System Watcher Task started 2016-09-17 21:47:48 System Watcher Task started 2016-09-17 21:32:24 uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:03:16 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:03:07 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:56 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:46 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:35 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:24 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:13 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:02:02 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:01:51 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:01:39 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:01:28 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:01:17 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:01:06 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:56 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:44 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:33 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:23 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:13 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 21:00:02 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:59:53 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:59:41 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:59:27 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:59:13 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:59:00 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:58:46 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:58:26 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:58:12 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:58:00 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:57:48 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:57:30 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:57:13 C:\users\tomek\appdata\Local\temp\ uninst.exe Rollback of application actions: Virus Scan 2016-09-17 20:56:58 C:\users\tomek\appdata\Local\temp\ System Watcher Task started 2016-09-17 20:38:49 updater.exe Rollback of application actions: System Watcher 2016-09-17 20:34:18 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ zlib1.dll File deleted 2016-09-17 20:34:18 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ svchost.exe File deleted 2016-09-17 20:34:18 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ ssleay32.dll File deleted 2016-09-17 20:34:10 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ searchindexer.exe File deleted 2016-09-17 20:34:09 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ pthreadgc2.dll File deleted 2016-09-17 20:34:08 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libwinpthread-1.dll File deleted 2016-09-17 20:34:07 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libusb-1.0.dll File deleted 2016-09-17 20:34:07 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libssh2.dll File deleted 2016-09-17 20:34:07 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ librtmp.dll File deleted 2016-09-17 20:34:06 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libidn-11.dll File deleted 2016-09-17 20:34:06 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libeay32.dll File deleted 2016-09-17 20:34:05 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libcurl.dll File deleted 2016-09-17 20:34:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ libcurl-4.dll File deleted 2016-09-17 20:34:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ jusched.exe File deleted 2016-09-17 20:34:03 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ ssleay32[1].dll File deleted 2016-09-17 20:34:03 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob7yllpx\ pthreadgc2[1].dll File deleted 2016-09-17 20:34:02 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob7yllpx\ libcurl[1].dll File deleted 2016-09-17 20:34:02 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\ob7yllpx\ librtmp[1].dll File deleted 2016-09-17 20:34:01 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\l9bn6eaw\ jusched[1].exe File deleted 2016-09-17 20:34:01 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\l9bn6eaw\ ssl[1].exe File deleted 2016-09-17 20:34:00 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\iyfxq7z6\ searchindexer[1].exe File deleted 2016-09-17 20:33:59 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\iyfxq7z6\ libeay32[1].dll File deleted 2016-09-17 20:33:59 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\iyfxq7z6\ libcurl-4[1].dll File deleted 2016-09-17 20:33:59 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\iyfxq7z6\ zlib1[1].dll File deleted 2016-09-17 20:33:58 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ svchost[1].exe File deleted 2016-09-17 20:33:58 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ libwinpthread-1[1].dll File deleted 2016-09-17 20:33:58 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ libusb-1.0[1].dll File deleted 2016-09-17 20:33:57 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ libssh2[1].dll File deleted 2016-09-17 20:33:57 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ libidn-11[1].dll File deleted 2016-09-17 20:31:28 c:\users\tomek\appdata\local\microsoft\windows\temporary internet files\content.ie5\92t2meat\ svchost.exe Process shut down 2016-09-17 20:31:19 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ updater.exe Deleted: PDM:Trojan.Win32.Generic 2016-09-17 20:31:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ ssl.exe Deleted: PDM:Trojan.Win32.Generic 2016-09-17 20:31:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ updater.exe Terminated: PDM:Trojan.Win32.Generic 2016-09-17 20:31:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ ssl.exe Terminated: PDM:Trojan.Win32.Generic 2016-09-17 20:31:04 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ updater.exe Deleted: PDM:Trojan.Win32.Generic 2016-09-17 20:31:02 C:\Windows\system32\tasks\Microsoft System Certificates\C:\Users\Tomek\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ updater.exe Detected: PDM:Trojan.Win32.Generic 2016-09-17 20:30:33 c:\users\tomek\appdata\roaming\microsoft\systemcertificates\my\updater\ System Watcher Task started 2016-09-17 20:27:55 System Watcher Task started 2016-09-17 20:11:16 System Watcher Task started 2016-09-17 10:29:51