VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

preventivka

https://forum.viry.cz:443/viewtopic.php?t=148930

Stránka 1 z 2

preventivka

Napsal: 11 kvě 2016 18:37
od Lord Excalibur
Pěkný večer, počítač začíná být línější, nic vážného. Možná občas flash aplikace v prohlížeči váznou.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Excalibur at 2016-05-11 19:34:41
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 285 GB (30%) free of 954 GB
Total RAM: 3914 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:45, on 11.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Users\Excalibur\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Excalibur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

--
End of file - 8995 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2015-07-28 1255248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"InstallUpdate"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Kaspersky Software Updater Beta.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xtor"=DxtoryCodec.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-05-11 19:34:42 ----D---- C:\Program Files (x86)\trend micro
2016-05-11 19:34:41 ----D---- C:\rsit
2016-05-11 19:08:36 ----D---- C:\ProgramData\Kaspersky Lab
2016-05-11 19:08:36 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04:30 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 17:00:17 ----D---- C:\Flashtool
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.exe
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.dat
2016-05-11 00:19:00 ----D---- C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18:50 ----D---- C:\Program Files (x86)\Kingo ROOT
2016-04-29 00:12:42 ----D---- C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 21:39:54 ----D---- C:\Program Files (x86)\AdwCleaner

======List of files/folders modified in the last 1 month======

2016-05-11 19:34:42 ----RD---- C:\Program Files (x86)
2016-05-11 19:08:58 ----SHD---- C:\Windows\Installer
2016-05-11 19:08:58 ----SHD---- C:\Config.Msi
2016-05-11 19:08:38 ----D---- C:\Windows\Prefetch
2016-05-11 19:08:36 ----HD---- C:\ProgramData
2016-05-11 18:58:18 ----D---- C:\Windows\inf
2016-05-11 18:58:18 ----D---- C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58:18 ----D---- C:\Program Files (x86)\Steam
2016-05-11 18:58:17 ----D---- C:\Windows\Temp
2016-05-11 18:58:17 ----D---- C:\Windows
2016-05-11 18:10:20 ----D---- C:\Windows\System32
2016-05-11 01:42:46 ----D---- C:\Windows\Tasks
2016-05-11 00:22:15 ----SHD---- C:\System Volume Information
2016-05-10 09:39:50 ----D---- C:\Program Files (x86)\Minecraft
2016-05-09 13:11:31 ----D---- C:\ProgramData\Spyware Terminator
2016-05-09 13:09:48 ----D---- C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-08 14:58:24 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-06 21:36:52 ----D---- C:\Windows\SysWOW64
2016-05-06 21:36:47 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-05 15:05:59 ----D---- C:\Program Files (x86)\Opera
2016-04-27 21:43:11 ----D---- C:\Windows\SysWOW64\drivers
2016-04-27 21:43:07 ----D---- C:\AdwCleaner
2016-04-23 19:03:40 ----SD---- C:\Users\Excalibur\AppData\Roaming\Microsoft
2016-04-22 13:49:32 ----RSD---- C:\Windows\Fonts
2016-04-16 20:19:47 ----D---- C:\Users\Excalibur\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys []
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys []
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-12-07 75048]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-12-23 78088]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys []
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys []
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys []
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys []
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 kss;Kaspersky Security Scan Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-06 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
S4 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2014-12-22 363208]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-07 477960]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-19 276248]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-08 2078216]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S4 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2015-12-10 3267408]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
S4 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-02-09 792016]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

-----------------EOF-----------------

Re: preventivka

Napsal: 11 kvě 2016 19:42
od Márty84
Zdravim :)

:arrow: Odinstalujte Terminatora.

:arrow: Mate 64bit system, tak dejte log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exe

Re: preventivka

Napsal: 11 kvě 2016 20:20
od Lord Excalibur
jeje, chybička se vloudila.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Excalibur at 2016-05-11 21:18:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 284 GB (30%) free of 954 GB
Total RAM: 3914 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:48, on 11.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
C:\Program Files\trend micro\Excalibur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

--
End of file - 8629 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 26371088
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {40C66D91-B774-4FBF-8AE0-B88334E26EDF}
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" -r
taskeng.exe {BB21D465-E114-4A26-89A1-25C941185AFF}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe"
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe" -hide
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\37.0.2178.32\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=3540
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=gpu-process --channel="3540.0.1321417137\308105240" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,11,15,20,30,59,78 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --ignored=" --type=renderer "
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.2.1095747146\1703169591"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.3.1848997392\537135103"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.4.1148783153\1663239574"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.5.1670891471\1586344507"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.6.1687793788\2129116471"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.7.1143555667\1301766146"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.8.1135208423\324576698"
"C:\Program Files (x86)\Opera\37.0.2178.32\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=3132 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --channel="3540.10.1715124160\580163379"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" --type=gpu-process --channel="2228.0.618067437\867911036" --no-sandbox --lang=en-US --log-severity=disable --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,21,44 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2653 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Users\EXCALI~1\AppData\Local\Temp\scoped_dir3540_14007\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job - C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-04 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-04 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-19 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-19 440600]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-07-27 12937872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KSS"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 144200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2015-09-23 457088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager]
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2015-08-06 2162152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Excalibur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\EXCALI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-04-14 43376600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"InstallUpdate"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Kaspersky Software Updater Beta.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-14 430080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xtor"=DxtoryCodec64.dll
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-05-11 19:34:42 ----D---- C:\Program Files (x86)\trend micro
2016-05-11 19:34:41 ----D---- C:\rsit
2016-05-11 19:08:36 ----D---- C:\ProgramData\Kaspersky Lab
2016-05-11 19:08:36 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04:30 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 17:00:17 ----D---- C:\Flashtool
2016-05-11 00:20:18 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.exe
2016-05-11 00:20:17 ----A---- C:\Windows\unins000.dat
2016-05-11 00:19:00 ----D---- C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18:50 ----D---- C:\Program Files (x86)\Kingo ROOT
2016-04-29 00:12:42 ----D---- C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 21:39:54 ----D---- C:\Program Files (x86)\AdwCleaner

======List of files/folders modified in the last 1 month======

2016-05-11 21:18:46 ----D---- C:\Program Files\trend micro
2016-05-11 21:17:47 ----D---- C:\Windows\Temp
2016-05-11 21:17:30 ----D---- C:\Windows\Prefetch
2016-05-11 21:16:39 ----D---- C:\Windows
2016-05-11 21:16:24 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-05-11 20:50:53 ----HD---- C:\ProgramData
2016-05-11 19:34:42 ----RD---- C:\Program Files (x86)
2016-05-11 19:08:58 ----SHD---- C:\Windows\Installer
2016-05-11 19:08:58 ----SHD---- C:\Config.Msi
2016-05-11 18:58:18 ----D---- C:\Windows\inf
2016-05-11 18:58:18 ----D---- C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58:18 ----D---- C:\Program Files (x86)\Steam
2016-05-11 18:10:20 ----D---- C:\Windows\System32
2016-05-11 18:10:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-11 17:18:00 ----D---- C:\Windows\system32\config
2016-05-11 01:42:46 ----D---- C:\Windows\Tasks
2016-05-11 00:28:31 ----D---- C:\Windows\system32\drivers
2016-05-11 00:22:40 ----D---- C:\Windows\system32\catroot
2016-05-11 00:22:31 ----D---- C:\Windows\system32\DriverStore
2016-05-11 00:22:15 ----SHD---- C:\System Volume Information
2016-05-10 09:39:50 ----D---- C:\Program Files (x86)\Minecraft
2016-05-09 13:09:48 ----D---- C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-08 14:58:24 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-06 21:36:52 ----D---- C:\Windows\SysWOW64
2016-05-06 21:36:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-05-06 12:29:31 ----D---- C:\Windows\system32\Tasks
2016-05-05 15:05:59 ----D---- C:\Program Files (x86)\Opera
2016-04-27 21:43:11 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-27 21:43:07 ----D---- C:\AdwCleaner
2016-04-23 19:03:40 ----SD---- C:\Users\Excalibur\AppData\Roaming\Microsoft
2016-04-23 00:00:17 ----D---- C:\Windows\system32\catroot2
2016-04-22 13:49:32 ----RSD---- C:\Windows\Fonts
2016-04-16 20:19:47 ----D---- C:\Users\Excalibur\AppData\Roaming\Skype
2016-04-16 18:04:14 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-06-21 30496]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-02-25 132120]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-02-25 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-24 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-02-25 128536]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-02-25 44088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-02-15 3538432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-04 91648]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-14 14692224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-07-31 4102928]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-12-07 75048]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-12-23 78088]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 14976]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2015-07-07 16088]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2015-07-07 30424]
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [2013-10-23 121728]
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [2013-11-01 376448]
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-03-09 33184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-17 116640]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-17 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 kss;Kaspersky Security Scan Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [2015-12-15 1556448]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-06 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-12 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
S4 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2014-12-22 363208]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-07 477960]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-19 276248]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S4 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-08 2078216]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-08-19 838336]
S4 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-02-09 792016]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

-----------------EOF-----------------

Re: preventivka

Napsal: 11 kvě 2016 20:29
od Márty84
:???: Pouzivate Aviru? Podle logu to vypada, ze uz ne, ale zustaly tam viset jeji zbytky.

:arrow: Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Re: preventivka

Napsal: 11 kvě 2016 20:53
od Lord Excalibur
Aviru nepoužívám.

log crystal dick info:
----------------------------------------------------------------------------
CrystalDiskInfo 6.8.2 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/05/11 21:52:37

-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- WDC WD10JPVX-22JC3T0
- Slimtype DVD A DS8A9SH

-- Disk List ---------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0 : 1000,2 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD10JPVX-22JC3T0
----------------------------------------------------------------------------
Model : WDC WD10JPVX-22JC3T0
Firmware : 01.01A01
Serial Number : WD-WXG1A6372205
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 15183 hod.
Power On Count : 1361 krát
Temperature : 46 C (114 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : ----
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 189 178 _21 0000000005EC Čas na roztočení ploten
04 _69 _69 __0 000000007BA7 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _80 _80 __0 000000003B4F Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 000000000551 Počet cyklů zapnutí zařízení
BF _45 _45 __0 000000000037 Počet udalostí zaznamenaných otřesovým senzorem
C0 200 200 __0 00000000001A Počet vypnutí disku
C1 171 171 __0 000000015EC4 Počet cyklů načítání/vymazání
C2 101 _66 __0 00000000002E Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4731 4136 3337 3232 3035
020: 0000 4000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 4A50 5658 2D32 324A 4333 5430 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F FF0E 0006 004C 00CC
080: 03FE 0000 746B 7D69 6123 7469 BC49 6123 407F 0061
090: 0061 0060 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE6
110: 5926 B6A4 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A7A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BD B2 EC 05 00 00 00 00 00 04 32 00 45 45 A7
020: 7B 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 50 50 4F 3B 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 51 05 00 00 00 00 00 BF 32
070: 00 2D 2D 37 00 00 00 00 00 00 C0 32 00 C8 C8 1A
080: 00 00 00 00 00 00 C1 32 00 AB AB C4 5E 01 00 00
090: 00 00 C2 22 00 65 42 2E 00 00 00 00 00 00 C4 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C5 32 00 C8 C8 00
0B0: 00 00 00 00 00 00 C6 30 00 64 FD 00 00 00 00 00
0C0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 C8 08
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 40 47 01 7B
170: 03 00 01 00 02 CC 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 C8 C8 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 C8 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BE



log ADW cleaneru:
# AdwCleaner v5.116 - Logfile created 11/05/2016 at 21:46:15
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Excalibur - EXCALIBUR-NTB
# Running from : C:\Users\Excalibur\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Excalibur\Documents\Add-in Express

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6849 bytes] - [27/04/2016 21:43:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [885 bytes] - [11/05/2016 21:46:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [13996 bytes] - [05/04/2015 20:50:06]
C:\AdwCleaner\AdwCleaner[R1].txt - [2659 bytes] - [07/04/2015 15:01:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [13523 bytes] - [05/04/2015 20:51:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [9633 bytes] - [07/04/2015 18:18:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [1236 bytes] - [11/05/2016 21:44:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1324 bytes] ##########

Re: preventivka

Napsal: 11 kvě 2016 20:59
od Márty84
:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Re: preventivka

Napsal: 11 kvě 2016 21:24
od Lord Excalibur
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 11.5.2016
Čas skenování: 22:15
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.11.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 327760
Uplynulý čas: 6 min, 52 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}, , [782a6074e1b8a096b0d071fddd25aa56],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv, , [c6dceee65c3d0e280f7e0d622ed5a25e],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv-ie, , [2c7626aecccd9d99c2cbf67917ece21e],
Trojan.Agent.CR, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\godimpbmfohihoaikgfknnnmlncabkkp, , [7032e4f06633f145730ad6e60101dc24],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [aff3696ba6f30135cffb3f44fd06b749],
PUP.Optional.UpdateCheckerApp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [1d851cb8ecadfd3988f3058949ba56aa],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv, , [168cdbf9ff9a94a297f073fc768deb15],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv, , [4c56785c712814221770c1ae020114ec],
PUP.Optional.Cinema, HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, , [d8ca805442578fa7f3942c43b1527c84],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 64
Trojan.Agent.CR, C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp, , [b0f2369e7e1bc86e638384fa2fd3da26],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp, , [e1c1c014bddc2e083b39f7a64db58d73],

Soubory: 345
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, , [782a6074e1b8a096b0d071fddd25aa56],
Trojan.Script, C:\Windows\SysWOW64\mskpfrgl.vbe, , [f6ac1bb9425778be8860586ecd35d42c],
Trojan.Script, C:\Windows\SysWOW64\mswbvnb.vbe, , [fea4f7dd87120d29f6f2d2f437cb21df],
Trojan.Agent.Trace, C:\Windows\inf\ntvdm.inf, , [a5fdcc08e0b9d85e20962e6fc53ef709],
Backdoor.Agent, C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll, , [208224b08e0b122408b0ddcf36cd33cd],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\19dcbba35fc70d27e90468afb4bcc6c9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\31108dc4383faae6af9b6add30b7f417, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\c6bbf9efdbd080cc2af0bad89d2aed6b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\resume\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\04d4ec394b1d3f3333d1ddf2aecc5f2d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0b98bf55fecfe792dce4bc784bec4523, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0d0afc039bf7e9d3671a1e2e9d872f54, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\0ddfc688949c6b52eb3bc694618ac70a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\128a02a58f40b5abf09c02ec10a48a0b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\19b61f81e514e3e23e848b8e49abab36, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\1f71fb47d881dcf2ee0aa9eb3a7cd166, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\20147597b608d6d8dd82ff70a6ce985e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\26d69213798ce578d3292520184f6ffa, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2b5ca86e4044ba3cf1d0fb0feb46420f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\2dab6f356b357afea276f2894d11330d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\311ac831aac650eeb4a7555a288ef79e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38b4824b4bddbfff51a7cb14697a0127, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\38d44a2cad4508315782923af8eb2de2, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9da106550deb464e078e614e7b91b84a, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9e53395a41ec5018bd1b7085ba483847, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a0639f0eb21a00df1cd68355aae1da8b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a439a5f8d10d464ad5a7dfd2bb46b8de, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\a5d3bf68c2416ecdbf7d0944b464b138, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\aa6564daf7c7919a3160c20abc4d2156, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ac96dbce976d109a38a4ec696bc3dc70, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\acbefd6a4ccb230e63fd64f28490ce93, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ad0afe803d4229275e0cc8460e1a8b5d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b164d6a4b40b38d8cb9843d9414af32b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b29779b114eaa1814274b6382e51690d, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b35157ef210387b9b6ff63419375634f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\b682962359aecf925cfdaf5b0d119ab5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c0e79e3931fd58773ed8a2d23efbea26, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\3b0225fd95f82adfc0e1ecc9f8d33454, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\42755b872f24c690893a72cdc9864f00, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\4fff38bf650d287b5450f6fc3fb52248, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\609128b9cc1391f3c1739874ad10f6f9, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\699fd7d2ee8f741b20b7cabf036d6275, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\703b612c03627bd00bbcb8e0cf91618e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\718fec81beb0377bebfb0312bc8736f4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7460323bb3f28ac04ab5f2527bfeedbb, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\c3d0dd44425681509429b6f879bf8b46, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\d725e0ca0d12f006c5053df68071e6fc, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\da6a22758774a9e92d661736164e6cd0, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ddb812e14c4d8727b8bc6463291baa9e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\e8b6d4c08fcdbc887cd9af8ee61de77e, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\eaee2a7c2c90b5ccf68a28853ac20325, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\ebaa384f6354bdd0ca2c7f912526d23b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f2079eb13e4aaba0946d17eb3cc8d285, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\f4c0bad96b931785b04f819394ab95c4, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\fff215dafa371507ac3ca1366208884f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7904a900000287ae45e5bfb51096691f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7db98f7c060762e0f78964ea14542134, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\7e4c3e8f1822644dfa6d4ac5b1528cea, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\83934a770723ecfae689cadc4b50ebc5, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\877d747dd728115b4e364f4e88b369e7, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\8c76c419aedd0617b817d4c322817f43, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\962e4ef7114d2b27bb62cd89aa86098f, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\983d8a47a329ea5832588f4d6cf391fe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9b6f64427bbaa065057543a52fa1e97b, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache\rules\9bdfe7c99a4e55b0a3baeb0b26d91b90, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\04d4ec394b1d3f3333d1ddf2aecc5f2d\Z For Zachariah 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Bridge Of Spies 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0b98bf55fecfe792dce4bc784bec4523\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Straight Outta Compton 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0d0afc039bf7e9d3671a1e2e9d872f54\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Some Kind Of Beautiful 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\0ddfc688949c6b52eb3bc694618ac70a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\A Brilliant Young Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\128a02a58f40b5abf09c02ec10a48a0b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Crimson Peak 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\19b61f81e514e3e23e848b8e49abab36\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\The Transporter Refueled 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\1f71fb47d881dcf2ee0aa9eb3a7cd166\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Time Out Of Mind 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\20147597b608d6d8dd82ff70a6ce985e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Before I Wake 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\26d69213798ce578d3292520184f6ffa\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Kahlil Gibrans The Prophet 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2b5ca86e4044ba3cf1d0fb0feb46420f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Sinister 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\2dab6f356b357afea276f2894d11330d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Call Me Lucky 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\311ac831aac650eeb4a7555a288ef79e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ricki And The Flash 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38b4824b4bddbfff51a7cb14697a0127\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\38d44a2cad4508315782923af8eb2de2\We Are Your Friends 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\No Escape 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9da106550deb464e078e614e7b91b84a\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Steve Jobs Man In The Machine 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9e53395a41ec5018bd1b7085ba483847\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\The Green Inferno 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a0639f0eb21a00df1cd68355aae1da8b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\The Changing Of Ben Moore 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a439a5f8d10d464ad5a7dfd2bb46b8de\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\The Diary Of A Teenage Girl 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\a5d3bf68c2416ecdbf7d0944b464b138\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Fantastic Four 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\aa6564daf7c7919a3160c20abc4d2156\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\The Boy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ac96dbce976d109a38a4ec696bc3dc70\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Hotel Transylvania 2 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\acbefd6a4ccb230e63fd64f28490ce93\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Almost Home 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ad0afe803d4229275e0cc8460e1a8b5d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\American Ultra 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b164d6a4b40b38d8cb9843d9414af32b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Dangerous Company 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b29779b114eaa1814274b6382e51690d\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\The Perfect Guy 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b35157ef210387b9b6ff63419375634f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\b682962359aecf925cfdaf5b0d119ab5\War Room 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\The Visit 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c0e79e3931fd58773ed8a2d23efbea26\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\3b0225fd95f82adfc0e1ecc9f8d33454\Walt Before Mickey 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\God Bless The Child 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\42755b872f24c690893a72cdc9864f00\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Cop Car 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\4fff38bf650d287b5450f6fc3fb52248\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Everest 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\609128b9cc1391f3c1739874ad10f6f9\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\7 Chinese Brothers 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\699fd7d2ee8f741b20b7cabf036d6275\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\My All American 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\703b612c03627bd00bbcb8e0cf91618e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\A Perfect Chord 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\718fec81beb0377bebfb0312bc8736f4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Mistress America 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7460323bb3f28ac04ab5f2527bfeedbb\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Turbo Kid 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\c3d0dd44425681509429b6f879bf8b46\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\The Gift 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\d725e0ca0d12f006c5053df68071e6fc\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\The Green Legend 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\da6a22758774a9e92d661736164e6cd0\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Before We Go 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ddb812e14c4d8727b8bc6463291baa9e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Sleeping With Other People 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\e8b6d4c08fcdbc887cd9af8ee61de77e\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\A Walk In The Woods 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\eaee2a7c2c90b5ccf68a28853ac20325\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\After Words 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\ebaa384f6354bdd0ca2c7f912526d23b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Steve Jobs 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f2079eb13e4aaba0946d17eb3cc8d285\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Dragon Ball Z 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\f4c0bad96b931785b04f819394ab95c4\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\The Man From Uncle 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\fff215dafa371507ac3ca1366208884f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Black Mass 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7904a900000287ae45e5bfb51096691f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Digging For Fire 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7db98f7c060762e0f78964ea14542134\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Hitman Agent 47 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\7e4c3e8f1822644dfa6d4ac5b1528cea\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Max Steel 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\83934a770723ecfae689cadc4b50ebc5\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Two Step 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\877d747dd728115b4e364f4e88b369e7\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Dragon Blade 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\8c76c419aedd0617b817d4c322817f43\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\99 Homes 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\962e4ef7114d2b27bb62cd89aa86098f\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Shes Funny That Way 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\983d8a47a329ea5832588f4d6cf391fe\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9b6f64427bbaa065057543a52fa1e97b\When Animals Dream 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.avi, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Maze Runner The Scorch Trials 2015.nfo, , [e1c1c014bddc2e083b39f7a64db58d73],
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data\9bdfe7c99a4e55b0a3baeb0b26d91b90\Ultra DivX Codec Pack.exe, , [e1c1c014bddc2e083b39f7a64db58d73],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: preventivka

Napsal: 12 kvě 2016 06:34
od Márty84
Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Jinak se mi zda divny ten cas, to fakt trvalo jen 6 min, 52 sek??? :?:

Re: preventivka

Napsal: 12 kvě 2016 13:36
od Lord Excalibur
No, když vidím jak dlouho to jelo teď, tak se taky divím jak to zvládlo tak rychle.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.5.2016
Čas skenování: 9:38
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.02
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845826
Uplynulý čas: 4 hod, 39 min, 21 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 8
Trojan.SathurBot, C:\Users\Excalibur\Downloads\Heroes of Might and Magic III\Heroes of Might and Magic III.exe, , [ea18795c4a4fa88e2a6169c1b054f010],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\rlls64.dll.vir, , [fd057560564337ff226bf05d19ebb050],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.sys.vir, , [38cae6ef019849ed00f9939159a85aa6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSULauncher.exe.vir, , [c83a05d0e2b794a2d72200089968c937],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSUUCC.exe.vir, , [ea18973e5f3a75c123d61e06cb362ad6],
PUP.Optional.PCSpeedUp, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\SpeedCheckerService.exe.vir, , [e41ed0056336d066dc22efd341c050b0],
PUP.Optional.RelevantKnowledge, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\rlls.dll.vir, , [7191be17dbbe75c1860763ea63a138c8],
Trojan.BitCoinMiner, C:\Windows\inf\msxfrf\msxfrf.exe, , [62a0f4e1d1c8ed493d2dc8d3cd33c33d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: preventivka

Napsal: 12 kvě 2016 19:55
od Márty84
No, je tam zase novy broucek :boxed:


:!: Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

Re: preventivka

Napsal: 13 kvě 2016 04:43
od Lord Excalibur
tak už to vypadá čistě. Bod obnovy vytvořen.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.5.2016
Čas skenování: 21:08
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.05.12.06
Databáze rootkitů: v2016.05.06.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Excalibur

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 845696
Uplynulý čas: 6 hod, 33 min, 40 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: preventivka

Napsal: 13 kvě 2016 07:01
od Márty84
:arrow: MBAM odinstalujte.


:!: Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Re: preventivka

Napsal: 13 kvě 2016 13:45
od Lord Excalibur
ComboFix 16-04-29.01 - Excalibur 13.05.2016 11:02:54.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2846 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\server.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-13 09:13 . 2016-05-13 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 12:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-InstallUpdate - (no file)
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
AddRemove-zonealarm - c:\users\Excalibur\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 14:41:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 12:41
.
Před spuštěním: 290 291 372 032 bytes free
Po spuštění: 288 869 048 320 bytes free
.
- - End Of File - - A05988DD5BAFE9B67CF3566FE5820E6A
0

Re: preventivka

Napsal: 13 kvě 2016 20:37
od Márty84
:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\DRIVERS\avnetflt.sys
c:\windows\system32\DRIVERS\avkmgr.sys
C:\Windows\system32\DRIVERS\avipbb.sys
C:\Windows\system32\DRIVERS\avgntflt.sys

Folder::
c:\program files (x86)\Avira

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
AntiVirMailService
AntiVirSchedulerService
AntiVirWebService
AntiVirService
SkypeUpdate
avkmgr
avnetflt
avipbb
avgntflt

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Re: preventivka

Napsal: 13 kvě 2016 23:00
od Lord Excalibur
ComboFix 16-04-29.01 - Excalibur 13.05.2016 23:42:34.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2931 [GMT 2:00]
Spuštěný z: c:\users\Excalibur\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Excalibur\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\avgntflt.sys"
"c:\windows\system32\DRIVERS\avipbb.sys"
"c:\windows\system32\DRIVERS\avkmgr.sys"
"c:\windows\system32\DRIVERS\avnetflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\avgntflt.sys
c:\windows\system32\DRIVERS\avipbb.sys
c:\windows\system32\DRIVERS\avkmgr.sys
c:\windows\system32\DRIVERS\avnetflt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVKMGR
-------\Legacy_AVNETFLT
-------\Service_AntiVirMailService
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_avkmgr
-------\Service_avnetflt
-------\Service_SkypeUpdate
-------\Legacy_avipbb
-------\Service_avipbb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-13 do 2016-05-13 )))))))))))))))))))))))))))))))
.
.
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-05-13 21:54 . 2016-05-13 21:54 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-05-11 20:13 . 2016-05-13 21:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-11 20:13 . 2016-05-11 20:13 -------- d-----w- c:\programdata\Malwarebytes
2016-05-11 20:13 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-11 20:13 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-11 20:13 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-11 19:42 . 2016-05-11 19:42 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- c:\program files (x86)\trend micro
2016-05-11 17:34 . 2016-05-11 17:34 -------- d-----w- C:\rsit
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\programdata\Kaspersky Lab
2016-05-11 17:08 . 2016-05-11 17:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-05-11 17:04 . 2016-05-11 17:21 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.flashTool
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.swt
2016-05-11 15:01 . 2016-05-11 15:01 -------- d-----w- c:\users\Excalibur\.oracle_jre_usage
2016-05-11 15:00 . 2016-05-11 15:03 -------- d-----w- C:\Flashtool
2016-05-10 22:20 . 2011-05-24 08:59 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2016-05-10 22:20 . 2016-05-10 22:20 1174979 ----a-w- c:\windows\unins000.exe
2016-05-10 22:19 . 2016-05-10 22:22 -------- d-----w- c:\users\Excalibur\.android
2016-05-10 22:19 . 2016-05-10 22:19 -------- d-----w- c:\users\Excalibur\AppData\Roaming\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:18 -------- d-----w- c:\users\Excalibur\AppData\Local\Kingosoft
2016-05-10 22:18 . 2016-05-10 22:32 -------- d-----w- c:\program files (x86)\Kingo ROOT
2016-04-28 22:12 . 2016-04-28 22:12 -------- d-----w- c:\users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-27 19:39 . 2016-04-27 19:39 -------- d-----w- c:\program files (x86)\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 19:36 . 2015-11-01 20:59 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-06 19:36 . 2015-11-01 20:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-04 15:16 . 2015-09-04 15:11 20510720 ----a-w- c:\program files (x86)\GUT1BC2.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" [2015-12-15 1556448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [2015-12-14 3529600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 02:38 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-06 10:29]
.
2016-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 19:36]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 10:20]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
2016-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
- c:\users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04 15:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-04-25 20:22 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 184856 ----a-w- c:\users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-19 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-27 12937872]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 84.16.105.193 84.16.96.2
TCP: Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: NameServer = 93.153.117.1 93.153.117.33
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Atheros\Ath_WlanAgent.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2016-05-13 23:59:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-13 21:59
ComboFix2.txt 2016-05-13 12:41
.
Před spuštěním: 288 932 171 776 bytes free
Po spuštění: 288 596 901 888 bytes free
.
- - End Of File - - BDE99FEB7B674B0F2A77E85883FE29F8
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz