 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
11.07.2019 07:34:31 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
11.07.2019 07:34:31 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
11.07.2019 07:34:31 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
11.07.2019 07:34:31 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
11.07.2019 07:34:31 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
11.07.2019 07:34:31 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
11.07.2019 07:34:31 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
11.07.2019 07:34:32 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 11.07.2019 07:34:33
Anti-malware scan started at: 11.07.2019 11:34:38
11.07.2019 11:34:58 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
11.07.2019 11:34:58 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
11.07.2019 11:34:58 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 11:34:58 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
11.07.2019 11:34:58 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 11:35:13 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
11.07.2019 11:35:13 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
11.07.2019 11:35:13 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 11:35:13 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 11:35:51 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 11:35:55 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
11.07.2019 11:35:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
11.07.2019 11:35:55 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
11.07.2019 11:35:55 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
11.07.2019 11:35:55 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
11.07.2019 11:35:55 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
11.07.2019 11:35:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
11.07.2019 11:35:55 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
11.07.2019 11:35:56 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 11.07.2019 11:35:57
Anti-malware scan started at: 11.07.2019 17:30:11
11.07.2019 17:30:21 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
11.07.2019 17:30:21 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
11.07.2019 17:30:21 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 17:30:21 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
11.07.2019 17:30:21 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 17:30:29 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
11.07.2019 17:30:29 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
11.07.2019 17:30:29 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 17:30:29 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 17:30:50 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 17:30:52 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
11.07.2019 17:30:52 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
11.07.2019 17:30:52 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
11.07.2019 17:30:52 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
11.07.2019 17:30:52 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
11.07.2019 17:30:52 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
11.07.2019 17:30:52 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
11.07.2019 17:30:52 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
11.07.2019 17:30:53 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 11.07.2019 17:30:54
Anti-malware scan started at: 11.07.2019 21:32:05
11.07.2019 21:34:02 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
11.07.2019 21:34:02 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
11.07.2019 21:34:02 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 21:34:02 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
11.07.2019 21:34:02 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 21:35:14 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk =
C:\SIMPLEX.RELEASE.NAME\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
11.07.2019 21:35:14 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
11.07.2019 21:35:14 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
11.07.2019 21:35:14 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 21:35:14 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
11.07.2019 21:39:26 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
11.07.2019 21:39:29 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
11.07.2019 21:39:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
11.07.2019 21:39:29 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
11.07.2019 21:39:29 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
11.07.2019 21:39:29 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
11.07.2019 21:39:29 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
11.07.2019 21:39:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
11.07.2019 21:39:29 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
11.07.2019 21:39:30 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 11.07.2019 21:39:31
Anti-malware scan started at: 12.07.2019 01:39:47
12.07.2019 01:40:23 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 01:40:23 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 01:40:23 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 01:40:23 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 01:40:23 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 01:40:42 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk =
C:\SIMPLEX.RELEASE.NAME\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 01:40:42 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 01:40:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 01:40:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 01:40:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 01:40:42 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 01:40:42 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 01:40:42 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 01:40:42 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 01:41:48 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 01:41:54 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 01:41:54 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 01:41:54 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 01:41:54 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 01:41:54 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 01:41:54 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 01:41:54 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 01:41:54 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 01:41:56 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 01:41:56
Anti-malware scan started at: 12.07.2019 05:42:16
12.07.2019 05:42:56 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 05:42:56 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 05:42:56 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 05:42:56 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 05:42:57 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 05:43:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 05:43:20 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 05:43:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 05:43:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 05:43:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 05:43:20 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 05:43:20 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 05:43:20 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 05:43:20 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 05:44:38 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 05:44:43 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 05:44:43 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 05:44:43 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 05:44:43 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 05:44:43 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 05:44:43 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 05:44:43 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 05:44:43 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 05:44:45 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
12.07.2019 05:44:45 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 05:44:46
Anti-malware scan started at: 12.07.2019 09:45:01
12.07.2019 09:45:29 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 09:45:29 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 09:45:29 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 09:45:29 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 09:45:29 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 09:45:43 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 09:45:43 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 09:45:43 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 09:45:43 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 09:45:43 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 09:45:43 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 09:45:43 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 09:45:43 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 09:45:43 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 09:46:42 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 09:46:46 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 09:46:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 09:46:46 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 09:46:46 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 09:46:46 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 09:46:46 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 09:46:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 09:46:46 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 09:46:48 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
12.07.2019 09:46:48 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 09:46:48
Anti-malware scan started at: 12.07.2019 14:03:09
12.07.2019 14:03:42 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 14:03:42 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 14:03:42 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 14:03:42 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 14:03:42 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 14:03:57 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 14:03:57 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 14:03:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 14:03:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 14:03:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 14:03:57 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 14:03:57 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 14:03:57 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 14:03:57 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 14:05:01 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 14:05:07 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 14:05:07 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 14:05:07 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 14:05:07 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 14:05:07 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 14:05:07 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 14:05:07 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 14:05:07 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 14:05:09 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
12.07.2019 14:05:09 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 14:05:10
Anti-malware scan started at: 12.07.2019 18:14:04
12.07.2019 18:14:34 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 18:14:34 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 18:14:34 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 18:14:34 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 18:14:34 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 18:14:51 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 18:14:51 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 18:14:51 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 18:14:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 18:14:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 18:14:52 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 18:14:52 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 18:14:52 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 18:14:52 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 18:15:34 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 18:15:39 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 18:15:39 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 18:15:39 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 18:15:39 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 18:15:39 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 18:15:39 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 18:15:39 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 18:15:39 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 18:15:40 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
12.07.2019 18:15:41 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 18:15:41
Anti-malware scan started at: 12.07.2019 22:15:54
12.07.2019 22:16:15 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
12.07.2019 22:16:16 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
12.07.2019 22:16:16 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 22:16:16 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
12.07.2019 22:16:16 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 22:16:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
12.07.2019 22:16:26 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
12.07.2019 22:16:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 22:16:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
12.07.2019 22:16:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 22:16:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 22:16:26 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
12.07.2019 22:16:26 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
12.07.2019 22:16:26 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
12.07.2019 22:17:05 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
12.07.2019 22:17:07 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
12.07.2019 22:17:07 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
12.07.2019 22:17:07 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
12.07.2019 22:17:08 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
12.07.2019 22:17:08 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
12.07.2019 22:17:08 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
12.07.2019 22:17:08 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
12.07.2019 22:17:08 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
12.07.2019 22:17:09 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
12.07.2019 22:17:09 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 12.07.2019 22:17:10
Anti-malware scan started at: 13.07.2019 02:35:03
13.07.2019 02:35:19 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
13.07.2019 02:35:43 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
13.07.2019 02:35:43 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
13.07.2019 02:35:43 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 02:35:43 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
13.07.2019 02:35:43 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 02:36:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
13.07.2019 02:36:04 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
13.07.2019 02:36:04 Registry Run
Unknown: ClpBtcn = C:\USERS\HOME\APPDATA\LOCAL\TEMP\LXDF.EXE
13.07.2019 02:36:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 02:36:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
13.07.2019 02:36:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 02:36:04 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
13.07.2019 02:36:04 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 02:36:04 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 02:36:04 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 02:36:04 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 02:37:14 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 02:37:18 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
13.07.2019 02:37:18 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
13.07.2019 02:37:18 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
13.07.2019 02:37:18 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
13.07.2019 02:37:18 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
13.07.2019 02:37:18 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
13.07.2019 02:37:18 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
13.07.2019 02:37:18 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
13.07.2019 02:37:20 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
13.07.2019 02:37:20 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.07.2019 02:37:21
Anti-malware scan started at: 13.07.2019 06:37:48
13.07.2019 06:38:32 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
13.07.2019 06:39:10 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
13.07.2019 06:39:10 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
13.07.2019 06:39:10 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 06:39:10 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
13.07.2019 06:39:10 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 06:39:47 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
13.07.2019 06:39:48 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
13.07.2019 06:39:48 Registry Run
Unknown: ClpBtcn = C:\USERS\HOME\APPDATA\LOCAL\TEMP\LXDF.EXE
13.07.2019 06:39:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 06:39:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
13.07.2019 06:39:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 06:39:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
13.07.2019 06:39:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 06:39:48 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 06:39:48 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 06:39:48 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 06:42:03 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 06:42:13 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
13.07.2019 06:42:13 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
13.07.2019 06:42:13 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
13.07.2019 06:42:13 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
13.07.2019 06:42:13 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
13.07.2019 06:42:13 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
13.07.2019 06:42:13 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
13.07.2019 06:42:13 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
13.07.2019 06:42:16 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
13.07.2019 06:42:16 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.07.2019 06:42:17
Anti-malware scan started at: 13.07.2019 20:08:05
13.07.2019 20:08:20 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
13.07.2019 20:08:40 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
13.07.2019 20:08:40 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
13.07.2019 20:08:40 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 20:08:40 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
13.07.2019 20:08:40 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 20:08:55 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
13.07.2019 20:08:55 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
13.07.2019 20:08:55 Registry Run
Unknown: ClpBtcn = C:\USERS\HOME\APPDATA\LOCAL\TEMP\LXDF.EXE
13.07.2019 20:08:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 20:08:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
13.07.2019 20:08:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 20:08:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
13.07.2019 20:08:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 20:08:55 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
13.07.2019 20:08:55 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
13.07.2019 20:08:55 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
13.07.2019 20:09:43 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
13.07.2019 20:09:47 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
13.07.2019 20:09:47 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
13.07.2019 20:09:47 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
13.07.2019 20:09:47 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
13.07.2019 20:09:47 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
13.07.2019 20:09:47 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
13.07.2019 20:09:47 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
13.07.2019 20:09:47 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
13.07.2019 20:09:49 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
13.07.2019 20:09:49 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 13.07.2019 20:09:50
Anti-malware scan started at: 14.07.2019 00:10:38
14.07.2019 00:10:59 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
14.07.2019 00:11:21 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
14.07.2019 00:11:21 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
14.07.2019 00:11:21 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
14.07.2019 00:11:21 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
14.07.2019 00:11:21 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
14.07.2019 00:11:46 User Shortcuts
Unknown: C:\Users\Home\Desktop\Bloons Adventure Time TD.lnk = C:\BLOONS ADVENTURE
TIME TD\BLOONS ADVENTURE TIME TD\BTDADVENTURETIME.EXE
14.07.2019 00:11:46 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
14.07.2019 00:11:46 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
14.07.2019 00:11:46 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
14.07.2019 00:11:46 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
14.07.2019 00:11:46 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
14.07.2019 00:11:46 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
14.07.2019 00:11:46 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
14.07.2019 00:11:46 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
14.07.2019 00:11:46 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
14.07.2019 00:13:11 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
14.07.2019 00:13:18 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
14.07.2019 00:13:18 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
14.07.2019 00:13:18 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
14.07.2019 00:13:18 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
14.07.2019 00:13:18 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
14.07.2019 00:13:18 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
14.07.2019 00:13:18 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
14.07.2019 00:13:18 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
14.07.2019 00:13:21 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
14.07.2019 00:13:21 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 14.07.2019 00:13:22
Anti-malware scan started at: 14.07.2019 02:34:34
14.07.2019 02:39:44 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
14.07.2019 02:39:44 Running Processes
Probably Malicious: Universal Soft Nova.exe = C:\USERS\HOME\DOWNLOADS\UNIVERSAL
SOFT NOVA V3.2.3\UNIVERSAL SOFT NOVA.EXE
14.07.2019 02:39:44 Running Processes
Probably Malicious: Univ3rsal Check3r_2.exe = C:\USERS\HOME\DOWNLOADS\UNIV3RSAL
CHECK3R\UNIV3RSAL CHECK3R\UNIV3RSAL CHECK3R_2.EXE
Anti-malware scan started at: 15.07.2019 00:22:55
15.07.2019 00:28:28 Running Processes
Suspicious: attrib.exe = C:\WINDOWS\SYSWOW64\ATTRIB.EXE
15.07.2019 00:28:28 Running Processes
Probably Malicious: Univ3rsal Check3r_2.exe = C:\WINDOWS\TEMP\NOD35A1.TMP
15.07.2019 00:28:28 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
Anti-malware scan started at: 15.07.2019 08:18:01
15.07.2019 08:18:41 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
15.07.2019 08:19:39 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
15.07.2019 08:19:40 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
15.07.2019 08:19:40 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
15.07.2019 08:20:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
15.07.2019 08:20:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
15.07.2019 08:20:36 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
15.07.2019 08:20:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 08:20:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
15.07.2019 08:20:36 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 08:20:37 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 08:20:37 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
15.07.2019 08:20:37 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
15.07.2019 08:20:37 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 08:20:37 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 08:20:37 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 08:20:37 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 08:20:37 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
15.07.2019 08:20:37 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 08:23:36 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 08:23:50 FireFox Components and Extensions
Unknown: idmmzcc3 = C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
15.07.2019 08:23:50 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
15.07.2019 08:23:50 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
15.07.2019 08:23:50 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
15.07.2019 08:23:50 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
15.07.2019 08:23:50 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
15.07.2019 08:23:50 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
15.07.2019 08:23:50 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
15.07.2019 08:23:50 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
15.07.2019 08:23:54 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
15.07.2019 08:23:54 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.07.2019 08:23:55
Anti-malware scan started at: 15.07.2019 12:24:21
15.07.2019 12:24:26 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
15.07.2019 12:24:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
15.07.2019 12:24:31 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
15.07.2019 12:24:31 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
15.07.2019 12:24:39 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
15.07.2019 12:24:39 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
15.07.2019 12:24:39 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
15.07.2019 12:24:40 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 12:24:40 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
15.07.2019 12:24:40 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 12:24:40 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 12:24:40 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
15.07.2019 12:24:40 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
15.07.2019 12:24:40 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 12:24:40 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 12:24:40 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 12:24:40 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 12:24:40 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
15.07.2019 12:24:40 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 12:25:00 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 12:25:02 FireFox Components and Extensions
Unknown: idmmzcc3 = C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
15.07.2019 12:25:02 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
15.07.2019 12:25:02 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
15.07.2019 12:25:02 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
15.07.2019 12:25:02 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
15.07.2019 12:25:02 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
15.07.2019 12:25:02 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
15.07.2019 12:25:02 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
15.07.2019 12:25:02 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
15.07.2019 12:25:03 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
15.07.2019 12:25:03 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.07.2019 12:25:04
Anti-malware scan started at: 15.07.2019 16:27:06
15.07.2019 16:27:16 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
15.07.2019 16:27:29 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
15.07.2019 16:27:29 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
15.07.2019 16:27:29 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
15.07.2019 16:27:30 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
15.07.2019 16:27:45 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
15.07.2019 16:27:45 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
15.07.2019 16:27:45 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
15.07.2019 16:27:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 16:27:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
15.07.2019 16:27:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 16:27:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 16:27:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
15.07.2019 16:27:46 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
15.07.2019 16:27:46 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 16:27:46 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 16:27:46 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 16:27:46 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 16:27:46 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
15.07.2019 16:27:46 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 16:28:33 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 16:28:37 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
15.07.2019 16:28:37 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
15.07.2019 16:28:37 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
15.07.2019 16:28:37 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
15.07.2019 16:28:37 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
15.07.2019 16:28:37 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
15.07.2019 16:28:37 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
15.07.2019 16:28:37 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
15.07.2019 16:28:39 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
15.07.2019 16:28:39 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.07.2019 16:28:40
Anti-malware scan started at: 15.07.2019 20:32:02
15.07.2019 20:32:26 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
15.07.2019 20:32:48 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
15.07.2019 20:32:48 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
15.07.2019 20:32:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
15.07.2019 20:32:49 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
15.07.2019 20:32:49 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 20:32:49 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
15.07.2019 20:32:49 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
15.07.2019 20:32:49 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
15.07.2019 20:33:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
15.07.2019 20:33:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
15.07.2019 20:33:11 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
15.07.2019 20:33:11 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 20:33:11 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
15.07.2019 20:33:11 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 20:33:11 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 20:33:11 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
15.07.2019 20:33:11 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
15.07.2019 20:33:11 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 20:33:11 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
15.07.2019 20:33:11 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
15.07.2019 20:33:11 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
15.07.2019 20:33:11 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
15.07.2019 20:33:11 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
15.07.2019 20:34:16 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
15.07.2019 20:34:22 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
15.07.2019 20:34:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
15.07.2019 20:34:22 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
15.07.2019 20:34:22 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
15.07.2019 20:34:22 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
15.07.2019 20:34:22 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
15.07.2019 20:34:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
15.07.2019 20:34:22 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
15.07.2019 20:34:24 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
15.07.2019 20:34:24 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 15.07.2019 20:34:25
Anti-malware scan started at: 16.07.2019 00:34:43
16.07.2019 00:35:05 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 00:35:53 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 00:35:53 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 00:35:53 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 00:37:23 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 00:37:23 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 00:37:23 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 00:37:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 00:37:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 00:37:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 00:37:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 00:37:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 00:37:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 00:37:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 00:37:23 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 00:37:23 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 00:37:23 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 00:37:23 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 00:37:23 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 00:38:39 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 00:38:46 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 00:38:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 00:38:46 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 00:38:46 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 00:38:46 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 00:38:46 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 00:38:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 00:38:46 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 00:38:48 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 00:38:48 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 00:38:49
Anti-malware scan started at: 16.07.2019 04:39:09
16.07.2019 04:39:22 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 04:39:55 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 04:39:55 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 04:39:55 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 04:40:22 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 04:40:22 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 04:40:22 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 04:40:22 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 04:40:22 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 04:40:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 04:40:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 04:40:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 04:40:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 04:40:23 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 04:40:23 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 04:40:23 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 04:40:23 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 04:40:23 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 04:40:23 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 04:41:40 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 04:41:46 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 04:41:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 04:41:46 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 04:41:46 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 04:41:46 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 04:41:46 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 04:41:46 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 04:41:46 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 04:41:48 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 04:41:48 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 04:41:49
Anti-malware scan started at: 16.07.2019 08:42:04
16.07.2019 08:42:14 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 08:42:34 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 08:42:34 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 08:42:34 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 08:42:48 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
16.07.2019 08:42:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 08:42:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 08:42:48 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 08:42:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 08:42:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 08:42:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 08:42:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 08:42:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 08:42:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 08:42:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 08:42:48 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 08:42:48 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 08:42:48 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 08:42:48 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 08:42:48 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 08:43:48 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 08:43:52 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 08:43:52 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 08:43:52 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 08:43:52 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 08:43:52 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 08:43:52 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 08:43:52 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 08:43:52 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 08:43:53 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 08:43:54 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 08:43:54
Anti-malware scan started at: 16.07.2019 12:44:09
16.07.2019 12:44:19 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 12:44:38 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 12:44:38 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 12:44:38 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 12:44:52 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
16.07.2019 12:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 12:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 12:44:52 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 12:44:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 12:44:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 12:44:52 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 12:44:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 12:44:52 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 12:44:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 12:44:52 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 12:44:52 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 12:44:52 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 12:44:52 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 12:44:52 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 12:44:52 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 12:45:54 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 12:45:57 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 12:45:57 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 12:45:57 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 12:45:57 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 12:45:57 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 12:45:57 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 12:45:57 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 12:45:57 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 12:45:59 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 12:45:59 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 12:45:59
Anti-malware scan started at: 16.07.2019 16:46:13
16.07.2019 16:46:23 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 16:46:42 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 16:46:42 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 16:46:42 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 16:46:56 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
16.07.2019 16:46:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 16:46:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 16:46:57 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 16:46:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 16:46:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 16:46:57 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 16:46:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 16:46:57 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 16:46:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 16:46:57 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 16:46:57 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 16:46:57 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 16:46:57 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 16:46:57 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 16:46:57 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 16:47:52 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 16:47:55 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 16:47:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 16:47:55 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 16:47:55 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 16:47:55 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 16:47:55 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 16:47:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 16:47:55 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 16:47:56 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 16:47:56 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 16:47:57
Anti-malware scan started at: 16.07.2019 20:49:00
16.07.2019 20:49:07 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
16.07.2019 20:49:30 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
16.07.2019 20:49:30 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
16.07.2019 20:49:30 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
16.07.2019 20:49:47 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
16.07.2019 20:49:47 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
16.07.2019 20:49:47 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
16.07.2019 20:49:47 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
16.07.2019 20:49:47 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 20:49:47 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
16.07.2019 20:49:47 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 20:49:47 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 20:49:47 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
16.07.2019 20:49:47 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
16.07.2019 20:49:47 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 20:49:47 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
16.07.2019 20:49:47 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
16.07.2019 20:49:47 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
16.07.2019 20:49:47 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
16.07.2019 20:49:47 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
16.07.2019 20:50:36 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
16.07.2019 20:50:41 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
16.07.2019 20:50:41 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
16.07.2019 20:50:41 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
16.07.2019 20:50:41 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
16.07.2019 20:50:41 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
16.07.2019 20:50:41 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
16.07.2019 20:50:41 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
16.07.2019 20:50:41 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
16.07.2019 20:50:42 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
16.07.2019 20:50:42 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 16.07.2019 20:50:43
Anti-malware scan started at: 17.07.2019 00:50:58
17.07.2019 00:51:14 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 00:51:14 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 00:51:14 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 00:51:41 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 00:51:41 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 00:51:41 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 00:52:03 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 00:52:03 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 00:52:03 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 00:52:03 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 00:52:03 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 00:52:03 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 00:52:03 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 00:52:03 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 00:52:03 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 00:52:03 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 00:52:04 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 00:52:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 00:52:04 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 00:52:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 00:52:04 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 00:52:04 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 00:52:04 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 00:52:04 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 00:52:04 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 00:52:04 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 00:53:14 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 00:53:20 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 00:53:20 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 00:53:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 00:53:20 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 00:53:20 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 00:53:20 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 00:53:20 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 00:53:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 00:53:20 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 00:53:22 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 00:53:22 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 00:53:23
Anti-malware scan started at: 17.07.2019 04:53:39
17.07.2019 04:53:53 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 04:53:53 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 04:53:53 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 04:53:53 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 04:54:20 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 04:54:20 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 04:54:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 04:54:21 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 04:54:44 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 04:54:44 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 04:54:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 04:54:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 04:54:44 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 04:54:44 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 04:54:44 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 04:54:44 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 04:54:44 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 04:54:44 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 04:54:44 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 04:54:44 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 04:54:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 04:54:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 04:54:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 04:54:45 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 04:54:45 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 04:54:45 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 04:54:45 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 04:54:45 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 04:55:56 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 04:56:01 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 04:56:01 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 04:56:01 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 04:56:01 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 04:56:01 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 04:56:01 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 04:56:01 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 04:56:01 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 04:56:01 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 04:56:04 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 04:56:04 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 04:56:05
Anti-malware scan started at: 17.07.2019 08:56:20
17.07.2019 08:56:31 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 08:56:31 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 08:56:31 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 08:56:31 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 08:56:51 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 08:56:51 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 08:56:51 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 08:57:07 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 08:57:07 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 08:57:07 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 08:57:07 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 08:57:07 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 08:57:07 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 08:57:07 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 08:57:07 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 08:57:07 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 08:57:07 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 08:57:07 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 08:57:07 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 08:57:07 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 08:57:07 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 08:57:07 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 08:57:07 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 08:57:07 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 08:57:07 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 08:57:07 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 08:57:07 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 08:58:01 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 08:58:05 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 08:58:06 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 08:58:06 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 08:58:06 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 08:58:06 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 08:58:06 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 08:58:06 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 08:58:06 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 08:58:06 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 08:58:08 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 08:58:08 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 08:58:09
Anti-malware scan started at: 17.07.2019 12:58:23
17.07.2019 12:58:37 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 12:58:37 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 12:58:37 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 12:58:37 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 12:58:55 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 12:58:55 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 12:58:55 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 12:59:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 12:59:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 12:59:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 12:59:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 12:59:25 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 12:59:25 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 12:59:25 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 12:59:25 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 12:59:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 12:59:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 12:59:25 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 12:59:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 12:59:25 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 12:59:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 12:59:25 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 12:59:26 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 12:59:26 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 12:59:26 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 12:59:26 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 12:59:26 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 13:00:28 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 13:00:32 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 13:00:32 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 13:00:32 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 13:00:32 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 13:00:32 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 13:00:32 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 13:00:32 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 13:00:32 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 13:00:32 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 13:00:34 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 13:00:34 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 13:00:35
Anti-malware scan started at: 17.07.2019 17:01:07
17.07.2019 17:01:16 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 17:01:16 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 17:01:16 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 17:01:23 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 17:01:23 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 17:01:23 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 17:01:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 17:01:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 17:01:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 17:01:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 17:01:33 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 17:01:33 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 17:01:33 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 17:01:33 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 17:01:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 17:01:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 17:01:33 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 17:01:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 17:01:33 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 17:01:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 17:01:33 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 17:01:33 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 17:01:33 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 17:01:33 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 17:01:34 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 17:01:34 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 17:01:57 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 17:02:00 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 17:02:00 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 17:02:00 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 17:02:00 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 17:02:00 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 17:02:00 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 17:02:00 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 17:02:00 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 17:02:00 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 17:02:02 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 17:02:02 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 17:02:03
Anti-malware scan started at: 17.07.2019 21:02:16
17.07.2019 21:02:25 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
17.07.2019 21:02:25 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
17.07.2019 21:02:25 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
17.07.2019 21:02:25 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 21:02:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
17.07.2019 21:02:31 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
17.07.2019 21:02:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
17.07.2019 21:02:32 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
17.07.2019 21:02:41 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
17.07.2019 21:02:41 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 21:02:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
17.07.2019 21:02:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
17.07.2019 21:02:41 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
17.07.2019 21:02:42 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
17.07.2019 21:02:42 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
17.07.2019 21:02:42 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
17.07.2019 21:02:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 21:02:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
17.07.2019 21:02:42 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 21:02:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 21:02:42 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
17.07.2019 21:02:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
17.07.2019 21:02:42 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 21:02:42 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
17.07.2019 21:02:42 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
17.07.2019 21:02:42 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
17.07.2019 21:02:42 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
17.07.2019 21:02:42 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
17.07.2019 21:03:07 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
17.07.2019 21:03:09 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
17.07.2019 21:03:09 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
17.07.2019 21:03:10 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
17.07.2019 21:03:10 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
17.07.2019 21:03:10 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
17.07.2019 21:03:10 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
17.07.2019 21:03:10 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
17.07.2019 21:03:10 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
17.07.2019 21:03:10 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
17.07.2019 21:03:12 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
17.07.2019 21:03:12 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 17.07.2019 21:03:12
Anti-malware scan started at: 18.07.2019 01:05:33
18.07.2019 01:05:49 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
18.07.2019 01:05:49 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
18.07.2019 01:05:49 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
18.07.2019 01:05:49 Running Processes
Probably Malicious: KMS-R@1nHook.exe = C:\WINDOWS\KMS-R@1NHOOK.EXE
18.07.2019 01:06:13 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
18.07.2019 01:06:13 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
18.07.2019 01:06:13 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
18.07.2019 01:06:13 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
18.07.2019 01:06:13 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
18.07.2019 01:06:13 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: HOMMIEE.EXE = C:\USERS\HOME\HOMMIEE.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
18.07.2019 01:06:14 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
18.07.2019 01:06:37 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
18.07.2019 01:06:37 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
18.07.2019 01:06:37 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
18.07.2019 01:06:37 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
18.07.2019 01:06:37 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
18.07.2019 01:06:38 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
18.07.2019 01:06:38 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
18.07.2019 01:06:38 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
18.07.2019 01:06:38 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\explorer =
C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
18.07.2019 01:06:38 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
18.07.2019 01:06:38 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 01:06:38 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
18.07.2019 01:06:38 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
18.07.2019 01:06:38 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\WinRun = C:/ProgramData/WinSys.exe
18.07.2019 01:06:38 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\{A161224E-WSP1-9722-1GH5-
LA58912C12AA} = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
18.07.2019 01:06:38 Scheduled Tasks 2.0 Cached
Unknown: explorer = C:\\ProgramData\\dOobURFlkrPxVZb\explorer.exe
18.07.2019 01:06:38 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 01:06:38 Scheduled Tasks 2.0 Cached
Unknown: msfeedssyncDxpserver =
C:\\ProgramData\\dOobURFlkrPxVZb\msfeedssyncDxpserver.exe
18.07.2019 01:06:38 Scheduled Tasks 2.0 Cached
Unknown: WinRun = C:/ProgramData/WinSys.exe
18.07.2019 01:06:38 Scheduled Tasks 2.0 Cached
Probably Malicious: {A161224E-WSP1-9722-1GH5-LA58912C12AA} =
C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
18.07.2019 01:08:21 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
18.07.2019 01:08:27 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
18.07.2019 01:08:27 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
18.07.2019 01:08:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
18.07.2019 01:08:28 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
18.07.2019 01:08:28 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
18.07.2019 01:08:28 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
18.07.2019 01:08:28 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
18.07.2019 01:08:28 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
18.07.2019 01:08:28 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
18.07.2019 01:08:31 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 18.07.2019 01:08:32
Anti-malware scan started at: 18.07.2019 05:09:00
18.07.2019 05:09:16 Running Processes
Probably Malicious: chrome.exe = C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
18.07.2019 05:09:17 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
18.07.2019 05:09:17 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
18.07.2019 05:09:17 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
18.07.2019 05:09:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
18.07.2019 05:09:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
18.07.2019 05:09:45 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: WINDOWS.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\WINDOWS.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: FWKK.EXE = C:\USERS\HOME\APPDATA\LOCAL\TEMP\FWKK.EXE
18.07.2019 05:09:45 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
18.07.2019 05:10:18 User Shortcuts
Unknown: C:\Users\Home\Desktop\Continue aimp Installation.lnk =
C:\Users\Home\AppData\Local\Temp\setup_0393010955.exe
18.07.2019 05:10:18 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
18.07.2019 05:10:18 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
18.07.2019 05:10:18 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
18.07.2019 05:10:18 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
18.07.2019 05:10:18 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
18.07.2019 05:10:18 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
18.07.2019 05:10:18 Registry Run
Unknown: AdobeUpdate = C:\Users\Home\AppData\Roaming\ScriptEasy2.exe
18.07.2019 05:10:18 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
18.07.2019 05:10:18 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
18.07.2019 05:10:18 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
18.07.2019 05:10:18 Scheduled Tasks 2
Suspicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\Cleaner =
C:\Programdata\WindowsTask\winlogon.exe
18.07.2019 05:10:18 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
18.07.2019 05:10:18 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 05:10:18 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
18.07.2019 05:10:18 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
18.07.2019 05:11:22 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
18.07.2019 05:11:22 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
18.07.2019 05:11:22 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
18.07.2019 05:11:27 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
18.07.2019 05:11:27 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
18.07.2019 05:11:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
18.07.2019 05:11:27 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
18.07.2019 05:11:27 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
18.07.2019 05:11:27 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
18.07.2019 05:11:27 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
18.07.2019 05:11:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
18.07.2019 05:11:27 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
18.07.2019 05:11:30 Chrome Protected Settings
Probably Malicious: default_search_provider_data.template_url_data.keyword =
cryptotabsearch
18.07.2019 05:11:30 Chrome Protected Settings
Probably Malicious: default_search_provider_data.template_url_data.short_name =
CryptoTab
18.07.2019 05:11:30 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
18.07.2019 05:11:30 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 18.07.2019 05:11:30
Anti-malware scan started at: 26.07.2019 13:49:39
26.07.2019 13:50:39 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 13:50:39 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 13:50:39 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 13:50:40 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
26.07.2019 13:50:40 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
26.07.2019 13:50:40 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
26.07.2019 13:50:40 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 13:50:40 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
26.07.2019 14:25:56 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
26.07.2019 14:25:56 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
26.07.2019 14:25:56 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 14:25:56 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 14:26:24 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 14:26:24 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 14:26:24 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 14:26:24 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 14:26:24 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
Anti-malware scan started at: 26.07.2019 15:27:52
26.07.2019 15:29:01 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
26.07.2019 15:29:01 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 15:29:03 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
26.07.2019 15:30:27 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
26.07.2019 15:30:28 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
26.07.2019 15:30:28 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 15:30:28 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
26.07.2019 15:32:54 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 15:32:54 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
26.07.2019 15:32:55 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
26.07.2019 15:32:55 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
26.07.2019 15:32:55 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
26.07.2019 15:32:55 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
26.07.2019 15:32:55 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
26.07.2019 15:32:55 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
26.07.2019 15:32:55 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 15:32:55 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 15:32:55 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
26.07.2019 15:32:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
26.07.2019 15:32:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 15:32:56 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 15:32:56 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 15:36:02 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 15:36:02 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 15:36:02 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
26.07.2019 15:36:09 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
26.07.2019 15:36:09 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
26.07.2019 15:36:09 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
26.07.2019 15:36:09 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
26.07.2019 15:36:09 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
26.07.2019 15:36:09 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
26.07.2019 15:36:09 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
26.07.2019 15:36:09 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
26.07.2019 15:36:09 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
26.07.2019 15:36:09 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
26.07.2019 15:36:12 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
26.07.2019 15:36:12 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
26.07.2019 15:36:12 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
26.07.2019 15:36:12 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
26.07.2019 15:36:12 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
26.07.2019 15:36:12 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
26.07.2019 15:36:12 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
26.07.2019 15:36:13 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
26.07.2019 15:36:13 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 26.07.2019 15:36:14
Anti-malware scan started at: 26.07.2019 19:36:29
26.07.2019 19:36:43 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 19:36:43 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
26.07.2019 19:36:44 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
26.07.2019 19:37:14 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 19:37:15 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
26.07.2019 19:37:36 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
26.07.2019 19:37:36 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
26.07.2019 19:37:36 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
26.07.2019 19:37:36 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 19:37:36 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 19:37:36 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
26.07.2019 19:37:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
26.07.2019 19:37:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 19:37:36 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 19:37:36 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 19:38:33 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 19:38:33 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 19:38:33 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
26.07.2019 19:38:38 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
26.07.2019 19:38:38 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
26.07.2019 19:38:38 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
26.07.2019 19:38:38 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
26.07.2019 19:38:39 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
26.07.2019 19:38:39 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
26.07.2019 19:38:39 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
26.07.2019 19:38:39 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
26.07.2019 19:38:39 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
26.07.2019 19:38:39 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
26.07.2019 19:38:41 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
26.07.2019 19:38:41 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 26.07.2019 19:38:42
Anti-malware scan started at: 26.07.2019 23:39:29
26.07.2019 23:39:47 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
26.07.2019 23:39:47 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
26.07.2019 23:39:49 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
26.07.2019 23:40:17 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
26.07.2019 23:40:17 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
26.07.2019 23:40:18 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 23:40:18 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
26.07.2019 23:40:34 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 23:40:35 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
26.07.2019 23:40:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
26.07.2019 23:40:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
26.07.2019 23:40:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
26.07.2019 23:40:35 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
26.07.2019 23:40:35 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
26.07.2019 23:40:35 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
26.07.2019 23:40:35 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
26.07.2019 23:40:35 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 23:40:35 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
26.07.2019 23:40:35 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
26.07.2019 23:40:35 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
26.07.2019 23:40:35 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 23:40:35 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
26.07.2019 23:41:40 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
26.07.2019 23:41:40 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
26.07.2019 23:41:40 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
26.07.2019 23:41:44 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
26.07.2019 23:41:44 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
26.07.2019 23:41:44 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
26.07.2019 23:41:44 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
26.07.2019 23:41:44 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
26.07.2019 23:41:44 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
26.07.2019 23:41:44 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
26.07.2019 23:41:44 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
26.07.2019 23:41:44 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
26.07.2019 23:41:44 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
26.07.2019 23:41:47 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
26.07.2019 23:41:47 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 26.07.2019 23:41:48
Anti-malware scan started at: 27.07.2019 03:42:06
27.07.2019 03:42:26 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
27.07.2019 03:42:26 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
27.07.2019 03:42:27 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
27.07.2019 03:42:27 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
27.07.2019 03:42:28 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
27.07.2019 03:43:17 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
27.07.2019 03:43:17 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
27.07.2019 03:43:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
27.07.2019 03:43:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
27.07.2019 03:43:18 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 03:43:18 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
27.07.2019 03:43:48 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
27.07.2019 03:43:48 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
27.07.2019 03:43:48 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
27.07.2019 03:43:48 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 03:43:48 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 03:43:48 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
27.07.2019 03:43:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
27.07.2019 03:43:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 03:43:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 03:43:48 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 03:45:28 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 03:45:28 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 03:45:29 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
27.07.2019 03:45:35 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
27.07.2019 03:45:35 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
27.07.2019 03:45:35 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
27.07.2019 03:45:35 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
27.07.2019 03:45:35 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
27.07.2019 03:45:35 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
27.07.2019 03:45:35 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
27.07.2019 03:45:35 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
27.07.2019 03:45:36 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
27.07.2019 03:45:36 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
27.07.2019 03:45:38 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
27.07.2019 03:45:38 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 27.07.2019 03:45:39
Anti-malware scan started at: 27.07.2019 07:45:56
27.07.2019 07:46:13 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
27.07.2019 07:46:13 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
27.07.2019 07:46:14 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
27.07.2019 07:46:58 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 07:46:58 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
27.07.2019 07:47:24 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
27.07.2019 07:47:24 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
27.07.2019 07:47:25 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
27.07.2019 07:47:25 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 07:47:25 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 07:47:25 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
27.07.2019 07:47:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
27.07.2019 07:47:25 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 07:47:25 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 07:47:25 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 07:48:42 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 07:48:42 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 07:48:42 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
27.07.2019 07:48:47 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
27.07.2019 07:48:47 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
27.07.2019 07:48:47 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
27.07.2019 07:48:47 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
27.07.2019 07:48:47 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
27.07.2019 07:48:47 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
27.07.2019 07:48:48 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
27.07.2019 07:48:48 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
27.07.2019 07:48:48 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
27.07.2019 07:48:48 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
27.07.2019 07:48:51 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
27.07.2019 07:48:51 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 27.07.2019 07:48:52
Anti-malware scan started at: 27.07.2019 11:50:11
27.07.2019 11:50:25 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 11:50:25 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 11:50:25 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 11:50:26 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
27.07.2019 11:50:26 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
27.07.2019 11:50:26 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
27.07.2019 11:50:26 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
27.07.2019 11:50:26 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
27.07.2019 11:50:27 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
27.07.2019 11:50:59 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
27.07.2019 11:51:00 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
27.07.2019 11:51:00 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 11:51:00 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
27.07.2019 11:51:20 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
27.07.2019 11:51:20 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
27.07.2019 11:51:20 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
27.07.2019 11:51:20 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 11:51:20 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 11:51:20 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
27.07.2019 11:51:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
27.07.2019 11:51:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 11:51:20 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 11:51:20 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 11:52:16 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 11:52:16 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 11:52:16 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
27.07.2019 11:52:20 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
27.07.2019 11:52:20 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
27.07.2019 11:52:21 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
27.07.2019 11:52:21 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
27.07.2019 11:52:21 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
27.07.2019 11:52:21 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
27.07.2019 11:52:21 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
27.07.2019 11:52:21 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
27.07.2019 11:52:21 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
27.07.2019 11:52:21 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
27.07.2019 11:52:23 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
27.07.2019 11:52:23 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
27.07.2019 11:52:23 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
27.07.2019 11:52:24 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 27.07.2019 11:52:24
Anti-malware scan started at: 27.07.2019 15:52:43
27.07.2019 15:53:17 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
27.07.2019 15:53:17 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
27.07.2019 15:53:19 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
27.07.2019 15:54:10 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
27.07.2019 15:54:11 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
27.07.2019 15:54:11 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
27.07.2019 15:54:12 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 15:54:12 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
27.07.2019 15:54:48 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
27.07.2019 15:54:48 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
27.07.2019 15:54:49 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
27.07.2019 15:54:49 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 15:54:49 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 15:54:49 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
27.07.2019 15:54:49 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
27.07.2019 15:54:49 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 15:54:49 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 15:54:49 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 15:57:14 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 15:57:14 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 15:57:14 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
27.07.2019 15:57:22 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
27.07.2019 15:57:22 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
27.07.2019 15:57:22 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
27.07.2019 15:57:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
27.07.2019 15:57:22 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
27.07.2019 15:57:22 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
27.07.2019 15:57:22 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
27.07.2019 15:57:22 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
27.07.2019 15:57:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
27.07.2019 15:57:22 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
27.07.2019 15:57:27 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
27.07.2019 15:57:27 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 27.07.2019 15:57:28
Anti-malware scan started at: 27.07.2019 19:57:50
27.07.2019 19:58:08 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
27.07.2019 19:58:08 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
27.07.2019 19:58:10 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
27.07.2019 19:58:45 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 19:58:45 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
27.07.2019 19:59:09 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
27.07.2019 19:59:09 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
27.07.2019 19:59:09 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
27.07.2019 19:59:09 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
27.07.2019 19:59:09 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 19:59:09 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
27.07.2019 19:59:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
27.07.2019 19:59:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
27.07.2019 19:59:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 19:59:09 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
27.07.2019 20:00:09 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
27.07.2019 20:00:09 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
27.07.2019 20:00:09 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
27.07.2019 20:00:14 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
27.07.2019 20:00:14 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
27.07.2019 20:00:14 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
27.07.2019 20:00:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
27.07.2019 20:00:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
27.07.2019 20:00:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
27.07.2019 20:00:14 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
27.07.2019 20:00:14 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
27.07.2019 20:00:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
27.07.2019 20:00:14 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
27.07.2019 20:00:17 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
27.07.2019 20:00:17 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
27.07.2019 20:00:17 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
27.07.2019 20:00:18 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 27.07.2019 20:00:18
Anti-malware scan started at: 28.07.2019 00:06:23
28.07.2019 00:06:48 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
28.07.2019 00:06:48 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
28.07.2019 00:06:50 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
28.07.2019 00:07:45 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
28.07.2019 00:07:46 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 00:07:46 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
28.07.2019 00:08:12 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 00:08:12 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
28.07.2019 00:08:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
28.07.2019 00:08:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
28.07.2019 00:08:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
28.07.2019 00:08:12 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
28.07.2019 00:08:13 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
28.07.2019 00:08:13 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
28.07.2019 00:08:13 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 00:08:13 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 00:08:13 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
28.07.2019 00:08:13 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
28.07.2019 00:08:13 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 00:08:13 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 00:08:13 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 00:09:29 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 00:09:29 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 00:09:29 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
28.07.2019 00:09:36 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
28.07.2019 00:09:36 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
28.07.2019 00:09:36 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
28.07.2019 00:09:36 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
28.07.2019 00:09:36 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
28.07.2019 00:09:36 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
28.07.2019 00:09:36 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
28.07.2019 00:09:36 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
28.07.2019 00:09:36 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
28.07.2019 00:09:36 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
28.07.2019 00:09:39 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
28.07.2019 00:09:39 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
28.07.2019 00:09:39 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
28.07.2019 00:09:39 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
28.07.2019 00:09:39 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
28.07.2019 00:09:39 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
28.07.2019 00:09:40 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
28.07.2019 00:09:40 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
28.07.2019 00:09:40 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 28.07.2019 00:09:41
Anti-malware scan started at: 28.07.2019 04:09:59
28.07.2019 04:10:18 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
28.07.2019 04:10:18 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
28.07.2019 04:10:20 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
28.07.2019 04:11:05 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
28.07.2019 04:11:05 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 04:11:06 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
28.07.2019 04:11:35 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
28.07.2019 04:11:35 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
28.07.2019 04:11:36 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
28.07.2019 04:11:36 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 04:11:36 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 04:11:36 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
28.07.2019 04:11:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
28.07.2019 04:11:36 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 04:11:36 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 04:11:36 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 04:12:47 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 04:12:47 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 04:12:47 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
28.07.2019 04:12:54 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
28.07.2019 04:12:54 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
28.07.2019 04:12:54 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
28.07.2019 04:12:54 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
28.07.2019 04:12:54 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
28.07.2019 04:12:54 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
28.07.2019 04:12:54 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
28.07.2019 04:12:54 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
28.07.2019 04:12:54 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
28.07.2019 04:12:54 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
28.07.2019 04:12:56 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
28.07.2019 04:12:56 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
28.07.2019 04:12:56 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
28.07.2019 04:12:56 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
28.07.2019 04:12:56 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
28.07.2019 04:12:57 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
28.07.2019 04:12:57 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
28.07.2019 04:12:57 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
28.07.2019 04:12:57 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 28.07.2019 04:12:58
Anti-malware scan started at: 28.07.2019 08:13:15
28.07.2019 08:13:32 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
28.07.2019 08:13:32 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
28.07.2019 08:13:33 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
28.07.2019 08:14:09 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 08:14:09 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
28.07.2019 08:14:31 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
28.07.2019 08:14:31 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
28.07.2019 08:14:31 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
28.07.2019 08:14:31 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 08:14:31 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 08:14:31 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
28.07.2019 08:14:31 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
28.07.2019 08:14:31 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 08:14:31 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 08:14:31 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 08:15:30 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 08:15:30 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 08:15:30 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
28.07.2019 08:15:35 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
28.07.2019 08:15:35 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
28.07.2019 08:15:35 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
28.07.2019 08:15:35 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
28.07.2019 08:15:35 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
28.07.2019 08:15:35 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
28.07.2019 08:15:35 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
28.07.2019 08:15:35 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
28.07.2019 08:15:35 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
28.07.2019 08:15:35 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
28.07.2019 08:15:38 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
28.07.2019 08:15:39 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 28.07.2019 08:15:40
Anti-malware scan started at: 28.07.2019 19:25:37
28.07.2019 19:25:58 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
28.07.2019 19:25:58 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
28.07.2019 19:26:00 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
28.07.2019 19:26:40 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 19:26:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
28.07.2019 19:26:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
28.07.2019 19:26:41 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
28.07.2019 19:26:41 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 19:26:41 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
28.07.2019 19:27:12 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
28.07.2019 19:27:12 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
28.07.2019 19:27:12 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
28.07.2019 19:27:12 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 19:27:12 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 19:27:12 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
28.07.2019 19:27:12 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
28.07.2019 19:27:12 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 19:27:12 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 19:27:12 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 19:28:16 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 19:28:16 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 19:28:17 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
28.07.2019 19:28:21 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
28.07.2019 19:28:21 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
28.07.2019 19:28:21 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
28.07.2019 19:28:21 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
28.07.2019 19:28:22 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
28.07.2019 19:28:22 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
28.07.2019 19:28:22 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
28.07.2019 19:28:22 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
28.07.2019 19:28:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
28.07.2019 19:28:22 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
28.07.2019 19:28:24 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
28.07.2019 19:28:24 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
28.07.2019 19:28:24 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
28.07.2019 19:28:24 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
28.07.2019 19:28:24 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
28.07.2019 19:28:25 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
28.07.2019 19:28:25 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
28.07.2019 19:28:25 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
28.07.2019 19:28:25 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 28.07.2019 19:28:26
Anti-malware scan started at: 28.07.2019 23:28:47
28.07.2019 23:29:04 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
28.07.2019 23:29:05 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
28.07.2019 23:29:06 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
28.07.2019 23:29:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
28.07.2019 23:29:43 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
28.07.2019 23:29:43 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
28.07.2019 23:29:43 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
28.07.2019 23:29:43 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
28.07.2019 23:29:43 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 23:29:43 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
28.07.2019 23:30:06 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
28.07.2019 23:30:06 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
28.07.2019 23:30:06 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
28.07.2019 23:30:06 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
28.07.2019 23:30:06 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 23:30:06 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
28.07.2019 23:30:06 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
28.07.2019 23:30:06 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
28.07.2019 23:30:06 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 23:30:06 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
28.07.2019 23:31:05 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
28.07.2019 23:31:05 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
28.07.2019 23:31:05 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
28.07.2019 23:31:10 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
28.07.2019 23:31:10 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
28.07.2019 23:31:10 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
28.07.2019 23:31:10 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
28.07.2019 23:31:10 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
28.07.2019 23:31:11 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
28.07.2019 23:31:11 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
28.07.2019 23:31:11 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
28.07.2019 23:31:11 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
28.07.2019 23:31:11 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
28.07.2019 23:31:13 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
28.07.2019 23:31:13 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
28.07.2019 23:31:13 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
28.07.2019 23:31:13 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
28.07.2019 23:31:13 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
28.07.2019 23:31:14 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
28.07.2019 23:31:14 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
28.07.2019 23:31:14 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
28.07.2019 23:31:14 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 28.07.2019 23:31:15
Anti-malware scan started at: 29.07.2019 03:37:08
29.07.2019 03:37:36 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 03:37:36 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
29.07.2019 03:37:37 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 03:38:40 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 03:38:40 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 03:38:40 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 03:38:40 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 03:38:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 03:38:41 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 03:39:19 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 03:39:19 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 03:39:19 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 03:39:19 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 03:39:19 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 03:39:19 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 03:39:19 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 03:39:19 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 03:39:19 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 03:39:19 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 03:41:18 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 03:41:18 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 03:41:18 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
29.07.2019 03:41:25 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
29.07.2019 03:41:25 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
29.07.2019 03:41:25 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
29.07.2019 03:41:25 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
29.07.2019 03:41:25 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
29.07.2019 03:41:25 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
29.07.2019 03:41:25 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
29.07.2019 03:41:25 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
29.07.2019 03:41:25 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
29.07.2019 03:41:25 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
29.07.2019 03:41:31 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
29.07.2019 03:41:31 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
29.07.2019 03:41:31 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
29.07.2019 03:41:32 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29.07.2019 03:41:33
Anti-malware scan started at: 29.07.2019 07:41:52
29.07.2019 07:42:10 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 07:42:10 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 07:42:11 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
29.07.2019 07:42:12 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 07:42:51 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 07:42:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 07:42:52 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 07:43:32 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 07:43:32 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 07:43:32 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 07:43:32 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 07:43:32 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 07:43:32 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 07:43:32 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 07:43:32 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 07:43:32 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 07:43:33 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 07:44:42 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 07:44:42 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 07:44:42 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
29.07.2019 07:44:47 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
29.07.2019 07:44:47 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
29.07.2019 07:44:48 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
29.07.2019 07:44:48 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
29.07.2019 07:44:48 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
29.07.2019 07:44:48 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
29.07.2019 07:44:48 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
29.07.2019 07:44:48 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
29.07.2019 07:44:48 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
29.07.2019 07:44:48 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
29.07.2019 07:44:51 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
29.07.2019 07:44:51 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29.07.2019 07:44:52
Anti-malware scan started at: 29.07.2019 11:45:09
29.07.2019 11:45:27 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 11:45:27 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
29.07.2019 11:45:29 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 11:46:12 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 11:46:12 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 11:46:13 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 11:46:53 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 11:46:53 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 11:46:53 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 11:46:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 11:46:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 11:46:54 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 11:46:54 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 11:46:54 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 11:46:54 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 11:46:54 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 11:46:54 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 11:46:54 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 11:46:54 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 11:46:54 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 11:46:54 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 11:48:00 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 11:48:00 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 11:48:00 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
29.07.2019 11:48:05 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
29.07.2019 11:48:05 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
29.07.2019 11:48:05 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
29.07.2019 11:48:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
29.07.2019 11:48:05 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
29.07.2019 11:48:05 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
29.07.2019 11:48:05 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
29.07.2019 11:48:05 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
29.07.2019 11:48:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
29.07.2019 11:48:05 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
29.07.2019 11:48:08 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
29.07.2019 11:48:08 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
29.07.2019 11:48:08 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
29.07.2019 11:48:08 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
29.07.2019 11:48:08 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
29.07.2019 11:48:08 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
29.07.2019 11:48:09 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
29.07.2019 11:48:09 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
29.07.2019 11:48:09 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29.07.2019 11:48:10
Anti-malware scan started at: 29.07.2019 15:48:26
29.07.2019 15:48:45 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 15:48:45 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
29.07.2019 15:48:47 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 15:49:31 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 15:49:31 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 15:50:11 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 15:50:11 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 15:50:12 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 15:50:12 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 15:50:12 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 15:50:12 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 15:50:12 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 15:50:12 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 15:50:12 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 15:50:12 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 15:51:19 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 15:51:19 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 15:51:19 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
29.07.2019 15:51:24 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
29.07.2019 15:51:24 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
29.07.2019 15:51:24 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
29.07.2019 15:51:24 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
29.07.2019 15:51:24 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
29.07.2019 15:51:24 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
29.07.2019 15:51:24 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
29.07.2019 15:51:24 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
29.07.2019 15:51:25 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
29.07.2019 15:51:25 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
29.07.2019 15:51:27 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
29.07.2019 15:51:27 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
29.07.2019 15:51:27 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
29.07.2019 15:51:27 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
29.07.2019 15:51:27 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
29.07.2019 15:51:27 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
29.07.2019 15:51:28 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
29.07.2019 15:51:28 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
29.07.2019 15:51:28 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29.07.2019 15:51:29
Anti-malware scan started at: 29.07.2019 19:54:22
29.07.2019 19:54:42 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 19:54:42 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 19:54:44 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 19:55:22 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 19:55:22 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 19:55:22 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 19:55:22 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 19:55:22 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 19:55:22 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 19:55:23 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 19:55:57 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 19:55:57 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 19:55:58 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 19:55:58 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 19:55:58 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 19:55:58 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 19:55:58 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 19:55:58 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 19:55:58 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 19:55:58 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 19:56:59 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 19:56:59 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 19:56:59 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
29.07.2019 19:57:05 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
29.07.2019 19:57:05 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
29.07.2019 19:57:05 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
29.07.2019 19:57:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
29.07.2019 19:57:05 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
29.07.2019 19:57:05 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
29.07.2019 19:57:05 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
29.07.2019 19:57:05 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
29.07.2019 19:57:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
29.07.2019 19:57:05 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
29.07.2019 19:57:08 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
29.07.2019 19:57:08 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
29.07.2019 19:57:09 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 29.07.2019 19:57:10
Anti-malware scan started at: 29.07.2019 23:57:58
29.07.2019 23:58:17 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
29.07.2019 23:58:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 23:58:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
29.07.2019 23:58:18 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
29.07.2019 23:58:19 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
29.07.2019 23:58:58 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 23:58:58 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
29.07.2019 23:58:59 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
29.07.2019 23:58:59 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
29.07.2019 23:58:59 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
29.07.2019 23:58:59 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
29.07.2019 23:59:36 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
29.07.2019 23:59:36 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
29.07.2019 23:59:36 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
29.07.2019 23:59:36 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
29.07.2019 23:59:36 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 23:59:36 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
29.07.2019 23:59:37 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
29.07.2019 23:59:37 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
29.07.2019 23:59:37 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
29.07.2019 23:59:37 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 00:00:50 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 00:00:50 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 00:00:50 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
30.07.2019 00:00:55 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
30.07.2019 00:00:55 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
30.07.2019 00:00:55 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
30.07.2019 00:00:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
30.07.2019 00:00:55 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
30.07.2019 00:00:55 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
30.07.2019 00:00:55 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
30.07.2019 00:00:55 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
30.07.2019 00:00:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
30.07.2019 00:00:55 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
30.07.2019 00:00:58 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
30.07.2019 00:00:58 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
30.07.2019 00:00:59 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 30.07.2019 00:01:00
Anti-malware scan started at: 30.07.2019 04:01:24
30.07.2019 04:02:01 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: cmw_srv.exe = C:\PROGRAM FILES (X86)\HOTSPOT
SHIELD\BIN\CMW_SRV.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: hsscp.exe = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\HSSCP.EXE
30.07.2019 04:02:01 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
30.07.2019 04:02:03 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
30.07.2019 04:02:03 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
30.07.2019 04:02:04 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
30.07.2019 04:02:04 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
30.07.2019 04:02:56 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
30.07.2019 04:02:57 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 04:02:57 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
30.07.2019 04:03:47 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 04:03:47 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
30.07.2019 04:03:47 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
30.07.2019 04:03:47 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
30.07.2019 04:03:48 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
30.07.2019 04:03:48 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
30.07.2019 04:03:48 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
30.07.2019 04:03:48 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
30.07.2019 04:03:48 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 04:03:48 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 04:03:48 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
30.07.2019 04:03:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
30.07.2019 04:03:48 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 04:03:48 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 04:03:48 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 04:09:09 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
30.07.2019 04:09:09 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 04:09:10 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 04:09:10 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
30.07.2019 04:09:19 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
30.07.2019 04:09:19 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
30.07.2019 04:09:19 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
30.07.2019 04:09:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
30.07.2019 04:09:20 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
30.07.2019 04:09:20 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
30.07.2019 04:09:20 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
30.07.2019 04:09:20 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
30.07.2019 04:09:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
30.07.2019 04:09:20 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
30.07.2019 04:09:24 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
30.07.2019 04:09:24 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
30.07.2019 04:09:24 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
30.07.2019 04:09:24 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
30.07.2019 04:09:24 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
30.07.2019 04:09:24 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
30.07.2019 04:09:24 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
30.07.2019 04:09:24 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
30.07.2019 04:09:25 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
30.07.2019 04:09:25 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 30.07.2019 04:09:26
Anti-malware scan started at: 30.07.2019 12:42:28
30.07.2019 12:42:48 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: cmw_srv.exe = C:\PROGRAM FILES (X86)\HOTSPOT
SHIELD\BIN\CMW_SRV.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: hsscp.exe = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\HSSCP.EXE
30.07.2019 12:42:48 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
30.07.2019 12:42:50 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
30.07.2019 12:42:50 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
30.07.2019 12:42:50 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
30.07.2019 12:42:50 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
30.07.2019 12:43:31 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
30.07.2019 12:43:31 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
30.07.2019 12:43:31 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
30.07.2019 12:43:31 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 12:43:32 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
30.07.2019 12:43:57 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
30.07.2019 12:43:57 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
30.07.2019 12:43:57 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
30.07.2019 12:43:57 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 12:43:57 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 12:43:57 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
30.07.2019 12:43:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
30.07.2019 12:43:57 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 12:43:57 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 12:43:57 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 12:45:09 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
30.07.2019 12:45:09 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 12:45:10 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 12:45:10 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
30.07.2019 12:45:14 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
30.07.2019 12:45:14 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
30.07.2019 12:45:14 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
30.07.2019 12:45:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
30.07.2019 12:45:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
30.07.2019 12:45:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
30.07.2019 12:45:15 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
30.07.2019 12:45:15 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
30.07.2019 12:45:15 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
30.07.2019 12:45:15 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
30.07.2019 12:45:17 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
30.07.2019 12:45:17 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
30.07.2019 12:45:17 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
30.07.2019 12:45:17 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
30.07.2019 12:45:17 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
30.07.2019 12:45:17 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
30.07.2019 12:45:18 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
30.07.2019 12:45:18 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
30.07.2019 12:45:18 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
30.07.2019 12:45:18 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 30.07.2019 12:45:19
Anti-malware scan started at: 30.07.2019 17:08:09
30.07.2019 17:08:33 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 17:08:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 17:08:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 17:08:33 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
30.07.2019 17:08:33 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
30.07.2019 17:08:34 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
30.07.2019 17:08:34 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
30.07.2019 17:08:34 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
30.07.2019 17:08:35 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
30.07.2019 17:08:35 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
30.07.2019 17:08:36 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
30.07.2019 17:08:36 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
30.07.2019 17:09:17 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
30.07.2019 17:09:17 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 17:09:18 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
30.07.2019 17:09:49 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
30.07.2019 17:09:50 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
30.07.2019 17:09:50 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
30.07.2019 17:09:50 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
30.07.2019 17:09:50 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 17:09:50 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 17:09:50 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
30.07.2019 17:09:50 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
30.07.2019 17:09:50 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 17:09:50 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 17:09:50 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 17:12:27 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
30.07.2019 17:12:27 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 17:12:27 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 17:12:27 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
30.07.2019 17:12:37 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
30.07.2019 17:12:37 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
30.07.2019 17:12:38 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
30.07.2019 17:12:38 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
30.07.2019 17:12:38 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
30.07.2019 17:12:38 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
30.07.2019 17:12:38 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
30.07.2019 17:12:38 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
30.07.2019 17:12:38 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
30.07.2019 17:12:38 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
30.07.2019 17:12:40 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
30.07.2019 17:12:40 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
30.07.2019 17:12:40 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
30.07.2019 17:12:40 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
30.07.2019 17:12:40 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
30.07.2019 17:12:40 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
30.07.2019 17:12:40 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
30.07.2019 17:12:41 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
30.07.2019 17:12:41 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
30.07.2019 17:12:41 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 30.07.2019 17:12:41
Anti-malware scan started at: 30.07.2019 21:13:27
30.07.2019 21:13:39 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
30.07.2019 21:13:39 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
30.07.2019 21:13:41 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
30.07.2019 21:13:41 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
30.07.2019 21:13:41 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
30.07.2019 21:13:41 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
30.07.2019 21:13:47 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
30.07.2019 21:13:47 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 21:13:48 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
30.07.2019 21:13:58 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 21:13:58 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
30.07.2019 21:13:58 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
30.07.2019 21:13:59 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
30.07.2019 21:13:59 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
30.07.2019 21:13:59 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
30.07.2019 21:13:59 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
30.07.2019 21:13:59 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
30.07.2019 21:13:59 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
30.07.2019 21:13:59 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
30.07.2019 21:13:59 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 21:13:59 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
30.07.2019 21:13:59 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
30.07.2019 21:13:59 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
30.07.2019 21:13:59 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 21:13:59 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
30.07.2019 21:14:25 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
30.07.2019 21:14:25 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
30.07.2019 21:14:25 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
30.07.2019 21:14:25 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
30.07.2019 21:14:27 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
30.07.2019 21:14:27 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
30.07.2019 21:14:27 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
30.07.2019 21:14:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
30.07.2019 21:14:27 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
30.07.2019 21:14:27 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
30.07.2019 21:14:28 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
30.07.2019 21:14:28 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
30.07.2019 21:14:28 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
30.07.2019 21:14:28 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
30.07.2019 21:14:29 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
30.07.2019 21:14:29 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
30.07.2019 21:14:29 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
30.07.2019 21:14:29 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
30.07.2019 21:14:30 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 30.07.2019 21:14:31
Anti-malware scan started at: 31.07.2019 01:16:26
31.07.2019 01:17:19 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
31.07.2019 01:17:19 Running Processes
Probably Malicious: hsscp.exe = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\HSSCP.EXE
31.07.2019 01:17:22 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
31.07.2019 01:17:22 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
31.07.2019 01:17:22 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
31.07.2019 01:17:22 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
31.07.2019 01:18:34 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
31.07.2019 01:18:35 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
31.07.2019 01:18:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
31.07.2019 01:18:36 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
31.07.2019 01:19:23 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
31.07.2019 01:19:23 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
31.07.2019 01:19:23 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
31.07.2019 01:19:23 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
31.07.2019 01:19:23 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 01:19:23 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
31.07.2019 01:19:23 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
31.07.2019 01:19:24 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 01:19:24 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 01:19:24 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 01:22:17 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
31.07.2019 01:22:17 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
31.07.2019 01:22:17 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
31.07.2019 01:22:17 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
31.07.2019 01:22:28 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
31.07.2019 01:22:28 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
31.07.2019 01:22:28 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
31.07.2019 01:22:28 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
31.07.2019 01:22:28 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
31.07.2019 01:22:28 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.22_0
31.07.2019 01:22:28 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
31.07.2019 01:22:28 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
31.07.2019 01:22:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
31.07.2019 01:22:29 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
31.07.2019 01:22:33 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
31.07.2019 01:22:33 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
31.07.2019 01:22:33 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
31.07.2019 01:22:34 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 31.07.2019 01:22:35
Anti-malware scan started at: 31.07.2019 02:19:33
31.07.2019 02:26:16 Running Processes
Unknown: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
31.07.2019 02:26:16 Running Processes
Unknown: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 02:26:16 Running Processes
Unknown: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 02:26:16 Running Processes
Unknown: taskhostw.exe = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 02:26:16 Running Processes
Unknown: IDMan.exe = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
31.07.2019 02:26:17 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
31.07.2019 02:26:17 Running Processes
Unknown: arc.exe = C:\PROGRAM FILES (X86)\MONSTER BOY AND THE CURSED
KINGDOM\ARC.EXE
31.07.2019 02:26:17 Running Processes
Unknown: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
31.07.2019 02:26:17 Running Processes
Unknown: MicrosoftHost.exe = C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
31.07.2019 02:26:17 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
31.07.2019 02:26:17 Running Processes
Unknown: taskhostw.exe = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 02:26:17 Running Processes
Unknown: Launcher64.exe = C:\PROGRAM FILES (X86)\MONSTER BOY AND THE CURSED
KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 02:26:17 Running Processes
Unknown: Launcher64.exe = C:\PROGRAM FILES (X86)\MONSTER BOY AND THE CURSED
KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 02:26:17 Running Processes
Unknown: Launcher64.exe = C:\PROGRAM FILES (X86)\MONSTER BOY AND THE CURSED
KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 02:26:17 Running Processes
Unknown: Launcher64.exe = C:\PROGRAM FILES (X86)\MONSTER BOY AND THE CURSED
KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 02:29:21 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
31.07.2019 02:29:21 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
31.07.2019 02:29:21 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
31.07.2019 02:29:21 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 31.07.2019 02:29:26
Anti-malware scan started at: 31.07.2019 06:29:53
31.07.2019 06:30:06 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: rundll.exe = C:\PROGRAMDATA\RUNDLL\RUNDLL.EXE
31.07.2019 06:30:06 Running Processes
Probably Malicious: system.exe = C:\PROGRAMDATA\RUNDLL\SYSTEM.EXE
31.07.2019 06:30:07 Applications
Probably Malicious: HotspotShield =
31.07.2019 06:30:07 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
31.07.2019 06:30:07 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
31.07.2019 06:30:08 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
31.07.2019 06:30:39 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
31.07.2019 06:30:39 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
31.07.2019 06:30:40 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
31.07.2019 06:30:40 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
31.07.2019 06:31:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
31.07.2019 06:31:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\MediaHuman YouTube Downloader.lnk = C:\PROGRAM FILES
(X86)\MEDIAHUMAN\YOUTUBE DOWNLOADER\YOUTUBEDOWNLOADER.EXE
31.07.2019 06:31:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
31.07.2019 06:31:04 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
31.07.2019 06:31:05 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Play.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MRPLAY.EXE
31.07.2019 06:31:05 User Shortcuts
Unknown: C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk = C:\PROGRAM FILES
(X86)\NEMEX\MOUSE RECORDER PRO 2\MOUSE RECORDER PRO.EXE
31.07.2019 06:31:05 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
31.07.2019 06:31:05 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
31.07.2019 06:31:05 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
31.07.2019 06:31:05 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 06:31:05 Startup Folder
Probably Malicious: vbs.vbs = C:\USERS\HOME\APPDATA\ROAMING\MICROSOFT\WINDOWS\START
MENU\PROGRAMS\STARTUP\VBS.VBS
31.07.2019 06:31:05 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
31.07.2019 06:31:05 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
31.07.2019 06:31:05 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
31.07.2019 06:31:05 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 06:31:05 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
31.07.2019 06:32:02 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
31.07.2019 06:32:02 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
31.07.2019 06:32:02 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
31.07.2019 06:32:02 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
31.07.2019 06:32:08 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
31.07.2019 06:32:08 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
31.07.2019 06:32:08 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
31.07.2019 06:32:08 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
31.07.2019 06:32:08 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
31.07.2019 06:32:08 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
31.07.2019 06:32:08 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
31.07.2019 06:32:08 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
31.07.2019 06:32:08 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
31.07.2019 06:32:08 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
31.07.2019 06:32:11 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
31.07.2019 06:32:11 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 4 = https://maranhesduve.club:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 5 = https://click-on-this.today:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 6 = https://p4.maranhesduve.club:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Unknown: 7 = https://talbeinhecrof.info:443,*
31.07.2019 06:32:11 Google Chrome Notifications
Probably Malicious: 8 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 31.07.2019 06:32:12
Anti-malware scan started at: 2019/08/01 16:53:09
2019/08/01 16:53:51 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
2019/08/01 16:53:51 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
2019/08/01 16:53:53 Applications
Probably Malicious: HotspotShield =
2019/08/01 16:53:53 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
2019/08/01 16:53:53 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
2019/08/01 16:53:53 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
2019/08/01 16:54:31 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
2019/08/01 16:54:31 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/01 16:54:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
2019/08/01 16:54:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
2019/08/01 16:54:32 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
2019/08/01 16:54:32 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
2019/08/01 16:54:32 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
2019/08/01 16:54:55 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
2019/08/01 16:54:55 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
2019/08/01 16:54:55 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
2019/08/01 16:54:55 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
2019/08/01 16:54:55 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
2019/08/01 16:54:55 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
2019/08/01 16:54:55 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
2019/08/01 16:54:55 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
2019/08/01 16:54:55 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
2019/08/01 16:54:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
2019/08/01 16:54:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
2019/08/01 16:54:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/01 16:54:55 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/01 16:56:05 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
2019/08/01 16:56:05 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
2019/08/01 16:56:05 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
2019/08/01 16:56:05 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
2019/08/01 16:56:12 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
2019/08/01 16:56:13 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
2019/08/01 16:56:13 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
2019/08/01 16:56:13 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
2019/08/01 16:56:13 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
2019/08/01 16:56:13 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
2019/08/01 16:56:13 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
2019/08/01 16:56:13 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
2019/08/01 16:56:13 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
2019/08/01 16:56:13 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
2019/08/01 16:56:16 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
2019/08/01 16:56:16 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
2019/08/01 16:56:16 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 2019/08/01 16:56:17
Anti-malware scan started at: 01.08.2019 20:56:34
01.08.2019 20:57:07 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
01.08.2019 20:57:07 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
01.08.2019 20:57:09 Applications
Probably Malicious: HotspotShield =
01.08.2019 20:57:09 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
01.08.2019 20:57:09 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
01.08.2019 20:57:09 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
01.08.2019 20:57:56 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
01.08.2019 20:57:56 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
01.08.2019 20:57:57 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
01.08.2019 20:58:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
01.08.2019 20:58:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
01.08.2019 20:58:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
01.08.2019 20:58:26 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
01.08.2019 20:58:26 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
01.08.2019 20:58:26 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
01.08.2019 20:58:26 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
01.08.2019 20:58:26 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
01.08.2019 20:58:26 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
01.08.2019 20:58:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
01.08.2019 20:58:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
01.08.2019 20:58:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
01.08.2019 20:58:26 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
01.08.2019 20:59:57 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
01.08.2019 20:59:57 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
01.08.2019 20:59:57 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
01.08.2019 20:59:57 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
01.08.2019 21:00:04 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
01.08.2019 21:00:04 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
01.08.2019 21:00:04 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
01.08.2019 21:00:04 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
01.08.2019 21:00:04 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
01.08.2019 21:00:04 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
01.08.2019 21:00:04 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
01.08.2019 21:00:04 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
01.08.2019 21:00:04 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
01.08.2019 21:00:04 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
01.08.2019 21:00:07 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
01.08.2019 21:00:07 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
01.08.2019 21:00:07 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 01.08.2019 21:00:08
Anti-malware scan started at: 02.08.2019 01:02:00
02.08.2019 01:02:42 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 01:02:42 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 01:02:42 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 01:02:42 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 01:02:43 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 01:02:43 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 01:02:43 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 01:02:43 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
02.08.2019 01:02:45 Applications
Probably Malicious: HotspotShield =
02.08.2019 01:02:45 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
02.08.2019 01:02:45 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
02.08.2019 01:02:45 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 01:03:26 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
02.08.2019 01:03:27 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 01:03:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 01:03:28 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 01:03:28 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 01:03:28 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 01:03:28 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 01:04:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 01:04:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 01:04:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 01:04:08 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 01:04:08 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 01:04:08 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 01:04:08 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 01:04:08 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 01:04:08 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 01:04:08 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 01:04:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 01:04:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 01:04:09 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 01:07:19 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
02.08.2019 01:07:19 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 01:07:20 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 01:07:20 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 01:07:28 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 01:07:28 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 01:07:28 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 01:07:28 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 01:07:28 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 01:07:28 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 01:07:29 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 01:07:29 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 01:07:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 01:07:29 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 01:07:32 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 01:07:33 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 01:07:33 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 01:07:33 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 01:07:34 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 01:07:34 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 01:07:35
Anti-malware scan started at: 02.08.2019 05:07:57
02.08.2019 05:08:33 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 05:08:33 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
02.08.2019 05:08:36 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 05:09:39 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 05:09:40 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 05:09:40 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 05:10:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 05:10:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 05:10:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 05:10:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
02.08.2019 05:10:33 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 05:10:33 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 05:10:34 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 05:10:34 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 05:10:34 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 05:10:34 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 05:10:34 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 05:10:34 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 05:10:34 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 05:10:34 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 05:12:56 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 05:12:56 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 05:12:56 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 05:13:08 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
02.08.2019 05:13:08 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 05:13:08 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 05:13:09 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
02.08.2019 05:13:09 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 05:13:09 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 05:13:09 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 05:13:09 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 05:13:09 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 05:13:09 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 05:13:09 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 05:13:09 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 05:13:13 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 05:13:13 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 05:13:13 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 05:13:13 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 05:13:14 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 05:13:15
Anti-malware scan started at: 02.08.2019 09:13:35
02.08.2019 09:14:12 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 09:14:12 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
02.08.2019 09:14:14 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 09:15:08 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 09:15:08 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 09:15:09 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 09:15:54 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 09:15:54 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 09:15:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 09:15:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
02.08.2019 09:15:54 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 09:15:55 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 09:15:55 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 09:15:55 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 09:15:55 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 09:15:55 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 09:15:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 09:15:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 09:15:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 09:15:55 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 09:18:04 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 09:18:04 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 09:18:04 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 09:18:13 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
02.08.2019 09:18:14 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 09:18:14 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 09:18:14 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
02.08.2019 09:18:14 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 09:18:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 09:18:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 09:18:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 09:18:14 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 09:18:14 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 09:18:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 09:18:14 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 09:18:19 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 09:18:19 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 09:18:19 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 09:18:21
Anti-malware scan started at: 02.08.2019 13:18:39
02.08.2019 13:19:32 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 13:19:32 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
02.08.2019 13:19:35 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 13:20:25 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 13:20:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 13:20:26 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 13:21:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 13:21:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 13:21:21 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 13:21:21 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
02.08.2019 13:21:21 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 13:21:21 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 13:21:21 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 13:21:21 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 13:21:21 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 13:21:21 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 13:21:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 13:21:21 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 13:21:21 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 13:21:21 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 13:23:45 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 13:23:45 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 13:23:45 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 13:23:54 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
02.08.2019 13:23:54 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 13:23:54 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 13:23:54 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
02.08.2019 13:23:54 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 13:23:54 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 13:23:54 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 13:23:55 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 13:23:55 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 13:23:55 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 13:23:55 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 13:23:55 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 13:24:15 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 13:24:15 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 13:24:15 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 13:24:17
Anti-malware scan started at: 02.08.2019 17:24:35
02.08.2019 17:24:52 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 17:24:53 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
02.08.2019 17:24:54 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 17:25:36 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 17:25:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 17:25:37 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 17:25:37 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 17:25:37 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 17:26:07 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 17:26:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 17:26:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 17:26:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
02.08.2019 17:26:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
02.08.2019 17:26:08 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 17:26:08 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 17:26:08 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 17:26:08 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 17:26:08 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 17:26:08 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 17:26:08 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 17:26:08 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 17:26:08 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 17:26:08 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 17:27:11 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 17:27:11 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 17:27:11 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 17:27:17 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
02.08.2019 17:27:17 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 17:27:17 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 17:27:17 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
02.08.2019 17:27:17 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 17:27:17 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 17:27:17 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 17:27:18 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 17:27:18 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 17:27:18 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 17:27:18 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 17:27:18 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 17:27:20 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 17:27:20 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 17:27:20 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 17:27:20 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 17:27:20 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 17:27:20 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 17:27:20 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 17:27:21 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 17:27:21 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 17:27:21 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 17:27:21 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 17:27:22
Anti-malware scan started at: 02.08.2019 22:14:53
02.08.2019 22:15:12 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
02.08.2019 22:15:12 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
02.08.2019 22:15:13 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
02.08.2019 22:15:55 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
02.08.2019 22:15:55 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
02.08.2019 22:15:56 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
02.08.2019 22:15:56 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 22:15:56 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
02.08.2019 22:16:20 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
02.08.2019 22:16:20 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
02.08.2019 22:16:20 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
02.08.2019 22:16:20 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
02.08.2019 22:16:20 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 22:16:20 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
02.08.2019 22:16:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
02.08.2019 22:16:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
02.08.2019 22:16:20 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 22:16:20 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
02.08.2019 22:17:20 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
02.08.2019 22:17:20 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
02.08.2019 22:17:20 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
02.08.2019 22:17:29 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
02.08.2019 22:17:29 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
02.08.2019 22:17:29 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
02.08.2019 22:17:29 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
02.08.2019 22:17:29 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
02.08.2019 22:17:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
02.08.2019 22:17:29 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
02.08.2019 22:17:29 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
02.08.2019 22:17:29 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
02.08.2019 22:17:29 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
02.08.2019 22:17:29 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
02.08.2019 22:17:29 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
02.08.2019 22:17:31 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
02.08.2019 22:17:31 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
02.08.2019 22:17:31 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
02.08.2019 22:17:31 Google Chrome Notifications
Probably Malicious: 1 = https://www1.ecleneue.com:443,*
02.08.2019 22:17:31 Google Chrome Notifications
Unknown: 2 = https://ww8.ouo.today:443,*
02.08.2019 22:17:31 Google Chrome Notifications
Unknown: 3 = https://pastemten.com:443,*
02.08.2019 22:17:32 Google Chrome Notifications
Probably Malicious: 5 = https://maranhesduve.club:443,*
02.08.2019 22:17:32 Google Chrome Notifications
Probably Malicious: 6 = https://click-on-this.today:443,*
02.08.2019 22:17:32 Google Chrome Notifications
Probably Malicious: 7 = https://p4.maranhesduve.club:443,*
02.08.2019 22:17:32 Google Chrome Notifications
Unknown: 8 = https://talbeinhecrof.info:443,*
02.08.2019 22:17:32 Google Chrome Notifications
Probably Malicious: 9 = https://crackingpatching.com:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 02.08.2019 22:17:33
Anti-malware scan started at: 04.08.2019 00:49:59
2019/08/04 00:51:17 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
2019/08/04 00:51:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
2019/08/04 00:51:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
2019/08/04 00:51:17 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
2019/08/04 00:51:17 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
2019/08/04 00:51:19 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
2019/08/04 00:55:13 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
2019/08/04 00:55:13 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
2019/08/04 00:55:14 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Ares.lnk = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
2019/08/04 00:56:08 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
2019/08/04 00:56:08 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
2019/08/04 00:56:08 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
2019/08/04 00:56:08 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
2019/08/04 00:56:08 Registry Run
Unknown: ares = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
2019/08/04 00:56:08 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
2019/08/04 00:56:08 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\USERS\HOME\APPDATA\LOCAL\TEMP\AZ3R.VBS
2019/08/04 00:56:08 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
2019/08/04 00:56:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
2019/08/04 00:56:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/04 00:56:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
2019/08/04 00:56:09 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
2019/08/04 00:59:13 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
2019/08/04 00:59:13 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
2019/08/04 00:59:13 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
2019/08/04 00:59:25 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
2019/08/04 00:59:25 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
2019/08/04 00:59:25 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
2019/08/04 00:59:25 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
2019/08/04 00:59:25 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
2019/08/04 00:59:25 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
2019/08/04 00:59:25 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
2019/08/04 00:59:25 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
2019/08/04 00:59:25 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
2019/08/04 00:59:25 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
2019/08/04 00:59:25 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
2019/08/04 00:59:26 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
2019/08/04 00:59:28 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
2019/08/04 00:59:28 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 2019/08/04 00:59:29
Anti-malware scan started at: 04.08.2019 04:59:54
04.08.2019 05:00:25 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 05:00:25 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 05:00:25 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 05:00:25 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
04.08.2019 05:00:26 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
04.08.2019 05:00:26 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
04.08.2019 05:00:26 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
04.08.2019 05:00:26 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
04.08.2019 05:00:28 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
04.08.2019 05:01:34 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
04.08.2019 05:01:34 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 05:01:35 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
04.08.2019 05:02:43 User Shortcuts
Unknown: C:\Users\Home\Desktop\Ares.lnk = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 05:02:43 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 05:02:44 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
04.08.2019 05:02:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
04.08.2019 05:02:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
04.08.2019 05:02:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
04.08.2019 05:02:44 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
04.08.2019 05:02:44 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
04.08.2019 05:02:44 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
04.08.2019 05:02:44 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 05:02:44 Registry Run
Unknown: ares = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 05:02:44 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 05:02:44 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
04.08.2019 05:02:44 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
04.08.2019 05:02:44 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 05:02:44 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 05:02:44 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
04.08.2019 05:02:44 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 05:05:51 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 05:05:51 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 05:05:51 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
04.08.2019 05:06:01 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
04.08.2019 05:06:01 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
04.08.2019 05:06:01 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
04.08.2019 05:06:01 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
04.08.2019 05:06:01 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
04.08.2019 05:06:01 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
04.08.2019 05:06:02 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
04.08.2019 05:06:02 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
04.08.2019 05:06:02 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
04.08.2019 05:06:02 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
04.08.2019 05:06:02 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
04.08.2019 05:06:02 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
04.08.2019 05:06:05 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
04.08.2019 05:06:05 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.08.2019 05:06:06
Anti-malware scan started at: 04.08.2019 09:07:47
04.08.2019 09:12:22 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 09:12:23 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 09:12:23 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 09:12:24 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
04.08.2019 09:12:24 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
04.08.2019 09:12:25 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
04.08.2019 09:12:26 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
04.08.2019 09:12:27 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
04.08.2019 09:12:37 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
04.08.2019 09:23:57 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
04.08.2019 09:23:59 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
04.08.2019 09:23:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
04.08.2019 09:23:59 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
04.08.2019 09:24:00 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
04.08.2019 09:24:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
04.08.2019 09:24:02 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
04.08.2019 09:24:02 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
04.08.2019 09:24:03 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
04.08.2019 09:24:04 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
04.08.2019 09:24:05 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
04.08.2019 09:24:06 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
04.08.2019 09:24:06 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
04.08.2019 09:24:07 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
04.08.2019 09:24:07 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
04.08.2019 09:24:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
04.08.2019 09:24:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
04.08.2019 09:24:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
04.08.2019 09:24:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
04.08.2019 09:24:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
04.08.2019 09:24:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
04.08.2019 09:24:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 09:24:09 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
04.08.2019 09:24:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
04.08.2019 09:24:10 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
04.08.2019 09:24:10 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 09:24:11 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
04.08.2019 09:29:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Ares.lnk = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 09:29:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 09:29:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
04.08.2019 09:29:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
04.08.2019 09:29:27 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
04.08.2019 09:29:27 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
04.08.2019 09:29:27 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
04.08.2019 09:29:27 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
04.08.2019 09:29:27 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
04.08.2019 09:29:27 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 09:29:27 Registry Run
Unknown: ares = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 09:29:27 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 09:29:27 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
04.08.2019 09:29:27 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
04.08.2019 09:29:27 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 09:29:27 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 09:29:27 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
04.08.2019 09:29:27 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 09:31:50 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 09:31:50 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 09:31:50 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
04.08.2019 09:32:01 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
04.08.2019 09:32:01 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
04.08.2019 09:32:01 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
04.08.2019 09:32:01 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
04.08.2019 09:32:01 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
04.08.2019 09:32:01 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
04.08.2019 09:32:01 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
04.08.2019 09:32:01 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
04.08.2019 09:32:01 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
04.08.2019 09:32:01 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
04.08.2019 09:32:02 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
04.08.2019 09:32:02 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
04.08.2019 09:32:06 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
04.08.2019 09:32:06 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.08.2019 09:32:07
Anti-malware scan started at: 04.08.2019 13:32:25
04.08.2019 13:32:44 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
04.08.2019 13:32:44 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
04.08.2019 13:32:46 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
04.08.2019 13:33:35 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
04.08.2019 13:33:36 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 13:33:36 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Ares.lnk = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
04.08.2019 13:34:20 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
04.08.2019 13:34:20 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
04.08.2019 13:34:20 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
04.08.2019 13:34:20 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 13:34:20 Registry Run
Unknown: ares = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 13:34:20 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 13:34:20 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
04.08.2019 13:34:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
04.08.2019 13:34:20 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 13:34:21 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 13:34:21 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
04.08.2019 13:34:21 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 13:35:37 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 13:35:37 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 13:35:37 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
04.08.2019 13:35:47 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
04.08.2019 13:35:47 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
04.08.2019 13:35:47 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
04.08.2019 13:35:47 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
04.08.2019 13:35:47 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
04.08.2019 13:35:47 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
04.08.2019 13:35:47 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
04.08.2019 13:35:47 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
04.08.2019 13:35:47 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
04.08.2019 13:35:47 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
04.08.2019 13:35:47 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
04.08.2019 13:35:47 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
04.08.2019 13:35:50 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
04.08.2019 13:35:50 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.08.2019 13:35:51
Anti-malware scan started at: 04.08.2019 17:36:08
04.08.2019 17:36:27 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
04.08.2019 17:36:27 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
04.08.2019 17:36:29 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
04.08.2019 17:37:20 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
04.08.2019 17:37:20 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
04.08.2019 17:37:21 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
04.08.2019 17:37:21 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 17:37:21 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Ares.lnk = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
04.08.2019 17:38:04 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
04.08.2019 17:38:04 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
04.08.2019 17:38:04 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
04.08.2019 17:38:04 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 17:38:04 Registry Run
Unknown: ares = C:\PROGRAM FILES (X86)\ARES\ARES.EXE
04.08.2019 17:38:04 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 17:38:04 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
04.08.2019 17:38:04 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
04.08.2019 17:38:05 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 17:38:05 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 17:38:05 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
04.08.2019 17:38:05 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 17:39:21 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 17:39:21 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 17:39:21 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
04.08.2019 17:39:30 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
04.08.2019 17:39:30 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
04.08.2019 17:39:30 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
04.08.2019 17:39:30 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
04.08.2019 17:39:30 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
04.08.2019 17:39:30 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
04.08.2019 17:39:30 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
04.08.2019 17:39:30 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
04.08.2019 17:39:30 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
04.08.2019 17:39:30 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
04.08.2019 17:39:30 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
04.08.2019 17:39:30 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
04.08.2019 17:39:33 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
04.08.2019 17:39:33 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.08.2019 17:39:34
Anti-malware scan started at: 04.08.2019 21:41:33
04.08.2019 21:42:58 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: wscript.exe = C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
04.08.2019 21:42:58 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
04.08.2019 21:43:00 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
04.08.2019 21:43:00 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
04.08.2019 21:43:00 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
04.08.2019 21:43:00 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
04.08.2019 21:45:13 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
04.08.2019 21:45:14 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
04.08.2019 21:45:14 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
04.08.2019 21:45:14 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 21:45:14 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Home\Desktop\TrackOFF.lnk = C:\PROGRAM FILES
(X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
04.08.2019 21:47:51 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
04.08.2019 21:47:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
04.08.2019 21:47:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
04.08.2019 21:47:52 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
04.08.2019 21:47:52 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
04.08.2019 21:47:52 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
04.08.2019 21:47:52 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
04.08.2019 21:47:52 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
04.08.2019 21:47:52 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
04.08.2019 21:47:52 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
04.08.2019 21:47:52 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
04.08.2019 21:47:52 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 21:47:52 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
04.08.2019 21:47:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
04.08.2019 21:47:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\TrackOFF\TrackOFFStart =
C:\PROGRAM FILES (X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
04.08.2019 21:47:52 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
04.08.2019 21:47:52 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 21:47:53 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
04.08.2019 21:47:53 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
04.08.2019 21:47:53 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
04.08.2019 21:47:53 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
04.08.2019 21:53:11 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
04.08.2019 21:53:11 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
04.08.2019 21:53:11 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
04.08.2019 21:53:11 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
04.08.2019 21:53:11 Drivers
Probably Malicious: netfilter2 = C:\WINDOWS\SYSTEM32\DRIVERS\NETFILTER2.SYS
04.08.2019 21:53:21 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
04.08.2019 21:53:21 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
04.08.2019 21:53:21 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
04.08.2019 21:53:21 FireFox Components and Extensions
Unknown: antFF2 = C:\Program Files (x86)\Ant Download Manager\antFF\antFF2.xpi
04.08.2019 21:53:21 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
04.08.2019 21:53:21 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
04.08.2019 21:53:21 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
04.08.2019 21:53:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
04.08.2019 21:53:22 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.12_0
04.08.2019 21:53:22 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
04.08.2019 21:53:22 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
04.08.2019 21:53:22 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
04.08.2019 21:53:22 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
04.08.2019 21:53:22 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
04.08.2019 21:53:22 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
04.08.2019 21:53:24 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
04.08.2019 21:53:24 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 04.08.2019 21:53:25
Anti-malware scan started at: 05.08.2019 01:57:27
05.08.2019 01:57:45 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
05.08.2019 01:57:45 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
05.08.2019 01:57:46 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
05.08.2019 01:57:46 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
05.08.2019 01:57:46 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
05.08.2019 01:57:47 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
05.08.2019 01:59:09 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
05.08.2019 01:59:09 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 01:59:10 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Home\Desktop\TrackOFF.lnk = C:\PROGRAM FILES
(X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
05.08.2019 02:00:17 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
05.08.2019 02:00:18 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
05.08.2019 02:00:18 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 02:00:18 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
05.08.2019 02:00:18 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
05.08.2019 02:00:18 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 02:00:18 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
05.08.2019 02:00:18 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
05.08.2019 02:00:18 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 02:00:18 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 02:00:18 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
05.08.2019 02:00:18 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
05.08.2019 02:00:18 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
05.08.2019 02:00:18 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\TrackOFF\TrackOFFStart =
C:\PROGRAM FILES (X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 02:00:18 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 02:00:19 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 02:00:19 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
05.08.2019 02:00:19 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 02:00:19 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 02:00:19 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 02:02:02 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
05.08.2019 02:02:02 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 02:02:02 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 02:02:03 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
05.08.2019 02:02:03 Drivers
Probably Malicious: netfilter2 = C:\WINDOWS\SYSTEM32\DRIVERS\NETFILTER2.SYS
05.08.2019 02:02:30 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
05.08.2019 02:02:30 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
05.08.2019 02:02:30 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
05.08.2019 02:02:30 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
05.08.2019 02:02:30 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
05.08.2019 02:02:30 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.15_0
05.08.2019 02:02:30 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
05.08.2019 02:02:30 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
05.08.2019 02:02:30 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
05.08.2019 02:02:30 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
05.08.2019 02:02:31 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
05.08.2019 02:02:31 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
05.08.2019 02:02:31 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
05.08.2019 02:02:31 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
05.08.2019 02:02:33 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
05.08.2019 02:02:33 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 05.08.2019 02:02:34
Anti-malware scan started at: 05.08.2019 06:02:56
05.08.2019 06:03:18 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
05.08.2019 06:03:18 Running Processes
Probably Malicious: notepad.exe = C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
05.08.2019 06:03:19 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
05.08.2019 06:03:21 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
05.08.2019 06:03:21 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
05.08.2019 06:03:21 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
05.08.2019 06:03:21 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
05.08.2019 06:04:24 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
05.08.2019 06:04:25 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 06:04:25 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Home\Desktop\TrackOFF.lnk = C:\PROGRAM FILES
(X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
05.08.2019 06:05:25 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
05.08.2019 06:05:25 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
05.08.2019 06:05:26 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 06:05:26 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
05.08.2019 06:05:26 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
05.08.2019 06:05:26 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 06:05:26 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
05.08.2019 06:05:26 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
05.08.2019 06:05:26 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 06:05:26 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 06:05:26 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
05.08.2019 06:05:26 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
05.08.2019 06:05:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
05.08.2019 06:05:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\TrackOFF\TrackOFFStart =
C:\PROGRAM FILES (X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 06:05:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 06:05:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 06:05:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
05.08.2019 06:05:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 06:05:26 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 06:05:26 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 06:07:10 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
05.08.2019 06:07:10 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 06:07:10 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 06:07:10 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
05.08.2019 06:07:10 Drivers
Probably Malicious: netfilter2 = C:\WINDOWS\SYSTEM32\DRIVERS\NETFILTER2.SYS
05.08.2019 06:07:19 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
05.08.2019 06:07:19 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
05.08.2019 06:07:19 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
05.08.2019 06:07:19 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
05.08.2019 06:07:20 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
05.08.2019 06:07:20 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.15_0
05.08.2019 06:07:20 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
05.08.2019 06:07:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
05.08.2019 06:07:20 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
05.08.2019 06:07:20 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
05.08.2019 06:07:20 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
05.08.2019 06:07:20 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
05.08.2019 06:07:20 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
05.08.2019 06:07:20 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
05.08.2019 06:07:23 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
05.08.2019 06:07:23 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 05.08.2019 06:07:24
Anti-malware scan started at: 05.08.2019 10:07:47
05.08.2019 10:08:14 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 10:08:14 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 10:08:14 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 10:08:14 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
05.08.2019 10:08:14 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
05.08.2019 10:08:15 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
05.08.2019 10:08:15 Running Processes
Probably Malicious: notepad.exe = C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
05.08.2019 10:08:15 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
05.08.2019 10:08:17 Applications
Probably Malicious: {8267a087-d000-4732-8fac-d6013e229f32} =
"C:\ProgramData\Package Cache\{8267a087-d000-4732-8fac-d6013e229f32}\HSS-8.4.5-
install-plain-773-plain.exe" /uninstall /quiet
05.08.2019 10:08:17 Applications
Probably Malicious: {AF599C42-A2E5-4251-B7EE-4925D167FF5A} = MsiExec.exe
/X{AF599C42-A2E5-4251-B7EE-4925D167FF5A}
05.08.2019 10:08:17 Applications
Probably Malicious: HotspotShield = msiexec.exe /x {AF599C42-A2E5-4251-B7EE-
4925D167FF5A} /L*V %TEMP%\HSS-8.4.5-install-plain-773-plain.exe.log
05.08.2019 10:08:17 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
05.08.2019 10:09:42 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: Hotspot Shield = C:\PROGRAMDATA\HOTSPOT SHIELD\
05.08.2019 10:09:43 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
05.08.2019 10:09:43 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
05.08.2019 10:09:43 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
05.08.2019 10:09:43 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
05.08.2019 10:09:43 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 10:09:44 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
05.08.2019 10:10:53 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 10:10:53 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
05.08.2019 10:10:53 User Shortcuts
Unknown: C:\Users\Home\Desktop\TrackOFF.lnk = C:\PROGRAM FILES
(X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 10:10:53 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 10:10:53 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
05.08.2019 10:10:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 10:10:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
05.08.2019 10:10:54 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
05.08.2019 10:10:54 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
05.08.2019 10:10:54 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 10:10:54 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
05.08.2019 10:10:54 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
05.08.2019 10:10:54 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
05.08.2019 10:10:54 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
05.08.2019 10:10:54 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
05.08.2019 10:10:54 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
05.08.2019 10:10:54 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 10:10:54 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
05.08.2019 10:10:54 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
05.08.2019 10:10:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
05.08.2019 10:10:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\TrackOFF\TrackOFFStart =
C:\PROGRAM FILES (X86)\TRACKOFF\TRACKOFFAPPLICATION.EXE
05.08.2019 10:10:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
05.08.2019 10:10:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 10:10:55 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
05.08.2019 10:10:55 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 10:10:55 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
05.08.2019 10:10:55 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
05.08.2019 10:12:55 Auto Services
Probably Malicious: hshld = C:\PROGRAM FILES (X86)\HOTSPOT SHIELD\BIN\CMW_SRV.EXE
05.08.2019 10:12:55 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
05.08.2019 10:12:55 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 10:12:55 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
05.08.2019 10:12:55 Drivers
Probably Malicious: netfilter2 = C:\WINDOWS\SYSTEM32\DRIVERS\NETFILTER2.SYS
05.08.2019 10:13:12 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
05.08.2019 10:13:12 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
05.08.2019 10:13:12 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
05.08.2019 10:13:12 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
05.08.2019 10:13:12 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
05.08.2019 10:13:12 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.15_0
05.08.2019 10:13:12 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
05.08.2019 10:13:12 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
05.08.2019 10:13:12 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
05.08.2019 10:13:12 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
05.08.2019 10:13:12 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
05.08.2019 10:13:13 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
05.08.2019 10:13:13 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
05.08.2019 10:13:13 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
05.08.2019 10:13:16 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
05.08.2019 10:13:16 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 05.08.2019 10:13:17
Anti-malware scan started at: 05.08.2019 16:32:09
05.08.2019 16:32:23 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
05.08.2019 16:32:23 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 16:32:24 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
05.08.2019 16:32:24 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
05.08.2019 16:32:24 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
05.08.2019 16:32:24 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
Sending Pipe to UnHackMe success!
Anti-malware scan finished at: 2019/08/06 02:57:34
Anti-malware scan started at: 06.08.2019 07:51:00
06.08.2019 07:51:17 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
06.08.2019 07:51:17 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
06.08.2019 07:51:18 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
06.08.2019 07:52:01 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
06.08.2019 07:52:02 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
06.08.2019 07:52:02 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
06.08.2019 07:52:02 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
06.08.2019 07:52:31 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 07:52:31 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
06.08.2019 07:52:31 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
06.08.2019 07:52:31 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
06.08.2019 07:52:31 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
06.08.2019 07:52:31 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
06.08.2019 07:52:32 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
06.08.2019 07:52:32 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
06.08.2019 07:52:32 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
06.08.2019 07:52:32 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
06.08.2019 07:52:32 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
06.08.2019 07:52:32 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
06.08.2019 07:52:32 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 07:52:32 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
06.08.2019 07:52:32 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 07:52:32 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 07:52:32 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 07:53:47 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
06.08.2019 07:53:47 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
06.08.2019 07:53:47 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
06.08.2019 07:53:57 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
06.08.2019 07:53:57 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
06.08.2019 07:53:57 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
06.08.2019 07:53:57 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
06.08.2019 07:53:58 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
06.08.2019 07:53:58 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.15_0
06.08.2019 07:53:58 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
06.08.2019 07:53:58 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
06.08.2019 07:53:58 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
06.08.2019 07:53:58 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
06.08.2019 07:53:58 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
06.08.2019 07:53:58 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
06.08.2019 07:53:58 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
06.08.2019 07:53:58 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
06.08.2019 07:54:00 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
06.08.2019 07:54:00 Proxy
Unknown: ProxyServer =
http=127.0.0.1:58984;https=127.0.0.1:58984;socks=127.0.0.1:58983
06.08.2019 07:54:00 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
06.08.2019 07:54:00 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 06.08.2019 07:54:00
Anti-malware scan started at: 06.08.2019 12:16:08
06.08.2019 12:16:16 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
06.08.2019 12:16:16 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
06.08.2019 12:16:16 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
06.08.2019 12:16:16 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
06.08.2019 12:16:16 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
06.08.2019 12:16:17 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
06.08.2019 12:16:50 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
06.08.2019 12:16:51 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
06.08.2019 12:16:51 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\Ant Download Manager.lnk = C:\PROGRAM FILES
(X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
06.08.2019 12:17:08 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
06.08.2019 12:17:08 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 12:17:09 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
06.08.2019 12:17:09 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
06.08.2019 12:17:09 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
06.08.2019 12:17:09 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
06.08.2019 12:17:09 Registry Run
Unknown: antMR = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTMR.EXE
06.08.2019 12:17:09 Registry Run
Unknown: AntDM = C:\PROGRAM FILES (X86)\ANT DOWNLOAD MANAGER\ANTDM.EXE
06.08.2019 12:17:09 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
06.08.2019 12:17:09 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
06.08.2019 12:17:09 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
06.08.2019 12:17:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
06.08.2019 12:17:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
06.08.2019 12:17:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 12:17:09 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
06.08.2019 12:17:09 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 12:17:09 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
06.08.2019 12:17:09 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
06.08.2019 12:17:56 WinSock2 Components
Unknown: IPHiderLib.dll = C:\Program Files (x86)\IP Hider Pro\IPHiderLib.dll
06.08.2019 12:17:56 WinSock2 Components (x64)
Unknown: IPHiderLib64.dll = C:\Program Files (x86)\IP Hider Pro\IPHiderLib64.dll
06.08.2019 12:17:56 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
06.08.2019 12:17:56 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
06.08.2019 12:17:56 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
06.08.2019 12:18:04 Browser Helper Objects(x64)
Unknown: {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} = C:\PROGRAM FILES (X86)\ANT
DOWNLOAD MANAGER\ANTIE\ANTIE64.DLL
06.08.2019 12:18:04 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
06.08.2019 12:18:04 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
06.08.2019 12:18:04 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
06.08.2019 12:18:04 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
06.08.2019 12:18:05 Google Chrome Addons
Unknown: dalgiebmfcjackkbjfbfmlnflbdfbekj =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dalgiebmfcjackkbjfbfmlnflbdfbekj\0.4.15_0
06.08.2019 12:18:05 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
06.08.2019 12:18:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
06.08.2019 12:18:05 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
06.08.2019 12:18:05 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.23_0
06.08.2019 12:18:05 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
06.08.2019 12:18:05 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
06.08.2019 12:18:05 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
06.08.2019 12:18:05 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
06.08.2019 12:18:07 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
06.08.2019 12:18:07 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
06.08.2019 12:18:07 Google Chrome Notifications
Probably Malicious: 0 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 06.08.2019 12:18:08
Anti-malware scan started at: 08.08.2019 01:32:10
08.08.2019 01:33:15 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 01:33:15 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 01:33:15 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 01:33:15 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 01:33:15 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 01:33:16 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 01:34:57 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 01:34:57 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 01:36:00 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 01:36:01 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 01:36:01 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 01:36:01 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 01:36:01 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 01:36:01 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 01:36:01 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 01:36:01 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 01:36:01 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 01:36:01 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 01:36:01 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 01:36:01 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 01:36:01 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 01:36:01 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 01:36:01 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 01:36:01 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 01:36:01 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 01:39:49 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 01:39:49 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 01:39:49 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 01:40:13 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 01:40:13 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 01:40:13 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 01:40:13 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 01:40:13 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 01:40:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 01:40:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 01:40:14 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 01:40:14 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 01:40:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 01:40:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 01:40:14 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 01:40:16 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 01:40:16 Proxy
Unknown: ProxyServer =
http=127.0.0.1:50489;https=127.0.0.1:50489;socks=127.0.0.1:50488
08.08.2019 01:40:16 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 01:40:16 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 01:40:17
Anti-malware scan started at: 08.08.2019 05:40:34
08.08.2019 05:40:49 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: rundll.exe = C:\PROGRAMDATA\RUNDLL\RUNDLL.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
08.08.2019 05:40:49 Running Processes
Probably Malicious: system.exe = C:\PROGRAMDATA\RUNDLL\SYSTEM.EXE
08.08.2019 05:40:51 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 05:41:31 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 05:41:32 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 05:41:32 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 05:41:58 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 05:41:59 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 05:41:59 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 05:41:59 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 05:41:59 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 05:41:59 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 05:41:59 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 05:41:59 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 05:41:59 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 05:41:59 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 05:41:59 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 05:41:59 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 05:41:59 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 05:41:59 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 05:41:59 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 05:41:59 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 05:41:59 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 05:43:06 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 05:43:06 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 05:43:06 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 05:43:14 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 05:43:14 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 05:43:14 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 05:43:14 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 05:43:14 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 05:43:14 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 05:43:14 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 05:43:14 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 05:43:14 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 05:43:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 05:43:14 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 05:43:14 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 05:43:17 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 05:43:17 Proxy
Unknown: ProxyServer =
http=127.0.0.1:50489;https=127.0.0.1:50489;socks=127.0.0.1:50488
08.08.2019 05:43:17 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 05:43:17 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 05:43:18
Anti-malware scan started at: 08.08.2019 09:43:33
08.08.2019 09:43:45 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 09:43:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 09:43:45 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 09:43:45 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 09:43:46 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 09:43:46 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
08.08.2019 09:43:46 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
08.08.2019 09:43:46 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
08.08.2019 09:43:47 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 09:44:33 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 09:44:33 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 09:44:52 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 09:44:52 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 09:44:52 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 09:44:53 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 09:44:53 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 09:44:53 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 09:44:53 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 09:44:53 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 09:44:53 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 09:44:53 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 09:44:53 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 09:44:53 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 09:44:53 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 09:44:53 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 09:44:53 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 09:45:52 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 09:45:52 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 09:45:52 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 09:46:00 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 09:46:00 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 09:46:00 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 09:46:00 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 09:46:00 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 09:46:00 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 09:46:00 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 09:46:00 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 09:46:00 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 09:46:00 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 09:46:00 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 09:46:01 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 09:46:03 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 09:46:03 Proxy
Unknown: ProxyServer =
http=127.0.0.1:50489;https=127.0.0.1:50489;socks=127.0.0.1:50488
08.08.2019 09:46:03 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
08.08.2019 09:46:03 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 09:46:03 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 09:46:04
Anti-malware scan started at: 08.08.2019 13:46:19
08.08.2019 13:46:33 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
08.08.2019 13:46:33 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
08.08.2019 13:46:35 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 13:47:06 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 13:47:07 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 13:47:07 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 13:47:26 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 13:47:26 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 13:47:26 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 13:47:26 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 13:47:26 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 13:47:26 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 13:47:26 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 13:47:26 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 13:47:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 13:47:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 13:47:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 13:47:26 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 13:47:26 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 13:47:26 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 13:47:26 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 13:48:21 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 13:48:21 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 13:48:21 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 13:48:26 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 13:48:26 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 13:48:26 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 13:48:27 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 13:48:27 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 13:48:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 13:48:27 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 13:48:27 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 13:48:27 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 13:48:27 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 13:48:27 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 13:48:27 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 13:48:29 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 13:48:29 Proxy
Unknown: ProxyServer =
http=127.0.0.1:50489;https=127.0.0.1:50489;socks=127.0.0.1:50488
08.08.2019 13:48:29 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
08.08.2019 13:48:30 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 13:48:30 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 13:48:31
Anti-malware scan started at: 08.08.2019 17:48:45
08.08.2019 17:48:58 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
08.08.2019 17:48:58 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
08.08.2019 17:49:00 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 17:49:26 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 17:49:27 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 17:49:27 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 17:49:27 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 17:49:27 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 17:49:44 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 17:49:44 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 17:49:45 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 17:49:45 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 17:49:45 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 17:49:45 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 17:49:45 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 17:49:45 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 17:49:45 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 17:49:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 17:49:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 17:49:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 17:49:45 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 17:49:45 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 17:49:45 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 17:49:45 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 17:50:32 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 17:50:32 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 17:50:32 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 17:50:38 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 17:50:38 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 17:50:38 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 17:50:38 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 17:50:38 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 17:50:38 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 17:50:38 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 17:50:38 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 17:50:38 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 17:50:38 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 17:50:39 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 17:50:39 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 17:50:41 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 17:50:41 Proxy
Unknown: ProxyServer =
http=127.0.0.1:65005;https=127.0.0.1:65005;socks=127.0.0.1:65004
08.08.2019 17:50:41 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
08.08.2019 17:50:41 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 17:50:41 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 17:50:42
Anti-malware scan started at: 08.08.2019 21:51:14
08.08.2019 21:51:28 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 21:51:28 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 21:51:28 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
08.08.2019 21:51:28 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
08.08.2019 21:51:28 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
08.08.2019 21:51:29 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
08.08.2019 21:51:29 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
08.08.2019 21:51:30 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
08.08.2019 21:52:07 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
08.08.2019 21:52:08 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 21:52:08 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
08.08.2019 21:52:33 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 21:52:33 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
08.08.2019 21:52:33 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
08.08.2019 21:52:33 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
08.08.2019 21:52:33 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
08.08.2019 21:52:33 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 21:52:33 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
08.08.2019 21:52:33 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
08.08.2019 21:52:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
08.08.2019 21:52:33 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
08.08.2019 21:52:34 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 21:52:34 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
08.08.2019 21:52:34 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 21:52:34 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
08.08.2019 21:52:34 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
08.08.2019 21:53:34 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
08.08.2019 21:53:34 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
08.08.2019 21:53:34 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
08.08.2019 21:53:43 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
08.08.2019 21:53:43 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
08.08.2019 21:53:43 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
08.08.2019 21:53:43 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
08.08.2019 21:53:43 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
08.08.2019 21:53:43 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
08.08.2019 21:53:43 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
08.08.2019 21:53:43 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
08.08.2019 21:53:43 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
08.08.2019 21:53:43 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
08.08.2019 21:53:43 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
08.08.2019 21:53:43 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
08.08.2019 21:53:46 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
08.08.2019 21:53:46 Proxy
Unknown: ProxyServer =
http=127.0.0.1:65005;https=127.0.0.1:65005;socks=127.0.0.1:65004
08.08.2019 21:53:46 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
08.08.2019 21:53:46 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
08.08.2019 21:53:46 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 08.08.2019 21:53:47
Anti-malware scan started at: 09.08.2019 01:54:14
09.08.2019 01:55:20 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
09.08.2019 01:55:20 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
09.08.2019 01:55:22 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
09.08.2019 01:56:13 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
09.08.2019 01:56:13 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
09.08.2019 01:56:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
09.08.2019 01:56:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
09.08.2019 01:56:13 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
09.08.2019 01:56:14 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
09.08.2019 01:56:14 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\Audacity.lnk = C:\PROGRAM FILES
(X86)\AUDACITY\AUDACITY.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
09.08.2019 01:56:41 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 01:56:41 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
09.08.2019 01:56:41 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
09.08.2019 01:56:41 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
09.08.2019 01:56:41 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
09.08.2019 01:56:41 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
09.08.2019 01:56:41 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
09.08.2019 01:56:41 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
09.08.2019 01:56:41 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
09.08.2019 01:56:41 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
09.08.2019 01:56:41 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 01:56:42 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
09.08.2019 01:56:42 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 01:56:42 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 01:56:42 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 01:57:42 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
09.08.2019 01:57:42 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
09.08.2019 01:57:42 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
09.08.2019 01:57:48 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
09.08.2019 01:57:48 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
09.08.2019 01:57:48 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
09.08.2019 01:57:48 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
09.08.2019 01:57:49 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
09.08.2019 01:57:49 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
09.08.2019 01:57:49 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
09.08.2019 01:57:49 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
09.08.2019 01:57:49 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
09.08.2019 01:57:49 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
09.08.2019 01:57:49 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
09.08.2019 01:57:49 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
09.08.2019 01:57:51 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
09.08.2019 01:57:51 Proxy
Unknown: ProxyServer =
http=127.0.0.1:62501;https=127.0.0.1:62501;socks=127.0.0.1:62500
09.08.2019 01:57:51 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
09.08.2019 01:57:51 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
09.08.2019 01:57:51 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.08.2019 01:57:52
Anti-malware scan started at: 09.08.2019 05:58:10
09.08.2019 05:58:37 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: lsm.exe = C:\PROGRAMDATA\{54477415-5447-5447-
544774154621}\LSM.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: audiodg.exe = C:\PROGRAMDATA\WINDOWSTASK\AUDIODG.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: MicrosoftHost.exe =
C:\PROGRAMDATA\WINDOWSTASK\MICROSOFTHOST.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: ytd.exe = C:\PROGRAM FILES (X86)\GREENTREE APPLICATIONS\YTD
VIDEO DOWNLOADER\YTD.EXE
09.08.2019 05:58:37 Running Processes
Probably Malicious: AppModule.exe = C:\PROGRAMDATA\WINDOWSTASK\APPMODULE.EXE
09.08.2019 05:58:38 Applications
Probably Malicious: {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} = "C:\Program Files
(x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: MSIMG32.DLL =
C:\USERS\HOME\APPDATA\ROAMING\UTORRENT\MSIMG32.DLL
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\ =
C:\Users\Home\AppData\Roaming\WINRAR\PRECOMP\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\INDUS\ = C:\ProgramData\INDUS\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\INSTALL\ = C:\ProgramData\INSTALL\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\RUNDLL\ = C:\ProgramData\RUNDLL\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWSTASK\ = C:\ProgramData\WINDOWSTASK\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\WINDOWS\ = C:\ProgramData\WINDOWS\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\ProgramData\YTD VIDEO DOWNLOADER\ = C:\ProgramData\YTD VIDEO
DOWNLOADER\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: C:\PROGRAM FILES (X86)\\GREENTREE APPLICATIONS\ = C:\PROGRAM
FILES (X86)\\GREENTREE APPLICATIONS\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: WINSPOOL.DRV = C:\PROGRAM FILES (X86)\\UNHACKME\WINSPOOL.DRV
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: NETFILTER2.SYS = C:\WINDOWS\SYSNATIVE\DRIVERS\NETFILTER2.SYS
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: GreenTree Applications = C:\PROGRAM FILES (X86)\GREENTREE
APPLICATIONS\
09.08.2019 05:59:22 Unwanted Software Files
Probably Malicious: AdvinstAnalytics =
C:\USERS\HOME\APPDATA\LOCAL\ADVINSTANALYTICS\
09.08.2019 05:59:22 Multi AV Detected Files
Suspicious: WINDOWSEXPLORERS.EXE =
C:\USERS\HOME\APPDATA\ROAMING\MYFOLDER\WINDOWSEXPLORERS.EXE
09.08.2019 05:59:22 Multi AV Detected Files
Suspicious: UNIVERSAL SOFT NOVA.EXE = C:\USERS\HOME\DOWNLOADS\UNIVERSAL SOFT NOVA
V3.2.3\UNIVERSAL SOFT NOVA.EXE
09.08.2019 05:59:22 Multi AV Detected Files
Suspicious: PRECOMP.EXE = C:\USERS\HOME\APPDATA\ROAMING\WINRAR\PRECOMP\PRECOMP.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{97941568-9794-9794-979415684528}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{15206572-1520-1520-152065727996}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{13579330-1357-1357-135793302600}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{69344854-6934-6934-693448541218}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{73370678-7337-7337-733706788782}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{52958163-5295-5295-529581633500}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{20442813-2044-2044-204428135033}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: LSM.EXE = C:\PROGRAMDATA\{48715818-4871-4871-487158186402}\LSM.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: KMS-R@1NHOOK.EXE = C:\WINDOWS\KMS-R@1NHOOK.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: KMS-R@1N.EXE = C:\WINDOWS\KMS-R@1N.EXE
09.08.2019 05:59:23 Multi AV Detected Files
Suspicious: DOOBURFLKRPXVZB.EXE =
C:\PROGRAMDATA\DOOBURFLKRPXVZB\DOOBURFLKRPXVZB.EXE
09.08.2019 05:59:55 User Shortcuts
Unknown: C:\Users\Home\Desktop\Internet Download Manager.lnk = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Home\Desktop\Monster Boy and the Cursed Kingdom.lnk = C:\PROGRAM
FILES (X86)\MONSTER BOY AND THE CURSED KINGDOM\X64\LAUNCHER64.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\Audacity.lnk = C:\PROGRAM FILES
(X86)\AUDACITY\AUDACITY.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\FSS Google Books Downloader.lnk = C:\PROGRAM FILES
(X86)\FREESMARTSOFT\FSSGOOGLEBOOKSDOWNLOADER\FSSGOOGLEBOOKSDOWNLOADER.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\IObit Uninstaller.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\MPC-HC.lnk = C:\PROGRAM FILES (X86)\MPC-HC\MPC-
HC.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Public\Desktop\Play F E A R 3.lnk = C:\PROGRAM FILES (X86)\DODI-
REPACKS\F E A R 3\F.E.A.R. 3.EXE
09.08.2019 05:59:56 User Shortcuts
Probably Malicious: C:\Users\Public\Desktop\YTD Video Downloader.lnk = C:\PROGRAM
FILES (X86)\GREENTREE APPLICATIONS\YTD VIDEO DOWNLOADER\YTD.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Uninstall Programs.lnk = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 05:59:56 User Shortcuts
Unknown: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download
Manager\Internet Download Manager.lnk = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD
MANAGER\IDMAN.EXE
09.08.2019 05:59:56 Autorun.inf
Probably Malicious: E:\autorun.inf = E:\autorun.inf
09.08.2019 05:59:56 Registry Run
Unknown: IDMan = C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
09.08.2019 05:59:56 Registry Run
Unknown: ares = "C:\Program Files (x86)\Ares\Ares.exe" -h
09.08.2019 05:59:56 Registry Run(x64)
Unknown: Realtek HD Audio = C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
09.08.2019 05:59:56 Startup Folder
Unknown: btsupdates.lnk =
C:\USERS\HOME\DOWNLOADS\COMPRESSED\BITSLER\BITSLER\BITSLERSCRIPT_2019.EXE
09.08.2019 05:59:56 Startup Folder
Probably Malicious: WindowsUpdate.lnk = C:\Windows\System32\wscript.exe
C:\Users\Home\AppData\Local\Temp\Az3r.vbs
09.08.2019 05:59:56 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Application
Experience\ProgramDataUpdater = %windir%\system32\compattelrunner.exe
09.08.2019 05:59:56 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft\Windows\Wininet\SystemC =
C:\PROGRAMDATA\REALTEKHD\TASKHOSTW.EXE
09.08.2019 05:59:56 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\Microsoft LocalManager[Windows 10
Pro] = C:\PROGRAMDATA\{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 05:59:56 Scheduled Tasks 2
Probably Malicious: C:\WINDOWS\SYSNATIVE\TASKS\System\SystemCheck = "%userprofile
%\AppData\Roaming\Microsoft\Windows\Helper.exe"
09.08.2019 05:59:56 Scheduled Tasks 2
Unknown: C:\WINDOWS\SYSNATIVE\TASKS\Uninstaller_SkipUac_Home = C:\PROGRAM FILES
(X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 05:59:56 Scheduled Tasks 2.0 Cached
Probably Malicious: Microsoft LocalManager[Windows 10 Pro] = C:\PROGRAMDATA\
{54477415-5447-5447-544774154621}\LSM.EXE
09.08.2019 05:59:57 Scheduled Tasks 2.0 Cached
Unknown: Uninstaller_SkipUac_Home = C:\PROGRAM FILES (X86)\IOBIT\IOBIT
UNINSTALLER\IOBITUNINSTALER.EXE
09.08.2019 06:01:13 Auto Services
Probably Malicious: KMS-R@1n = C:\WINDOWS\KMS-R@1N.EXE
09.08.2019 06:01:13 Auto Services
Probably Malicious: RManService = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
09.08.2019 06:01:13 Svchost DLLs
Unknown: TermService = C:\Program Files\RDP WRAPPER\RDPWRAP.DLL
09.08.2019 06:01:22 FireFox Components and Extensions
Unknown: {972ce4c6-7e08-4474-a285-3208198ce6fd} = C:\PROGRAM FILES\MOZILLA
FIREFOX\Browser\Extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
09.08.2019 06:01:22 FireFox Components and Extensions
Unknown: idmmzcc2 = C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
09.08.2019 06:01:22 FireFox Browser Features
Unknown: fxmonitor@mozilla.org = C:\PROGRAM FILES (X86)\MOZILLA
FIREFOX\browser\features\fxmonitor@mozilla.org.xpi
09.08.2019 06:01:22 FireFox Browser Features
Unknown: jaws-esr@mozilla.org = C:\PROGRAM FILES\MOZILLA
FIREFOX\browser\features\jaws-esr@mozilla.org.xpi
09.08.2019 06:01:23 Google Chrome Addons
Unknown: ceipnlhmjohemhfpbjdgeigkababhmjc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ceipnlhmjohemhfpbjdgeigkababhmjc\1.2_0
09.08.2019 06:01:23 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.33.2_0
09.08.2019 06:01:23 Google Chrome Addons
Unknown: fdgfkebogiimcoedlicjlajpkdmockpc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\1.1.6_0
09.08.2019 06:01:23 Google Chrome Addons
Unknown: fhplmmllnpjjlncfjpbbpjadoeijkogc =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc\5.0.24_0
09.08.2019 06:01:23 Google Chrome Addons
Unknown: ifchggdfkdbkpolgmclfhdlodpjciejl =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifchggdfkdbkpolgmclfhdlodpjciejl\0.0.2_0
09.08.2019 06:01:23 Google Chrome Addons
Unknown: jmfikkaogpplgnfjmbjdpalkhclendgd =
C:\Users\Home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd\2.3_0
09.08.2019 06:01:23 Google Chrome Addons
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\PROGRAM FILES
(X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX
09.08.2019 06:01:23 Pre-installed extensions
Probably Malicious: ngpampappnmepgilojfohadhhmbhlaek = C:\Program Files
(x86)\Internet Download Manager\IDMGCExt.crx
09.08.2019 06:01:26 Registry IE Policy
Unknown: \Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize = 1
09.08.2019 06:01:26 Proxy
Unknown: ProxyServer =
http=127.0.0.1:62501;https=127.0.0.1:62501;socks=127.0.0.1:62500
09.08.2019 06:01:26 Chrome Protected Settings
Probably Malicious: homepage = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWselj_KEDrH5om8kDRfJd9AAmBT-
UQ6SOSWAAFajj7oM5e3DFXn-tmeLh5bx1O0u78UxIR6u1ohd-rclqjFKaLZ3RzE7iGW5GDzS4_wbdEw-
bTF_iJTgCUWx5kSncYrMgkgnYKJJrAVy4sseMEhHKPTq14uGLwAdlRceM
09.08.2019 06:01:26 Google Chrome Notifications
Unknown: 0 = https://whatismyip.li:443,*
09.08.2019 06:01:26 Google Chrome Notifications
Probably Malicious: 1 = https://freebitco.in:443,*
Sending Pipe to UnHackMe failure!
Anti-malware scan finished at: 09.08.2019 06:01:27
Anti-malware scan started at: 09.08.2019 10:03:49
09.08.2019 10:04:12 Running Processes
Probably Malicious: rutserv.exe = C:\PROGRAMDATA\WINDOWS\RUTSERV.EXE
09.08.2019 10:04:12 Running Processes
Probably Malicious: rfusclient.exe = C:\PROGRAMDATA\WINDOWS\RFUSCLIENT.EXE
09.08.20