Scribd Logo
Upload

Welcome to Scribd!

  • Fixlog

    Uploaded by

    Dino Septiawan
    63 views11 pages
    mahal datanya

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    mahal datanya

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    63 views11 pages

    Fixlog

    Uploaded by

    Dino Septiawan
    mahal datanya

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017

    Ran by anwar (15-02-2017 09:32:41) Run:2


    Running from C:\Users\anwar\Desktop
    Loaded Profiles: anwar (Available Profiles: anwar)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    createrestorepoint:
    closeprocesses:
    emptytemp:
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\ProgramData\service.exe
    (Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
    () C:\Users\Fenny Amelia\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
    (Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
    () C:\Users\Fenny Amelia\AppData\Local\Temp\00009514\msiql.exe
    () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
    () C:\ProgramData\Ronzap\Ronzap.exe
    () C:\ProgramData\Logic Handler\set.exe
    (AM0NQL) C:\Program Files\K8KR6JNJWD\K8KR6JNJW.exe
    (Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
    () C:\Users\Fenny Amelia\AppData\Local\Temp\04-8a88b-14a-4bdb6-
    afe94321d0fb5\JZMBFRDYYG.exe
    () C:\Program
    Files\df787847d06f3307a60d91241aa3b253\065d8a654b0a354f1a44693d37e42ca3.exe
    (Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
    (2QPY45) C:\Program Files\51SYEN66AI\ZF955QWO4.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    ( ) C:\Users\Fenny
    Amelia\AppData\Local\Temp\HWJ40PXC2\HWJ40PXC2.exe
    () C:\Users\Fenny Amelia\AppData\Local\Temp\is-UKE38.tmp\HWJ40PXC2.tmp
    (2QPY45) C:\Program Files\LGY4FKXJO5\LGY4FKXJO.exe
    () C:\Program Files (x86)\CalendarTool\2.0.0.1000121\CalendarServ.exe
    () C:\Program Files (x86)\CalendarTool\2.0.0.1000121\calendar.exe
    HKLM\...\RunOnce: [OMEWPRODUCT_28AWT] => "C:\Program Files (x86)\DPower\1MQRDT.exe"
    <===== ATTENTION
    HKU\S-1-5-21-1961627895-273941957-1575552219-1000\...\Run: [KQOKX4LNSS] =>
    C:\Program Files\51SYEN66AI\ZF955QWO4.exe [932864 2017-02-07] (2QPY45)
    HKU\S-1-5-21-1961627895-273941957-1575552219-1000\...\Run: [AT6U1WR4P8] =>
    C:\Program Files\2WYWDFIUYW\2WYWDFIUY.exe [932864 2017-02-07] (2QPY45)
    HKU\S-1-5-21-1961627895-273941957-1575552219-1000\...\Run: [J77BD26RL1] =>
    C:\Program Files\LGY4FKXJO5\LGY4FKXJO.exe [932864 2017-02-07] (2QPY45)
    HKLM\...\Providers\lwtfw39y: C:\Program Files (x86)\Phezash Engine\local64spl.dll
    [310784 2017-02-07] ()
    AppInit_DLLs: C:\ProgramData\Ronzap\Rankla.dll => C:\ProgramData\Ronzap\Rankla.dll
    [358912 2017-02-07] ()
    AppInit_DLLs-x32: C:\ProgramData\Ronzap\Stat-Ron.dll => C:\ProgramData\Ronzap\Stat-
    Ron.dll [248320 2017-02-07] ()
    ShellExecuteHooks: No Name - {F12D15C2-EABB-11E6-97A8-64006A5CFC23} -
    C:\Users\Fenny Amelia\AppData\Roaming\Climuwarddredoty\Diztyzokose.dll [147968
    2017-02-07] ()
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}
    => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-02-07] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zaxar Games
    Browser.lnk [2017-02-07] <===== ATTENTION
    ShortcutTarget: Zaxar Games Browser.lnk -> C:\Program Files
    (x86)\Zaxar\ZaxarLoader.exe ()
    Startup: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Startup\monhost.lnk [2017-02-07] <===== ATTENTION
    ShortcutTarget: monhost.lnk -> C:\Users\Fenny
    Amelia\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (Vested Development,
    Inc)
    GroupPolicy: Restriction <======= ATTENTION
    GroupPolicy\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-1961627895-273941957-1575552219-1000] => Proxy is enabled.
    ProxyServer: [S-1-5-21-1961627895-273941957-1575552219-1000] =>
    http=127.0.0.1:8080;https=127.0.0.1:8080
    Winsock: Catalog9 01 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 02 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 03 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 04 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 05 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 06 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 07 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 08 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 09 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 10 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    Winsock: Catalog9 21 C:\Program Files (x86)\Kugshcoijich\Proxy32.dll [604160 2017-
    02-07] ()
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    RemoveProxy:
    CMD: netsh winsock reset
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
    fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did
    %26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
    fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did
    %26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
    HKU\S-1-5-21-1961627895-273941957-1575552219-1000\Software\Microsoft\Internet
    Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F
    %6D/?
    p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWorW5hRebPVSWIIwma_Fjp8blw6BcOc8eABqDpLrJt6cP1
    k1yS_4N_qXgzp9EAHk_46SjGVJwNafS7CGbs464beboloZptRKTYIbvxLl7HdL7dY6rH7MfpnCCWLEaO4Lx
    cwL_blHA7D9L-rn9_CeM8bZWA-2RJevvQWSm2Zl2&q={searchTerms}
    HKU\S-1-5-21-1961627895-273941957-1575552219-1000\Software\Microsoft\Internet
    Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=812273
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
    fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did
    %26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows
    %2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
    fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did
    %26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows
    %2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C
    %70%65%72%62%61%72.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWorW5hRebPVSWIIwma_Fjp8blw6BcOc8eABqDpLrJt6cP1
    k1yS_4N_qXgzp9EAHk_46SjGVJwNafS7CGbs464beboloZptRKTYIbvxLl7HdL7dY6rH7MfpnCCWLEaO4Lx
    cwL_blHA7D9L-rn9_CeM8bZWA-2RJevvQWSm2Zl2&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-
    fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did
    %26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows
    %2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1961627895-273941957-1575552219-1000 -> DefaultScope
    {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?
    q={SearchTerms}&fr=iextn&gp=812274
    SearchScopes: HKU\S-1-5-21-1961627895-273941957-1575552219-1000 -> {0633EE93-D776-
    472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?
    hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_adwrldint_17_06&param1=1&param2=f
    %3D4%26b%3DIE%26cc%3Did%26pa%3Dwincy%26cd
    %3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtByB0AyD0E0AzztC0D0EtN0D0Tzu0StCzzyCyEtN1L2XzutAtFtB
    yCtFyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyC0CzzyC0BtBtGtCyByEzztG0Bzz0DyEtGt
    CyC0DtDtG0F0Ezy0DtC0AyE0EyBtCtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0A0CyByEzztBtAtG0FtAtA
    yEtGyE0FtAyEtG0B0ByD0EtGzz0CtDyByEtB0F0ByBtAyCtB2QtN0A0LzuyE%26cr%3D1234331560%26a
    %3Dwnf_adwrldint_17_06%26os_ver%3D6.1%26os%3DWindows
    %2B7%2BProfessional&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1961627895-273941957-1575552219-1000 -> {FFEBBF0A-C22C-
    4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?
    q={SearchTerms}&fr=iextn&gp=812274
    SearchScopes: HKU\S-1-5-21-1961627895-273941957-1575552219-1000 -> {ielnksrch} URL
    = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWorW5hRebPVSWIIwma_Fjp8blw6BcOc8eABqDpLrJt6cP1
    k1yS_4N_qXgzp9EAHk_46SjGVJwNafS7CGbs464beboloZptRKTYIbvxLl7HdL7dY6rH7MfpnCCWLEaO4Lx
    cwL_blHA7D9L-rn9_CeM8bZWA-2RJevvQWSm2Zl2&q={searchTerms}
    BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Fenny
    Amelia\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-02-07] (Mail.Ru)
    FF ProfilePath: C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\i687nmtl.default\
    Profiles\i687nmtl.default [not found]
    FF NewTab: Mozilla\Firefox\Profiles\i687nmtl.default ->
    C:\ProgramData\Ronzaps\ff.NT
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\i687nmtl.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i687nmtl.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Firefox\Profiles\i687nmtl.default -> hxxp://mail.ru/cnt/10445?
    gp=812273
    FF Keyword.URL: Mozilla\Firefox\Profiles\i687nmtl.default ->
    hxxp://go.mail.ru/distib/ep/?product_id=%7B7E11D862-FB92-4B1A-AD34-
    7EA8E8CAAF62%7D&gp=812274
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\Extensions\homepag
    e@mail.ru [2017-02-07]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\Extensions\search@
    mail.ru [2017-02-07]
    FF Extension: (&Yandex Elements&) - C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\Extensions\yasearc
    h@yandex.ru.xpi [2017-02-07]
    FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\Extensions\
    {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-02-07]
    FF SearchPlugin: C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\searchplugins\find
    it.xml [2017-02-07]
    FF SearchPlugin: C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\searchplugins\lwtf
    w39y.xml [2017-02-07]
    FF SearchPlugin: C:\Users\Fenny
    Amelia\AppData\Roaming\Mozilla\Firefox\Profiles\i687nmtl.default\searchplugins\mail
    ru.xml [2017-02-07]
    CHR HomePage: ChromeDefaultData -> hxxps://%66%65%65%64.%68%65%6C
    %70%65%72%62%61%72.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWorW5hRebPVSWIIwma_Fjp8blw6BcOc8eABqDpLrJt6cP1
    k1yS_4N_qXgzp9EAHk_46SjGVJwNafS7CGADgM5z15e1og_t5_iWDozugDOmhK0sUjmKVC8tSSghx3i4pOk
    _-kgjxAEJABkIlvpDn60RNqlKQBZ5FFB-D0IIksW
    CHR DefaultSearchURL: ChromeDefaultData -> hxxps://%66%65%65%64.%68%65%6C
    %70%65%72%62%61%72.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWorW5hRebPVSWIIwma_Fjp8blw6BcOc8eABqDpLrJt6cP1
    k1yS_4N_qXgzp9EAHk_46SjGVJwNafS7CGMz2L2032KP7H1vojZvVx-
    aMl8iAy8mpZ5THCKr57GDgjT8jT0LbuGaxliF_tgen9E_zRHZm-
    bRRcmff8AFfi8okeO&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> feed.sonic-search.com
    CHR Profile: C:\Users\Fenny Amelia\AppData\Local\Google\Chrome\User
    Data\ChromeDefaultData [2017-02-07] <==== ATTENTION
    R2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2017-02-01] () [File not
    signed]
    R2 df787847d06f3307a60d91241aa3b253; C:\Program
    Files\df787847d06f3307a60d91241aa3b253\065d8a654b0a354f1a44693d37e42ca3.exe
    [39235072 2017-02-06] () [File not signed] <==== ATTENTION
    R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-02-07] () [File
    not signed] <==== ATTENTION
    R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219032
    2017-02-07] ()
    R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [181928
    2017-01-20] ()
    R2 MozillaFirefoxReferenceAssemblies; C:\Program Files (x86)\Reference
    Assemblies\MozillaFirefoxReferenceAssemblies.dll [226304 2017-02-07] () [File not
    signed]
    R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992
    2017-01-19] (Mail.Ru)
    R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2016-12-22] ()
    [File not signed]
    R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [983040 2017-02-07] () [File not
    signed]
    R2 TheCalendarService; C:\Program Files
    (x86)\CalendarTool\2.0.0.1000121\CalendarServ.exe [154224 2017-02-01] ()
    R2 Tusikterkient; C:\Program Files (x86)\Kugshcoijich\wrtLog.dll [149504 2017-02-
    07] () [File not signed]
    R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
    [4167384 2017-01-18] (Mail.Ru)
    R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-
    01-16] (Microsoft Corporation) [File not signed] <==== ATTENTION
    R2 WMPNetworkAcSvc; C:\Users\Fenny
    Amelia\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] ()
    [File not signed] <==== ATTENTION
    R2 XBox; C:\Program Files\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft
    Corporation) <==== ATTENTION
    R1 446e5707fea4108746606e225f83835a;
    C:\Windows\system32\drivers\446e5707fea4108746606e225f83835a.sys [95056 2017-02-06]
    (336SBQ) <==== ATTENTION
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-02-07]
    (WinMount International Inc)
    S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <====
    ATTENTION
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Amigo
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Roaming\Adobe
    RemoveDirectory: C:\ProgramData\9319m25u28q9481
    RemoveDirectory: C:\Program Files (x86)\UCBrowser
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Mail.Ru
    RemoveDirectory: C:\Program Files (x86)\Kugshcoijich
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Roaming\VDI
    RemoveDirectory: C:\Program Files (x86)\Zaxar
    RemoveDirectory: C:\Program Files\¿ìѹ
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Roaming\Climuwarddredoty
    RemoveDirectory: C:\Program Files (x86)\Phezash Engine
    RemoveDirectory: C:\Program Files\2WYWDFIUYW
    RemoveDirectory: C:\Program Files (x86)\DPower
    RemoveDirectory: C:\Program Files (x86)\CalendarTool
    RemoveDirectory: C:\Program Files\LGY4FKXJO5
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Temp\is-UKE38.tmp
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Temp\HWJ40PXC2
    RemoveDirectory: C:\Program Files\51SYEN66AI
    RemoveDirectory: C:\Program Files (x86)\Mail.Ru
    RemoveDirectory: C:\Program Files\df787847d06f3307a60d91241aa3b253
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Temp\04-8a88b-14a-4bdb6-
    afe94321d0fb5
    RemoveDirectory: C:\Program Files (x86)\Mail.Ru
    RemoveDirectory: C:\Program Files\K8KR6JNJWD
    RemoveDirectory: C:\ProgramData\Logic Handler
    RemoveDirectory: C:\ProgramData\Ronzap
    RemoveDirectory: C:\ProgramData\NetworkPacketManitor
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Local\Temp\00009514
    RemoveDirectory: C:\Program Files\XBox
    RemoveDirectory: C:\ProgramData\Microsoft\Network\Dsq
    RemoveDirectory: C:\Users\Fenny Amelia\AppData\Roaming\WMPNetworkAcSvc
    RemoveDirectory: C:\ProgramData\Windows Security
    2017-02-07 13:38 - 2017-02-07 13:39 - 00000000 ____D C:\Program Files\LGY4FKXJO5
    2017-02-07 13:36 - 2017-02-07 13:36 - 00000000 ____D C:\Program Files\2WYWDFIUYW
    2017-02-07 13:33 - 2017-02-07 13:35 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\CalendarTool
    2017-02-07 13:31 - 2017-02-07 13:31 - 00000000 ____D C:\Program Files\51SYEN66AI
    2017-02-07 13:22 - 2017-02-07 13:22 - 00000000 ____H
    C:\Windows\system32\BIT5319.tmp
    2017-02-07 13:22 - 2017-02-07 13:22 - 00000000 ____D C:\Program Files (x86)\baidu
    2017-02-07 13:21 - 2017-02-07 13:21 - 00000000 ____D C:\Program Files
    (x86)\ContentPush
    2017-02-07 13:07 - 2017-02-07 13:08 - 00000000 ____D C:\ProgramData\{4f5-56-80-
    f146a-b37ba-e152-0eed0}
    2017-02-07 13:06 - 2017-02-07 13:06 - 00002025 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Играть в Спарту.lnk
    2017-02-07 13:06 - 2017-02-07 13:06 - 00002025 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Играть в War
    Thunder.lnk
    2017-02-07 13:06 - 2017-02-07 13:06 - 00001246 _____ C:\Users\Fenny
    Amelia\Desktop\Играть в Спарту.lnk
    2017-02-07 13:06 - 2017-02-07 13:06 - 00001246 _____ C:\Users\Fenny
    Amelia\Desktop\Играть в War Thunder.lnk
    2017-02-07 13:07 - 2017-02-07 13:07 - 00001154 _____ C:\Users\Fenny
    Amelia\Desktop\ScreenShared.lnk
    2017-02-07 13:07 - 2017-02-07 13:07 - 00000000 ____D C:\Program Files
    (x86)\ScreenShared
    2017-02-07 13:06 - 2017-02-07 13:06 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\VDI
    2017-02-07 13:06 - 2017-02-07 13:06 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\MyDesktop
    2017-02-07 13:04 - 2017-02-07 13:22 - 00000000 ____D C:\Program Files (x86)\Zaxar
    2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\Amigo
    2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\LocalLow\Unity
    2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Local\Unity
    2017-02-07 12:59 - 2017-02-07 12:59 - 00000000 ____D C:\Program Files\KF931HQFNR
    2017-02-07 12:58 - 2017-02-07 12:58 - 00000000 ____D
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
    2017-02-07 12:57 - 2017-02-07 12:58 - 00000000 ____D C:\Program
    Files\df787847d06f3307a60d91241aa3b253
    2017-02-07 12:57 - 2017-02-07 12:57 - 00000000 ____D
    C:\Users\Public\Documents\Tools
    2017-02-07 12:57 - 2017-02-07 12:57 - 00000000 ____D
    C:\Users\Public\Documents\Baidu
    2017-02-07 12:56 - 2017-02-07 12:56 - 00000000 ____D C:\Users\Public\Documents\Guid
    2017-02-07 12:56 - 2017-02-07 12:56 - 00000000 ____D C:\Program Files
    (x86)\vlncminerwe
    2017-02-07 12:55 - 2017-02-07 12:55 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\Mailru
    2017-02-07 12:54 - 2017-02-07 13:04 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Local\Mail.Ru
    2017-02-07 12:54 - 2017-02-07 12:59 - 00000000 ____D C:\Program Files (x86)\Mail.Ru
    2017-02-07 12:54 - 2017-02-07 12:55 - 00000000 ____D C:\Program Files\K8KR6JNJWD
    2017-02-07 12:54 - 2017-02-07 12:54 - 00000198 _____ C:\Users\Fenny
    Amelia\Desktop\Искать в Интернете.url
    2017-02-07 12:54 - 2017-02-07 12:54 - 00000000 ____D C:\ProgramData\Mail.Ru
    2017-02-07 12:53 - 2017-02-07 13:33 - 00000000 ____D C:\Program Files (x86)\DPower
    2017-02-07 12:53 - 2017-02-07 12:53 - 00000000 ____D C:\Program Files\4GEY15D1S3
    2017-02-07 12:52 - 2017-02-07 12:53 - 00000000 ____D C:\Program Files\25GX9QGBJ2
    2017-02-07 12:51 - 2017-02-07 12:52 - 00002395 _____ C:\Windows\SysWOW64\findit.xml
    2017-02-07 12:51 - 2017-02-07 12:52 - 00000000 ____D C:\ProgramData\Ronzap
    2017-02-07 12:51 - 2017-02-07 12:51 - 07316480 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\agent.dat
    2017-02-07 12:51 - 2017-02-07 12:51 - 01938533 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Movetop.bin
    2017-02-07 12:51 - 2017-02-07 12:51 - 01907492 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Zottouch.tst
    2017-02-07 12:51 - 2017-02-07 12:51 - 00278518 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Domwarm.bin
    2017-02-07 12:51 - 2017-02-07 12:51 - 00136827 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Hotdox.bin
    2017-02-07 12:51 - 2017-02-07 12:51 - 00126464 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\noah.dat
    2017-02-07 12:51 - 2017-02-07 12:51 - 00070704 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Config.xml
    2017-02-07 12:51 - 2017-02-07 12:51 - 00018432 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Main.dat
    2017-02-07 12:51 - 2017-02-07 12:51 - 00005568 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\md.xml
    2017-02-07 12:51 - 2017-02-07 12:51 - 00000000 ____D C:\ProgramData\Ronzaps
    2017-02-07 12:51 - 2017-02-07 12:51 - 00000000 ____D
    C:\ProgramData\NetworkPacketManitor
    2017-02-07 12:51 - 2017-02-07 12:51 - 00000000 ____D C:\ProgramData\Logic Handler
    2017-02-07 12:51 - 2017-02-07 12:50 - 00983040 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Zottouch.exe
    2017-02-07 12:50 - 2017-02-07 12:50 - 00140288 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\Installer.dat
    2017-02-07 12:50 - 2017-02-07 12:50 - 00019056 _____ C:\Users\Fenny
    Amelia\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 12:21 - 2015-09-16 17:35 - 00929872 _____ (Google Inc.)
    C:\ChromeSetup.exe
    2017-02-07 12:13 - 2017-02-07 12:13 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\25ea3716e564312496f14c985b742394
    2017-02-07 12:12 - 2017-02-07 13:20 - 00000000 ____D C:\ProgramData\{B6367355-3C74-
    F993-BAB2-67D120F0EC1F}
    2017-02-07 12:12 - 2017-02-07 12:55 - 00000344 __RSH C:\ProgramData\ntuser.pol
    2017-02-07 12:12 - 2017-02-07 12:13 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Local\{DF74E928-FBDC-8590-9644-A078B22C5CE0}
    2017-02-07 12:12 - 2017-02-07 12:12 - 00001481 _____
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    2017-02-07 11:51 - 2017-02-07 11:51 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Local\UCBrowser
    2017-02-07 11:50 - 2017-02-07 11:52 - 00000000 ____D C:\ProgramData\ProductData
    2017-02-07 11:50 - 2017-02-07 11:50 - 00000000 ____D C:\Windows\IObit
    2017-02-07 11:49 - 2017-02-07 13:23 - 00000000 ____D C:\Windows\system32\SSL
    2017-02-07 11:49 - 2017-02-07 11:56 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\KuaiZip
    2017-02-07 11:49 - 2017-02-07 11:50 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\LocalLow\IObit
    2017-02-07 11:49 - 2017-02-07 11:49 - 01620992 _____ C:\ProgramData\service.exe
    2017-02-07 11:49 - 2017-02-07 11:49 - 00092832 _____ (WinMount International Inc)
    C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-02-07 11:49 - 2017-02-07 11:49 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\Softlink
    2017-02-07 11:49 - 2017-02-07 11:49 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\IObit
    2017-02-07 11:49 - 2017-02-07 11:49 - 00000000 ____D C:\ProgramData\IObit
    2017-02-07 11:49 - 2017-02-07 11:49 - 00000000 ____D C:\Program Files\¿ìѹ
    2017-02-07 11:48 - 2017-02-07 12:05 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\WMPNetworkAcSvc
    2017-02-07 11:48 - 2017-02-07 12:00 - 00000034 _____ C:\Users\Public\Documents\
    {DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\Users\Public\Thunder
    Network
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\ProgramData\Windows
    Security
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\ProgramData\Thunder Network
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\ProgramData\Avira
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\ProgramData\Avg
    2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\Program Files\XBox
    2017-02-07 11:47 - 2017-02-07 13:55 - 00016710 _____
    C:\Windows\System32\Tasks\9319m25u28q9481
    2017-02-07 11:47 - 2017-02-07 12:59 - 00000000 ____D C:\Program Files
    (x86)\Kugshcoijich
    2017-02-07 11:47 - 2017-02-07 12:58 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Local\Tepidom
    2017-02-07 11:47 - 2017-02-07 12:57 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\Climuwarddredoty
    2017-02-07 11:47 - 2017-02-07 11:47 - 00000000 ___HD C:\ProgramData\9319m25u28q9481
    2017-02-07 11:47 - 2017-02-07 11:47 - 00000000 ____D C:\Program Files (x86)\Phezash
    Engine
    2017-02-07 11:42 - 2017-02-07 12:00 - 00000000 __SHD C:\Users\Fenny
    Amelia\IntelGraphicsProfiles
    2017-02-07 11:42 - 2017-02-07 11:42 - 00000118 _____ C:\Windows\system32\{A6D608F0-
    0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-02-07 11:42 - 2017-02-07 11:42 - 00000000 ____D C:\Users\Fenny
    Amelia\AppData\Roaming\DRPNPS
    2017-02-07 11:39 - 2017-02-07 11:39 - 00000401 _____ C:\Windows\system32\{F33C3B9B-
    72AF-418A-B3FD-560646F7CDA2}.bat
    2017-02-07 11:28 - 2017-02-07 11:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl
    2017-02-07 10:38 - 2015-08-24 22:23 - 01941744 _____ C:\winrar-x64-521.exe
    2017-02-06 22:50 - 2017-02-06 22:50 - 02981559 _____
    C:\Windows\7ebe66cef91a5cf27280deab00ebad5a.exe
    2017-02-07 12:51 - 2017-02-07 12:51 - 7316480 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\agent.dat
    2017-02-07 13:22 - 2017-02-07 13:22 - 0023622 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\aliexpress.ico
    2017-02-07 13:22 - 2017-02-07 13:22 - 0099678 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\booking.ico
    2017-02-07 12:51 - 2017-02-07 12:51 - 0070704 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Config.xml
    2017-02-07 12:51 - 2017-02-07 12:51 - 0278518 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Domwarm.bin
    2017-02-07 12:51 - 2017-02-07 12:51 - 0136827 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Hotdox.bin
    2017-02-07 12:50 - 2017-02-07 12:50 - 0019056 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\InstallationConfiguration.xml
    2017-02-07 12:50 - 2017-02-07 12:50 - 0140288 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Installer.dat
    2017-02-07 12:51 - 2017-02-07 12:51 - 0018432 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Main.dat
    2017-02-07 12:51 - 2017-02-07 12:51 - 0005568 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\md.xml
    2017-02-07 12:51 - 2017-02-07 12:51 - 1938533 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Movetop.bin
    2017-02-07 12:51 - 2017-02-07 12:51 - 0126464 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\noah.dat
    2017-02-07 12:52 - 2017-02-07 12:52 - 0001150 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\uninstall_temp.ico
    2017-02-07 12:51 - 2017-02-07 12:50 - 0983040 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Zottouch.exe
    2017-02-07 12:51 - 2017-02-07 12:51 - 1907492 _____ () C:\Users\Fenny
    Amelia\AppData\Roaming\Zottouch.tst
    2017-02-07 11:28 - 2017-02-07 11:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-02-07 10:06 - 2017-02-07 10:06 - 0000027 _____ ()
    C:\ProgramData\serverclasscache.ini
    2017-02-07 11:49 - 2017-02-07 11:49 - 1620992 _____ () C:\ProgramData\service.exe
    Task: {8D32B6AC-41CB-4223-AFFF-1357119A6B5F} - System32\Tasks\9319m25u28q9481 =>
    Rundll32.exe "C:\ProgramData\9319m25u28q9481\9319m25u28q9481.dll",muqsjyd <====
    ATTENTION
    Task: {D4D0880F-493E-42C5-AF55-A0A7526A1DE7} -
    System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Fenny
    Amelia\AppData\Roaming\Adobe\Manager.exe [2017-02-07] ()
    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
    Shortcut: C:\Users\Fenny Amelia\Desktop\Играть в War Thunder.lnk -> C:\Users\Fenny
    Amelia\AppData\Roaming\MyDesktop\dlicons\90A4C1A3C0408E10E6A27BC64CAF3DB4.ico ()
    <===== Cyrillic
    Shortcut: C:\Users\Fenny Amelia\Desktop\Играть в Спарту.lnk -> C:\Users\Fenny
    Amelia\AppData\Roaming\MyDesktop\dlicons\8AD6647E15E6B0A28B89EE639F400CF6.ico ()
    <===== Cyrillic
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Играть
    в War Thunder.lnk
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\!Играть
    в Спарту.lnk
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet
    Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet
    Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files
    (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files
    (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick
    Launch\Mail.Ru.lnk
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
    Pinned\TaskBar\!Играть в War Thunder (2).lnk
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
    Pinned\TaskBar\!Играть в War Thunder.lnk
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
    Pinned\TaskBar\!Играть в Спарту (2).lnk
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
    Pinned\TaskBar\!Играть в Спарту.lnk
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files
    (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files
    (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
    Pinned\TaskBar\Mail.Ru.lnk
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\User Pinned\StartMenu\!Играть в War Thunder.lnk ->
    C:\Users\Fenny Amelia\AppData\Roaming\MyDesktop\linkme.exe (Intel Corporation) ->
    "C:\Users\Fenny Amelia\AppData\Roaming\MyDesktop\linkme.exe"
    /open_hxxp://r.proxyloads.ru/n0?source_id=12782&subid1=lm-pang-1
    ShortcutWithArgument: C:\Users\Fenny Amelia\AppData\Roaming\Microsoft\Internet
    Explorer\Quick Launch\User Pinned\StartMenu\!Играть в Спарту.lnk -> C:\Users\Fenny
    Amelia\AppData\Roaming\MyDesktop\linkme.exe (Intel Corporation) -> "C:\Users\Fenny
    Amelia\AppData\Roaming\MyDesktop\linkme.exe" /open_hxxp://r.proxyloads.ru/n1?
    source_id=12782&subid1=lm-pang-1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google
    Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google
    Inc.) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files
    (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://fanli90.cn/
    FirewallRules: [{813EAE3A-B0B4-45C0-8774-96704ED6565B}] =>
    C:\Windows\system32\rundll32.exe
    FirewallRules: [{10659B24-1052-4D27-B90D-8E91149FC5C2}] =>
    C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
    FirewallRules: [{D6FA4085-C4AD-40C0-AB01-CF867F938ED6}] => C:\Users\Fenny
    Amelia\AppData\Local\Temp\is-0EKF7.tmp\download\MiniThunderPlatform.exe
    FirewallRules: [{0A28C3BE-2B1B-4DC7-AEDE-1382A4EF7B9A}] =>
    C:\Windows\System32\rundll32.exe
    FirewallRules: [{785CC201-9698-4745-9601-6D1A4EDF23D7}] =>
    C:\Windows\System32\rundll32.exe
    FirewallRules: [{BF980BEB-0CD9-4238-A25C-AF53FDFF7085}] => C:\Users\Fenny
    Amelia\AppData\Local\Amigo\Application\amigo.exe
    C:\ProgramData\service.exe
    C:\Program Files (x86)\Reference Assemblies\MozillaFirefoxReferenceAssemblies.dll
    C:\Windows\system32\drivers\446e5707fea4108746606e225f83835a.sys
    C:\Windows\system32\drivers\KuaiZipDrive.sys
    Hosts:
    *****************

    Restore point was successfully created.


    Processes closed successfully.
    C:\Windows\System32\rundll32.exe => No running process found
    C:\ProgramData\service.exe => No running process found
    C:\ProgramData\Windows Security\winsecurity.exe => No running process found
    C:\Users\Fenny Amelia\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe => No
    running process found
    C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe => No running process
    found
    C:\Program Files\XBox\XBLive.exe => No running process found
    C:\Users\Fenny Amelia\AppData\Local\Temp\00009514\msiql.exe => No running process
    found
    C:\ProgramData\NetworkPacketManitor\Nettrans.exe => No running process found
    C:\ProgramData\Ronzap\Ronzap.exe => No running process found
    C:\ProgramData\Logic Handler\set.exe => No running process found
    C:\Program Files\K8KR6JNJWD\K8KR6JNJW.exe => No running process found
    C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe => No running process
    found
    C:\Users\Fenny Amelia\AppData\Local\Temp\04-8a88b-14a-4bdb6-
    afe94321d0fb5\JZMBFRDYYG.exe => No running process found
    C:\Program
    Files\df787847d06f3307a60d91241aa3b253\065d8a654b0a354f1a44693d37e42ca3.exe => No
    running process found
    C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe => No running
    process found
    C:\Program Files\51SYEN66AI\ZF955QWO4.exe => No running process found
    C:\Windows\SysWOW64\dllhost.exe => No running process found
    C:\Users\Fenny Amelia\AppData\Local\Temp\HWJ40PXC2\HWJ40PXC2.exe => No running
    process found
    C:\Users\Fenny Amelia\AppData\Local\Temp\is-UKE38.tmp\HWJ40PXC2.tmp => No running
    process found
    C:\Program Files\LGY4FKXJO5\LGY4FKXJO.exe => No running process found
    C:\Program Files (x86)\CalendarTool\2.0.0.1000121\CalendarServ.exe => No running
    process found
    C:\Program Files (x86)\CalendarTool\2.0.0.1000121\calendar.exe => No running
    process found
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_28AWT => value
    not found.

    You might also like