Pěkný večer, počítač začíná být línější, nic vážného. Možná občas flash aplikace v prohlížeči váznou.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Excalibur at 2016-05-11 19:34:41
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 285 GB (30%) free of 954 GB
Total RAM: 3914 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:45, on 11.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Users\Excalibur\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Excalibur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
--
End of file - 8995 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2015-07-28 1255248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"InstallUpdate"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Kaspersky Software Updater Beta.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xtor"=DxtoryCodec.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-11 19:34:42 ----D---- C:\Program Files (x86)\trend micro
2016-05-11 19:34:41 ----D---- C:\rsit
2016-05-11 19:08:36 ----D---- C:\ProgramData\Kaspersky Lab
2016-05-11 19:08:36 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04:30 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 17:00:17 ----D---- C:\Flashtool
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.exe
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.dat
2016-05-11 00:19:00 ----D---- C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18:50 ----D---- C:\Program Files (x86)\Kingo ROOT
2016-04-29 00:12:42 ----D---- C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 21:39:54 ----D---- C:\Program Files (x86)\AdwCleaner
======List of files/folders modified in the last 1 month======
2016-05-11 19:34:42 ----RD---- C:\Program Files (x86)
2016-05-11 19:08:58 ----SHD---- C:\Windows\Installer
2016-05-11 19:08:58 ----SHD---- C:\Config.Msi
2016-05-11 19:08:38 ----D---- C:\Windows\Prefetch
2016-05-11 19:08:36 ----HD---- C:\ProgramData
2016-05-11 18:58:18 ----D---- C:\Windows\inf
2016-05-11 18:58:18 ----D---- C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58:18 ----D---- C:\Program Files (x86)\Steam
2016-05-11 18:58:17 ----D---- C:\Windows\Temp
2016-05-11 18:58:17 ----D---- C:\Windows
2016-05-11 18:10:20 ----D---- C:\Windows\System32
2016-05-11 01:42:46 ----D---- C:\Windows\Tasks
2016-05-11 00:22:15 ----SHD---- C:\System Volume Information
2016-05-10 09:39:50 ----D---- C:\Program Files (x86)\Minecraft
2016-05-09 13:11:31 ----D---- C:\ProgramData\Spyware Terminator
2016-05-09 13:09:48 ----D---- C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-08 14:58:24 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-06 21:36:52 ----D---- C:\Windows\SysWOW64
2016-05-06 21:36:47 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-05 15:05:59 ----D---- C:\Program Files (x86)\Opera
2016-04-27 21:43:11 ----D---- C:\Windows\SysWOW64\drivers
2016-04-27 21:43:07 ----D---- C:\AdwCleaner
2016-04-23 19:03:40 ----SD---- C:\Users\Excalibur\AppData\Roaming\Microsoft
2016-04-22 13:49:32 ----RSD---- C:\Windows\Fonts
2016-04-16 20:19:47 ----D---- C:\Users\Excalibur\AppData\Roaming\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys []
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys []
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-12-07 75048]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-12-23 78088]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys []
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys []
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys []
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys []
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 kss;Kaspersky Security Scan Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-06 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
S4 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2014-12-22 363208]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-07 477960]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-19 276248]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-08 2078216]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S4 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2015-12-10 3267408]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
S4 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-02-09 792016]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivka
Zdravim 
Odinstalujte Terminatora.
Mate 64bit system, tak dejte log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exe
Odinstalujte Terminatora. Mate 64bit system, tak dejte log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
jeje, chybička se vloudila.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Excalibur at 2016-05-11 21:18:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 284 GB (30%) free of 954 GB
Total RAM: 3914 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:48, on 11.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\trend micro\Excalibur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
--
End of file - 8629 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 26371088
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {40C66D91-B774-4FBF-8AE0-B88334E26EDF}
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" -r
taskeng.exe {BB21D465-E114-4A26-89A1-25C941185AFF}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe"
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe" -hide
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=3540
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=gpu-process --channel="3540.0.1321417137\308105240" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,11,15,20,30,59,78 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --ignored=" --type=renderer "
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.2.1095747146\1703169591"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.3.1848997392\537135103"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.4.1148783153\1663239574"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.5.1670891471\1586344507"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.6.1687793788\2129116471"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.7.1143555667\1301766146"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.8.1135208423\324576698"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.10.1715124160\580163379"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" --type=gpu-process --channel="2228.0.618067437\867911036" --no-sandbox --lang=en-US --log-severity=disable --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,21,44 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Users\EXCALI~1\AppData\Local\Temp\scoped_dir3540_14007\RSITx64 (1).exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-04 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-04 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-19 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-19 440600]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-07-27 12937872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 144200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2015-09-23 457088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager]
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2015-08-06 2162152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Excalibur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\EXCALI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-04-14 43376600]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"InstallUpdate"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Kaspersky Software Updater Beta.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-14 430080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xtor"=DxtoryCodec64.dll
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-11 19:34:42 ----D---- C:\Program Files (x86)\trend micro
2016-05-11 19:34:41 ----D---- C:\rsit
2016-05-11 19:08:36 ----D---- C:\ProgramData\Kaspersky Lab
2016-05-11 19:08:36 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04:30 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 17:00:17 ----D---- C:\Flashtool
2016-05-11 00:20:18 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.exe
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.dat
2016-05-11 00:19:00 ----D---- C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18:50 ----D---- C:\Program Files (x86)\Kingo ROOT
2016-04-29 00:12:42 ----D---- C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 21:39:54 ----D---- C:\Program Files (x86)\AdwCleaner
======List of files/folders modified in the last 1 month======
2016-05-11 21:18:46 ----D---- C:\Program Files\trend micro
2016-05-11 21:17:47 ----D---- C:\Windows\Temp
2016-05-11 21:17:30 ----D---- C:\Windows\Prefetch
2016-05-11 21:16:39 ----D---- C:\Windows
2016-05-11 21:16:24 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-05-11 20:50:53 ----HD---- C:\ProgramData
2016-05-11 19:34:42 ----RD---- C:\Program Files (x86)
2016-05-11 19:08:58 ----SHD---- C:\Windows\Installer
2016-05-11 19:08:58 ----SHD---- C:\Config.Msi
2016-05-11 18:58:18 ----D---- C:\Windows\inf
2016-05-11 18:58:18 ----D---- C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58:18 ----D---- C:\Program Files (x86)\Steam
2016-05-11 18:10:20 ----D---- C:\Windows\System32
2016-05-11 18:10:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-11 17:18:00 ----D---- C:\Windows\system32\config
2016-05-11 01:42:46 ----D---- C:\Windows\Tasks
2016-05-11 00:28:31 ----D---- C:\Windows\system32\drivers
2016-05-11 00:22:40 ----D---- C:\Windows\system32\catroot
2016-05-11 00:22:31 ----D---- C:\Windows\system32\DriverStore
2016-05-11 00:22:15 ----SHD---- C:\System Volume Information
2016-05-10 09:39:50 ----D---- C:\Program Files (x86)\Minecraft
2016-05-09 13:09:48 ----D---- C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-08 14:58:24 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-06 21:36:52 ----D---- C:\Windows\SysWOW64
2016-05-06 21:36:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-05-06 12:29:31 ----D---- C:\Windows\system32\Tasks
2016-05-05 15:05:59 ----D---- C:\Program Files (x86)\Opera
2016-04-27 21:43:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-27 21:43:07 ----D---- C:\AdwCleaner
2016-04-23 19:03:40 ----SD---- C:\Users\Excalibur\AppData\Roaming\Microsoft
2016-04-23 00:00:17 ----D---- C:\Windows\system32\catroot2
2016-04-22 13:49:32 ----RSD---- C:\Windows\Fonts
2016-04-16 20:19:47 ----D---- C:\Users\Excalibur\AppData\Roaming\Skype
2016-04-16 18:04:14 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-06-21 30496]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-02-25 132120]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-02-25 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-24 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-02-25 128536]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-02-25 44088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-02-15 3538432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-04 91648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-14 14692224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-07-31 4102928]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-12-07 75048]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-12-23 78088]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 14976]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2015-07-07 16088]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2015-07-07 30424]
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [2013-10-23 121728]
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [2013-11-01 376448]
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 kss;Kaspersky Security Scan Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-06 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-12 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
S4 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2014-12-22 363208]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-07 477960]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-19 276248]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-08 2078216]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
S4 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-02-09 792016]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Excalibur at 2016-05-11 21:18:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 284 GB (30%) free of 954 GB
Total RAM: 3914 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:48, on 11.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\trend micro\Excalibur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
--
End of file - 8629 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 26371088
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {40C66D91-B774-4FBF-8AE0-B88334E26EDF}
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" -r
taskeng.exe {BB21D465-E114-4A26-89A1-25C941185AFF}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe"
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe" -hide
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=3540
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=gpu-process --channel="3540.0.1321417137\308105240" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,11,15,20,30,59,78 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --ignored=" --type=renderer "
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.2.1095747146\1703169591"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.3.1848997392\537135103"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.4.1148783153\1663239574"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.5.1670891471\1586344507"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.6.1687793788\2129116471"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.7.1143555667\1301766146"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.8.1135208423\324576698"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.10.1715124160\580163379"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" --type=gpu-process --channel="2228.0.618067437\867911036" --no-sandbox --lang=en-US --log-severity=disable --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,21,44 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Users\EXCALI~1\AppData\Local\Temp\scoped_dir3540_14007\RSITx64 (1).exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-04 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-04 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-19 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-19 440600]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-07-27 12937872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 144200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2015-09-23 457088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager]
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2015-08-06 2162152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Excalibur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\EXCALI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-04-14 43376600]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"InstallUpdate"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Kaspersky Software Updater Beta.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-14 430080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xtor"=DxtoryCodec64.dll
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-11 19:34:42 ----D---- C:\Program Files (x86)\trend micro
2016-05-11 19:34:41 ----D---- C:\rsit
2016-05-11 19:08:36 ----D---- C:\ProgramData\Kaspersky Lab
2016-05-11 19:08:36 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04:30 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 17:00:17 ----D---- C:\Flashtool
2016-05-11 00:20:18 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.exe
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.dat
2016-05-11 00:19:00 ----D---- C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18:50 ----D---- C:\Program Files (x86)\Kingo ROOT
2016-04-29 00:12:42 ----D---- C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 21:39:54 ----D---- C:\Program Files (x86)\AdwCleaner
======List of files/folders modified in the last 1 month======
2016-05-11 21:18:46 ----D---- C:\Program Files\trend micro
2016-05-11 21:17:47 ----D---- C:\Windows\Temp
2016-05-11 21:17:30 ----D---- C:\Windows\Prefetch
2016-05-11 21:16:39 ----D---- C:\Windows
2016-05-11 21:16:24 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-05-11 20:50:53 ----HD---- C:\ProgramData
2016-05-11 19:34:42 ----RD---- C:\Program Files (x86)
2016-05-11 19:08:58 ----SHD---- C:\Windows\Installer
2016-05-11 19:08:58 ----SHD---- C:\Config.Msi
2016-05-11 18:58:18 ----D---- C:\Windows\inf
2016-05-11 18:58:18 ----D---- C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58:18 ----D---- C:\Program Files (x86)\Steam
2016-05-11 18:10:20 ----D---- C:\Windows\System32
2016-05-11 18:10:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-11 17:18:00 ----D---- C:\Windows\system32\config
2016-05-11 01:42:46 ----D---- C:\Windows\Tasks
2016-05-11 00:28:31 ----D---- C:\Windows\system32\drivers
2016-05-11 00:22:40 ----D---- C:\Windows\system32\catroot
2016-05-11 00:22:31 ----D---- C:\Windows\system32\DriverStore
2016-05-11 00:22:15 ----SHD---- C:\System Volume Information
2016-05-10 09:39:50 ----D---- C:\Program Files (x86)\Minecraft
2016-05-09 13:09:48 ----D---- C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-08 14:58:24 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-06 21:36:52 ----D---- C:\Windows\SysWOW64
2016-05-06 21:36:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-05-06 12:29:31 ----D---- C:\Windows\system32\Tasks
2016-05-05 15:05:59 ----D---- C:\Program Files (x86)\Opera
2016-04-27 21:43:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-27 21:43:07 ----D---- C:\AdwCleaner
2016-04-23 19:03:40 ----SD---- C:\Users\Excalibur\AppData\Roaming\Microsoft
2016-04-23 00:00:17 ----D---- C:\Windows\system32\catroot2
2016-04-22 13:49:32 ----RSD---- C:\Windows\Fonts
2016-04-16 20:19:47 ----D---- C:\Users\Excalibur\AppData\Roaming\Skype
2016-04-16 18:04:14 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-06-21 30496]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-02-25 132120]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-02-25 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-24 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-02-25 128536]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-02-25 44088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-02-15 3538432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-04 91648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-14 14692224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-07-31 4102928]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-12-07 75048]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-12-23 78088]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 14976]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2015-07-07 16088]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2015-07-07 30424]
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [2013-10-23 121728]
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [2013-11-01 376448]
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 kss;Kaspersky Security Scan Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-06 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-12 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
S4 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2014-12-22 363208]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-07 477960]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-19 276248]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-08 2078216]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
S4 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-02-09 792016]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
-----------------EOF-----------------
Re: preventivka
Pouzivate Aviru? Podle logu to vypada, ze uz ne, ale zustaly tam viset jeji zbytky. Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
Aviru nepoužívám.
log crystal dick info:
----------------------------------------------------------------------------
CrystalDiskInfo 6.8.2 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/05/11 21:52:37
-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- WDC WD10JPVX-22JC3T0
- Slimtype DVD A DS8A9SH
-- Disk List ---------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0 : 1000,2 GB [0/0/0, pd1] - wd
----------------------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0
----------------------------------------------------------------------------
Model : WDC WD10JPVX-22JC3T0
Firmware : 01.01A01
Serial Number : WD-WXG1A6372205
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 15183 hod.
Power On Count : 1361 krát
Temperature : 46 C (114 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : ----
Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 189 178 _21 0000000005EC Čas na roztočení ploten
04 _69 _69 __0 000000007BA7 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _80 _80 __0 000000003B4F Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 000000000551 Počet cyklů zapnutí zařízení
BF _45 _45 __0 000000000037 Počet udalostí zaznamenaných otřesovým senzorem
C0 200 200 __0 00000000001A Počet vypnutí disku
C1 171 171 __0 000000015EC4 Počet cyklů načítání/vymazání
C2 101 _66 __0 00000000002E Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4731 4136 3337 3232 3035
020: 0000 4000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 4A50 5658 2D32 324A 4333 5430 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F FF0E 0006 004C 00CC
080: 03FE 0000 746B 7D69 6123 7469 BC49 6123 407F 0061
090: 0061 0060 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE6
110: 5926 B6A4 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A7A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BD B2 EC 05 00 00 00 00 00 04 32 00 45 45 A7
020: 7B 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 50 50 4F 3B 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 51 05 00 00 00 00 00 BF 32
070: 00 2D 2D 37 00 00 00 00 00 00 C0 32 00 C8 C8 1A
080: 00 00 00 00 00 00 C1 32 00 AB AB C4 5E 01 00 00
090: 00 00 C2 22 00 65 42 2E 00 00 00 00 00 00 C4 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C5 32 00 C8 C8 00
0B0: 00 00 00 00 00 00 C6 30 00 64 FD 00 00 00 00 00
0C0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 C8 08
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 40 47 01 7B
170: 03 00 01 00 02 CC 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 C8 C8 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 C8 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BE
log ADW cleaneru:
# AdwCleaner v5.116 - Logfile created 11/05/2016 at 21:46:15
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Excalibur - EXCALIBUR-NTB
# Running from : C:\Users\Excalibur\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\Excalibur\Documents\Add-in Express
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [6849 bytes] - [27/04/2016 21:43:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [885 bytes] - [11/05/2016 21:46:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [13996 bytes] - [05/04/2015 20:50:06]
C:\AdwCleaner\AdwCleaner[R1].txt - [2659 bytes] - [07/04/2015 15:01:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [13523 bytes] - [05/04/2015 20:51:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9633 bytes] - [07/04/2015 18:18:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [1236 bytes] - [11/05/2016 21:44:39]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1324 bytes] ##########
log crystal dick info:
----------------------------------------------------------------------------
CrystalDiskInfo 6.8.2 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/05/11 21:52:37
-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- WDC WD10JPVX-22JC3T0
- Slimtype DVD A DS8A9SH
-- Disk List ---------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0 : 1000,2 GB [0/0/0, pd1] - wd
----------------------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0
----------------------------------------------------------------------------
Model : WDC WD10JPVX-22JC3T0
Firmware : 01.01A01
Serial Number : WD-WXG1A6372205
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 15183 hod.
Power On Count : 1361 krát
Temperature : 46 C (114 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : ----
Drive Letter : C:
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 189 178 _21 0000000005EC Čas na roztočení ploten
04 _69 _69 __0 000000007BA7 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _80 _80 __0 000000003B4F Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 000000000551 Počet cyklů zapnutí zařízení
BF _45 _45 __0 000000000037 Počet udalostí zaznamenaných otřesovým senzorem
C0 200 200 __0 00000000001A Počet vypnutí disku
C1 171 171 __0 000000015EC4 Počet cyklů načítání/vymazání
C2 101 _66 __0 00000000002E Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4731 4136 3337 3232 3035
020: 0000 4000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 4A50 5658 2D32 324A 4333 5430 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F FF0E 0006 004C 00CC
080: 03FE 0000 746B 7D69 6123 7469 BC49 6123 407F 0061
090: 0061 0060 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE6
110: 5926 B6A4 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A7A5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BD B2 EC 05 00 00 00 00 00 04 32 00 45 45 A7
020: 7B 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 50 50 4F 3B 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 51 05 00 00 00 00 00 BF 32
070: 00 2D 2D 37 00 00 00 00 00 00 C0 32 00 C8 C8 1A
080: 00 00 00 00 00 00 C1 32 00 AB AB C4 5E 01 00 00
090: 00 00 C2 22 00 65 42 2E 00 00 00 00 00 00 C4 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C5 32 00 C8 C8 00
0B0: 00 00 00 00 00 00 C6 30 00 64 FD 00 00 00 00 00
0C0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 C8 08
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 40 47 01 7B
170: 03 00 01 00 02 CC 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 C8 C8 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 C8 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BE
log ADW cleaneru:
# AdwCleaner v5.116 - Logfile created 11/05/2016 at 21:46:15
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Excalibur - EXCALIBUR-NTB
# Running from : C:\Users\Excalibur\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\Excalibur\Documents\Add-in Express
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [6849 bytes] - [27/04/2016 21:43:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [885 bytes] - [11/05/2016 21:46:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [13996 bytes] - [05/04/2015 20:50:06]
C:\AdwCleaner\AdwCleaner[R1].txt - [2659 bytes] - [07/04/2015 15:01:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [13523 bytes] - [05/04/2015 20:51:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9633 bytes] - [07/04/2015 18:18:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [1236 bytes] - [11/05/2016 21:44:39]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1324 bytes] ##########
Re: preventivka
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 11.5.2016
Čas skenování: 22:15
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.11.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 327760
Uplynulý čas: 6 min, 52 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}, , [782a6074e1b8a096b0d071fddd25aa56],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv, , [c6dceee65c3d0e280f7e0d622ed5a25e],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv-ie, , [2c7626aecccd9d99c2cbf67917ece21e],
Trojan.Agent.CR, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\godimpbmfohihoaikgfknnnmlncabkkp, , [7032e4f06633f145730ad6e60101dc24],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [aff3696ba6f30135cffb3f44fd06b749],
PUP.Optional.UpdateCheckerApp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [1d851cb8ecadfd3988f3058949ba56aa],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv, , [168cdbf9ff9a94a297f073fc768deb15],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv, , [4c56785c712814221770c1ae020114ec],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, , [d8ca805442578fa7f3942c43b1527c84],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 64
Trojan.Agent.CR, C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp, , [b0f2369e7e1bc86e638384fa2fd3da26],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp, , [e1c1c014bddc2e083b39f7a64db58d73],
Soubory: 345
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, , [782a6074e1b8a096b0d071fddd25aa56],
Trojan.Script, C:\Windows\SysWOW64\mskpfrgl.vbe, , [f6ac1bb9425778be8860586ecd35d42c],
Trojan.Script, C:\Windows\SysWOW64\mswbvnb.vbe, , [fea4f7dd87120d29f6f2d2f437cb21df],
Trojan.Agent.Trace, C:\Windows\inf\ntvdm.inf, , [a5fdcc08e0b9d85e20962e6fc53ef709],
Backdoor.Agent, C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll, , [208224b08e0b122408b0ddcf36cd33cd],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\19dcbba35fc70d27e90468afb4bcc6c9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\31108dc4383faae6af9b6add30b7f417, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\c6bbf9efdbd080cc2af0bad89d2aed6b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 11.5.2016
Čas skenování: 22:15
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.11.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 327760
Uplynulý čas: 6 min, 52 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}, , [782a6074e1b8a096b0d071fddd25aa56],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv, , [c6dceee65c3d0e280f7e0d622ed5a25e],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv-ie, , [2c7626aecccd9d99c2cbf67917ece21e],
Trojan.Agent.CR, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\godimpbmfohihoaikgfknnnmlncabkkp, , [7032e4f06633f145730ad6e60101dc24],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [aff3696ba6f30135cffb3f44fd06b749],
PUP.Optional.UpdateCheckerApp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [1d851cb8ecadfd3988f3058949ba56aa],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv, , [168cdbf9ff9a94a297f073fc768deb15],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv, , [4c56785c712814221770c1ae020114ec],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, , [d8ca805442578fa7f3942c43b1527c84],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 64
Trojan.Agent.CR, C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp, , [b0f2369e7e1bc86e638384fa2fd3da26],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp, , [e1c1c014bddc2e083b39f7a64db58d73],
Soubory: 345
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, , [782a6074e1b8a096b0d071fddd25aa56],
Trojan.Script, C:\Windows\SysWOW64\mskpfrgl.vbe, , [f6ac1bb9425778be8860586ecd35d42c],
Trojan.Script, C:\Windows\SysWOW64\mswbvnb.vbe, , [fea4f7dd87120d29f6f2d2f437cb21df],
Trojan.Agent.Trace, C:\Windows\inf\ntvdm.inf, , [a5fdcc08e0b9d85e20962e6fc53ef709],
Backdoor.Agent, C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll, , [208224b08e0b122408b0ddcf36cd33cd],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\19dcbba35fc70d27e90468afb4bcc6c9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\31108dc4383faae6af9b6add30b7f417, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\c6bbf9efdbd080cc2af0bad89d2aed6b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: preventivka
Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Jinak se mi zda divny ten cas, to fakt trvalo jen 6 min, 52 sek???
Jinak se mi zda divny ten cas, to fakt trvalo jen 6 min, 52 sek???
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
No, když vidím jak dlouho to jelo teď, tak se taky divím jak to zvládlo tak rychle.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.5.2016
Čas skenování: 9:38
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.02
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845826
Uplynulý čas: 4 hod, 39 min, 21 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 8
Trojan.SathurBot, C:\Users\Excalibur\Downloads\Heroes of Might and Magic III\Heroes of Might and Magic III.exe, , [ea18795c4a4fa88e2a6169c1b054f010],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\rlls64.dll.vir, , [fd057560564337ff226bf05d19ebb050],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.sys.vir, , [38cae6ef019849ed00f9939159a85aa6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSULauncher.exe.vir, , [c83a05d0e2b794a2d72200089968c937],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSUUCC.exe.vir, , [ea18973e5f3a75c123d61e06cb362ad6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\SpeedCheckerService.exe.vir, , [e41ed0056336d066dc22efd341c050b0],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\rlls.dll.vir, , [7191be17dbbe75c1860763ea63a138c8],
Trojan.BitCoinMiner, C:\Windows\inf\msxfrf\msxfrf.exe, , [62a0f4e1d1c8ed493d2dc8d3cd33c33d],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.5.2016
Čas skenování: 9:38
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.02
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845826
Uplynulý čas: 4 hod, 39 min, 21 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 8
Trojan.SathurBot, C:\Users\Excalibur\Downloads\Heroes of Might and Magic III\Heroes of Might and Magic III.exe, , [ea18795c4a4fa88e2a6169c1b054f010],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\rlls64.dll.vir, , [fd057560564337ff226bf05d19ebb050],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.sys.vir, , [38cae6ef019849ed00f9939159a85aa6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSULauncher.exe.vir, , [c83a05d0e2b794a2d72200089968c937],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSUUCC.exe.vir, , [ea18973e5f3a75c123d61e06cb362ad6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\SpeedCheckerService.exe.vir, , [e41ed0056336d066dc22efd341c050b0],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\rlls.dll.vir, , [7191be17dbbe75c1860763ea63a138c8],
Trojan.BitCoinMiner, C:\Windows\inf\msxfrf\msxfrf.exe, , [62a0f4e1d1c8ed493d2dc8d3cd33c33d],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: preventivka
No, je tam zase novy broucek 
Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.
Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.
Postupujte presne v tomto poradi. 1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.
Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
tak už to vypadá čistě. Bod obnovy vytvořen.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.5.2016
Čas skenování: 21:08
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845696
Uplynulý čas: 6 hod, 33 min, 40 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.5.2016
Čas skenování: 21:08
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845696
Uplynulý čas: 6 hod, 33 min, 40 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: preventivka
MBAM odinstalujte. Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
ComboFix 16-04-29.01 - Excalibur 13.05.2016 11:02:54.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2846 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\server.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 12:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-InstallUpdate - (no file)
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
AddRemove-zonealarm - c:\users\Excalibur\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 14:41:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 12:41
.
Před spuštěním: 290 291 372 032 bytes free
Po spuštění: 288 869 048 320 bytes free
.
- - End Of File - - A05988DD5BAFE9B67CF3566FE5820E6A
0
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2846 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\server.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 12:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-InstallUpdate - (no file)
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
AddRemove-zonealarm - c:\users\Excalibur\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 14:41:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 12:41
.
Před spuštěním: 290 291 372 032 bytes free
Po spuštění: 288 869 048 320 bytes free
.
- - End Of File - - A05988DD5BAFE9B67CF3566FE5820E6A
0
Re: preventivka
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\DRIVERS\avnetflt.sys
c:\windows\system32\DRIVERS\avkmgr.sys
C:\Windows\system32\DRIVERS\avipbb.sys
C:\Windows\system32\DRIVERS\avgntflt.sys
Folder::
c:\program files (x86)\Avira
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Driver::
AntiVirMailService
AntiVirSchedulerService
AntiVirWebService
AntiVirService
SkypeUpdate
avkmgr
avnetflt
avipbb
avgntflt
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Lord Excalibur
- Návštěvník
- Příspěvky: 66
- Registrován: 28 čer 2011 10:43
Re: preventivka
ComboFix 16-04-29.01 - Excalibur 13.05.2016 23:42:34.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2931 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Excalibur\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\avgntflt.sys"
"c:\windows\system32\DRIVERS\avipbb.sys"
"c:\windows\system32\DRIVERS\avkmgr.sys"
"c:\windows\system32\DRIVERS\avnetflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\avgntflt.sys
c:\windows\system32\DRIVERS\avipbb.sys
c:\windows\system32\DRIVERS\avkmgr.sys
c:\windows\system32\DRIVERS\avnetflt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVKMGR
-------\Legacy_AVNETFLT
-------\Service_AntiVirMailService
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_avkmgr
-------\Service_avnetflt
-------\Service_SkypeUpdate
-------\Legacy_avipbb
-------\Service_avipbb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 21:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 84.16.105.193 84.16.96.2
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Atheros\Ath_WlanAgent.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 23:59:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 21:59
ComboFix2.txt 2016-05-13 12:41
.
Před spuštěním: 288 932 171 776 bytes free
Po spuštění: 288 596 901 888 bytes free
.
- - End Of File - - BDE99FEB7B674B0F2A77E85883FE29F8
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2931 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Excalibur\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\avgntflt.sys"
"c:\windows\system32\DRIVERS\avipbb.sys"
"c:\windows\system32\DRIVERS\avkmgr.sys"
"c:\windows\system32\DRIVERS\avnetflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\avgntflt.sys
c:\windows\system32\DRIVERS\avipbb.sys
c:\windows\system32\DRIVERS\avkmgr.sys
c:\windows\system32\DRIVERS\avnetflt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVKMGR
-------\Legacy_AVNETFLT
-------\Service_AntiVirMailService
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_avkmgr
-------\Service_avnetflt
-------\Service_SkypeUpdate
-------\Legacy_avipbb
-------\Service_avipbb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 21:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 84.16.105.193 84.16.96.2
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Atheros\Ath_WlanAgent.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 23:59:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 21:59
ComboFix2.txt 2016-05-13 12:41
.
Před spuštěním: 288 932 171 776 bytes free
Po spuštění: 288 596 901 888 bytes free
.
- - End Of File - - BDE99FEB7B674B0F2A77E85883FE29F8
Přispějete na provoz fóra?