Virus bitcoinu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 13:43

Zdravím
V nedávné době jsem narazil na: http://www.novinky.cz/internet-a-pc/bez ... y-dul.html a podobnou zprávu jsem dostal a přílohu otevřel. O zprávě jsem se dozvěděl později. Výkon mého ntb po pár dnech od otevření zmíněného souboru rapidně klesl z běžného výkonu 20-30% na nějakách 60-70% s pouze otevřeným prohlížečem...jestli je problém jinde, netuším. Ale chtěl bych Vás poprosit o pár rad jak postupovat dál..předem děkuji.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:24, on 29.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mal\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: FindWide Toolbar - {76C2EC23-9B84-43C0-A7F6-F0CDB4DC52BE} - C:\Program Files (x86)\TNT2\Profiles\10809\passport.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Mal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
O4 - HKCU\..\Run: [svchost] regsvr32 /s "C:\Temp:0CCC2BF2.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Unknown owner - C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update HulaToo - Unknown owner - C:\Program Files (x86)\HulaToo\updateHulaToo.exe (file missing)
O23 - Service: Update PursuePoint - Unknown owner - C:\Program Files (x86)\PursuePoint\updatePursuePoint.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7799 bytes
Nahoru
Reklama
Top
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod fredik » 29 čer 2014 16:01

Stáhni AdwCleaner (by Xplode)
Ulož si ho na plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovém disku jako AdwCleaner[R?].txt), celý jeho obsah sem vlož.


Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 18:07

Takto toto mi to vyhodilo:

# AdwCleaner v3.213 - Report created 29/06/2014 at 17:34:55
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mal - MAL-PC
# Running from : C:\Users\Mal\Desktop\adwcleaner_3.213.exe
# Option : Scan

***** [ Services ] *****

Service Found : DatamngrCoordinator
Service Found : Update HulaToo
Service Found : wStLibG64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage-journal
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Mal\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml
File Found : C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Users\Mal\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Users\Mal\AppData\Roaming\Uninstall.exe
File Found : C:\Users\Mal\daemonprocess.txt
File Found : C:\Windows\System32\drivers\wStLibG64.sys
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Found : C:\Windows\System32\Tasks\Oxy
File Found : C:\Windows\System32\Tasks\Torntv V9.0-codedownloader
File Found : C:\Windows\System32\Tasks\Torntv V9.0-chromeinstaller
File Found : C:\Windows\Tasks\Torntv V9.0-codedownloader.job
File Found : C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\DealExpresS
Folder Found : C:\Program Files (x86)\FoxTab
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\Program Files (x86)\MediaViewV1
Folder Found : C:\Program Files (x86)\NetoCouuppon
Folder Found : C:\Program Files (x86)\Searcch-NewTTaB
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Assistant
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\DealExpresS
Folder Found : C:\ProgramData\DOwnnSoavve
Folder Found : C:\ProgramData\IePluginService
Folder Found : C:\ProgramData\NetoCouuppon
Folder Found : C:\ProgramData\safeweb
Folder Found : C:\ProgramData\Searcch-NewTTaB
Folder Found : C:\ProgramData\WebSSave
Folder Found : C:\ProgramData\WPM
Folder Found : C:\ProgramData\YoutubeAdblocker
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Mal\AppData\Local\genienext
Folder Found : C:\Users\Mal\AppData\Local\Mobogenie
Folder Found : C:\Users\Mal\AppData\Local\Popajar
Folder Found : C:\Users\Mal\AppData\Local\Temp\HulaToo
Folder Found : C:\Users\Mal\AppData\Local\torch
Folder Found : C:\Users\Mal\AppData\Local\WeatherAlerts
Folder Found : C:\Users\Mal\AppData\LocalLow\Torntv V9.0
Folder Found : C:\Users\Mal\AppData\Roaming\EZDownloader
Folder Found : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Found : C:\Users\Mal\AppData\Roaming\newnext.me
Folder Found : C:\Users\Mal\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Mal\AppData\Roaming\Oxy
Folder Found : C:\Users\Mal\AppData\Roaming\qone8
Folder Found : C:\Users\Mal\AppData\Roaming\SkypEmoticons
Folder Found : C:\Users\Mal\AppData\Roaming\SupTab
Folder Found : C:\Users\Mal\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2 )
Shortcut Found : C:\Users\Mal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2 )
Shortcut Found : C:\Users\Mal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\6159c1d140fc52d49bf638aeb810767f
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Popajar
Key Found : HKCU\Software\SmileysWeLove
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Popajar
Key Found : [x64] HKCU\Software\SmileysWeLove
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\DealEExpreesS.DealEExpreesS
Key Found : HKLM\SOFTWARE\Classes\DealEExpreesS.DealEExpreesS.2.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\NetOCoaupon.NetOCoaupon
Key Found : HKLM\SOFTWARE\Classes\NetOCoaupon.NetOCoaupon.6.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Desksvc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\Software\hdcode
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\Software\qone8Software
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\SW-Booster
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\V9
Key Found : HKLM\Software\Wpm
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=14 ... A2MUAA2&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=14 ... A2MUAA2&q={searchTerms}

-\\ Mozilla Firefox v

[ File : C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.defaultenginename", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/04/02&hid=1820442260177589091&lg=EN&cc=CZ&l=1&q=");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBK ... trgb=CR&q={searchTerms}
Found [Search Provider] : hxxp://search.findwide.com/serp?guid={ADFF982C-29DF-43E1-B9F0-95CFF483240D}&action=default_search&serpv=22&k={searchTerms}
Found [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gc ... nrs=AG2&q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... 5F6A357&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/04/02&hid=1820442260177589091&lg=EN&cc=CZ
Found [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=C74E10E3-EBBC-449B-9AC6-22B878949E9A&n=780c0095&ind=2014052501&p2=^GR^xdm609^YYA^cz&si=slot15855
Found [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts= ... A2MUAA2&q={searchTerms}
Found [Search Provider] : hxxp://www.qone8.com/web/?type=ds&ts=14 ... A2MUAA2&q={searchTerms}
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT33222 ... A357&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Found [Extension] : onffinbgnjkkcjkleefpeaanedgjpkfm
Found [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

*************************

AdwCleaner[R0].txt - [25711 octets] - [29/06/2014 17:34:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [25772 octets] ##########
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 18:08

A pak toto:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29.6.2014
Scan Time: 17:43:14
Logfile: 123.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.29.06
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293262
Time Elapsed: 22 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 60
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [b6843a4481fa69cd602ef45a15edd32d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [b6843a4481fa69cd602ef45a15edd32d],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [a7936e1080fbfe3847cb4dfb5aa840c0],
PUP.Optional.Babylon.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [023880fe4437e15511d294b3649e53ad],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [2614b9c5423962d4f7c61539946e51af],
PUP.Optional.BearshareTB.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}, , [ed4d077786f5171fd59f443e53af926e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [3901730b3843a591a0efda74d42ec53b],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [3901730b3843a591a0efda74d42ec53b],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, , [fd3d007eb3c885b102e1c48a7f8348b8],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6B529B0D-66B1-475A-A1D0-E491A5B84A43}, , [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}, , [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}, , [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6B529B0D-66B1-475A-A1D0-E491A5B84A43}, , [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO, , [c5752f4fe19ad95d3e7bfbedca392ad6],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO.1, , [50eaf985cbb0e74fcaefd711956ef40c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox, , [67d3631b6c0f80b66851b3354ab9e21e],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox.1, , [f743443a2f4cf343caef0bddf112e51b],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [8baf423cdc9f6acc6426f2018b7802fe],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\Datamngr, , [6ccecfaf433881b59ed2ffb537cb2dd3],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, , [c773c4ba4e2d64d2d760906207fc52ae],
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, , [fb3fe39b6b107db9769b89270bf751af],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, , [39010d7176054fe7f3ab5a79a9595ba5],
PUP.Optional.WebSearch.A, HKLM\SOFTWARE\WOW6432NODE\WS-Booster, , [eb4f82fc562584b2900a7c4d936f35cb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO, , [57e3d8a61b6077bfe0d99e4a23e0a060],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO.1, , [96a43c42dd9e43f314a5cf1937cc21df],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox, , [54e6bfbf790281b58b2e25c3a65d659b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox.1, , [9b9f631bd2a952e4774258903ec5e11f],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, , [40fa740ab4c7e155ce9d5f51a35f05fb],
PUP.Optional.Gophoto.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, , [fe3c5529d7a40e285831ce1e53b09f61],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [3bffd3ab0e6d66d0c4c6a84bf40f01ff],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}, , [fc3e4a34a4d70135b6fce1cb35cd34cc],
PUP.Optional.HulaToo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update HulaToo, , [e05a225ca1dac373a9cd606106fcf50b],
PUP.Optional.PursuePoint.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PursuePoint, , [0e2ca3db8bf080b643abeb139f649967],
PUP.Optional.DatamngrCoordinator.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAMNGRCOORDINATOR, , [2812a7d73f3c80b6174e579444bf18e8],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [b783bbc376050c2a6a4da92b649ecd33],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [1b1f83fbea91999dbe84399332d030d0],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, , [06349ae40e6d3501edc9e2f236cc738d],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [95a53f3fafcc37ffff289257a45fcb35],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, , [0931304e5c1f57df14d5ee188d77ce32],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, , [fc3e710d7ffcba7c54f059575da536ca],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [2b0f304eb9c22d0981beb94317ec45bb],
PUP.Optional.TornTV.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [ec4e6519d9a270c6420009c352b0d729],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [18225826d1aa5ed882360ac7e31f619f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [5bdf5727d0ab47ef08c7f8ef8f746d93],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, , [51e9423c2c4f63d3655552969370eb15],
PUP.Optional.Qone8, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [b08a502e1b600234becb00f32ad99a66],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [05355a24691276c0d547e80e946f8c74],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2ghost.com/Plugin, , [95a5017d720950e6ef93a62bde24768a],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, , [de5c0c72f8831a1ce51c6170a35faf51],
PUP.Optional.Softonic.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [d76391edff7cf04685f42a9617ebff01],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ADFF982C-29DF-43E1-B9F0-95CFF483240D}, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131190}, , [7fbbc8b64e2db97d1971f19dac58d22e],

Registry Values: 5
Trojan.Bitminer, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost, regsvr32 /s "C:\Temp:0CCC2BF2.dat", , [dd5da9d56912a6906cfc64e412ee5ba5]
PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={ADFF982C-29DF-43E1-B9F0-95CFF483240D}&serpv=22, , [b8829fdf6b105adcf114ac4dd62d8a76]
PUP.Optional.DatamngrCoordinator.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAMNGRCOORDINATOR|ImagePath, C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe, , [2812a7d73f3c80b6174e579444bf18e8]
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, , [06349ae40e6d3501edc9e2f236cc738d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1L2U1C1H1Q0R2X1L1R1P0B1P, , [5bdf5727d0ab47ef08c7f8ef8f746d93]

Registry Data: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2),,[09315a248eed41f50c6f682328dcc838]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2),,[1525fa84bcbf0135ab38265ba95beb15]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2),,[1e1cdda194e7cf6700e15130d430639d]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[3bffb1cd6a11fb3b4e2e96f5b94b2cd4]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2),,[9e9c3d41ea91e353e794d5b6a064d42c]

Folders: 45
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, , [d36736484c2fa195592f09e321e2e51b],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\2C639530325940A2A94394DDC9009C9C, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\ADAE291BCB0A413F9F006F9016B16203, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\D3F187C5D1D54D6CA2822ECF882D945A, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FB19E903593E4D26B54B1B86D34F2BB0, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FE66058BBADB4222974461DCFACDC728, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me, , [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\cache, , [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.WeatherAlerts, C:\Users\Mal\AppData\Local\WeatherAlerts, , [c9713e402f4c0432b5de7521f80a0cf4],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [9f9b344aa0db2a0c00266b2c43bfc937],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [9f9b344aa0db2a0c00266b2c43bfc937],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, , [3a00d8a6afccd660f6938612ae549e62],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit, , [0b2f3f3fc1ba270fcfc465357f837987],

Files: 161
Trojan.Bitminer, c:\temp:0ccc2bf2.dat, , [dd5da9d56912a6906cfc64e412ee5ba5],
Trojan.SProtector, C:\ProgramData\Assistant\AssistantSvc.dll, , [91a9c5b9b0cbf64026e1312ff50c4db3],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Roaming\OpenCandy\2C639530325940A2A94394DDC9009C9C\sp-downloader.exe, , [67d34d316e0d1521ea193ce6ab560ef2],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Roaming\OpenCandy\D3F187C5D1D54D6CA2822ECF882D945A\search_protect_global.exe, , [b189047a94e71d195da6130f2cd5b24e],
PUP.Optional.SupTab.A, C:\Users\Mal\AppData\Roaming\SupTab\SupTab.dll, , [e3576c127704d6605908c174c23e659b],
Trojan.Bitminer, C:\Temp\YKLIKhGtBYw.xdx, , [71c96b138deea78f1a4e79cfa06043bd],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncphde.exe, , [1525cab4265500368d3fb1e6a061639d],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncphde.exe, , [0b2fc5b948339f970e6473a0e1204cb4],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncphde.exe, , [8ab0f5894b306ec8d3f74761b948f60a],
PUP.Optional.Amonetize.A, C:\Users\Mal\AppData\Local\Temp\WindowsUpdateKB12695__3338_il2744723.exe, , [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup.exe, , [2812225c0f6c90a6378a1c2856aa9868],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup__1546.exe, , [bc7e6b138af15ed8bc05c77dbc4459a7],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup__3635.exe, , [0d2d4c327efd280ea41d31130bf5d828],
PUP.Optional.Solimba, C:\Users\Mal\AppData\Local\Temp\tmp8F4C.tmp.exe, , [80ba2e50582392a44ce14a35bc4806fa],
PUP.Optional.BundleInstaller.A, C:\Users\Mal\AppData\Local\Temp\n9012\s9012.exe, , [72c8e89638433ff7856cc782d52b5da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslE5A1.exe, , [c476483697e4290d8d48062809f83ac6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq22FF.exe, , [58e20678720976c051840d21818002fe],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqE4D6.exe, , [5ae0c6b883f83ff721b4b27c4fb25da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw5565.exe, , [63d70e705b2063d3ddf855d91ce513ed],
PUP.Optional.Superfish.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [0c2e4c32eb9042f43117893008fa4ab6],
PUP.Optional.Superfish.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [13275a241566999d5aeeaf0a3dc51ae6],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, , [a2986f0f66150c2a50d08f2b42c00cf4],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, , [241690ee2a5171c57fa19b1fb54d7e82],
PUP.Optional.WebSearch.A, C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml, , [ee4ca6d8c6b52313e9ec90370101659b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [300a770786f537ff067aeee07c86817f],
PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job, , [c8720f6f3b403df93070557e0ef44cb4],
PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-codedownloader.job, , [6bcfb2cc8eed0f274b559f344fb3fb05],
Trojan.BitcoinMiner, C:\Users\Mal\AppData\Local\Temp\scrypt130511.cl, , [56e4fa84f48764d27db412d4a55e50b0],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\gophotoit16.crx, , [d36736484c2fa195592f09e321e2e51b],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\ADAE291BCB0A413F9F006F9016B16203\PureLeadsSetupx21701.exe, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FB19E903593E4D26B54B1B86D34F2BB0\SCUDownloader.exe, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FE66058BBADB4222974461DCFACDC728\SmileysWeLove_SetupS_cdn.exe, , [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\nengine.cookie, , [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\cache\spark.bin, , [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\passport.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\Autorun.inf, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\crx.tar, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameApps.ini, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameConsole.exe, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameEngine.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\hmac.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\iestage2.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\IEToolbar.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\IEToolbar64.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\LastSession.log, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\log.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\MinecraftShims64.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\npTNT2Ghost.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\passport64.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\progress.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\regsvr.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\sqlite.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\tnt2chrome.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS64.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TntMagicDel.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UnInjLib.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UnInjLib64.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UninstallDlg.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\untar.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\xpi.tar, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\zipunzip.1.dll, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common\GameConsole.exe, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common\pinnedSearch.htm, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\icon.ico, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\inst.ini, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\LastSession.log, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\os10809.xml, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\PARTNER.1.TNT, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\partner.dat, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\runt.ini, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\tnt_32x32.png, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\toolbar10809@findwide.com.xpi, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\yah10809.xml, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\174800aa848d25a8046ebe0627075e40, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\2acb3d320e6d06a1f53e26c88680578d, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\33d24483a26d2821cdf1424a88101c64, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\3b4af445da352763e9d749e3903a2a74, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\53347a1539592b7d0a13dee56d899d9d, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\6548291f8a8708c759468d383b69c32d, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\69eabf03002c2f08dc31f764265e0e84, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\9272262bbd60e7676a5afab5416ef7cb, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\ac7829f5a96db79589f0014e26c21af1, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\bbdc194061ce660e5e4224f5179609b8, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\e00c254ae55a4ba7b4eebbe03f39152c, , [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.dat, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.dll, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.xpi, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\a.db, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\b.db, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Remarkithl170.bin, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Remarkithl170.exe, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Uninstall.exe, , [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP224674BA-696F-4C27-99D2-33DD05F6A357&SSPV=",), ,[8ab0423c0c6fb87e431beecc669e8977]

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod Orcus » 29 čer 2014 18:14

- Znovu spusť MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
- Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 19:01

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29.6.2014
Scan Time: 17:43:14
Logfile: 1234.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.29.06
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293262
Time Elapsed: 22 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 60
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [b6843a4481fa69cd602ef45a15edd32d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [b6843a4481fa69cd602ef45a15edd32d],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [f842b2cc55260f2714c379d38d7558a8],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [a7936e1080fbfe3847cb4dfb5aa840c0],
PUP.Optional.Babylon.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [023880fe4437e15511d294b3649e53ad],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [2614b9c5423962d4f7c61539946e51af],
PUP.Optional.BearshareTB.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}, Quarantined, [ed4d077786f5171fd59f443e53af926e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Quarantined, [3901730b3843a591a0efda74d42ec53b],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Quarantined, [3901730b3843a591a0efda74d42ec53b],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [fd3d007eb3c885b102e1c48a7f8348b8],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6B529B0D-66B1-475A-A1D0-E491A5B84A43}, Quarantined, [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}, Quarantined, [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}, Quarantined, [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6B529B0D-66B1-475A-A1D0-E491A5B84A43}, Quarantined, [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO, Quarantined, [c5752f4fe19ad95d3e7bfbedca392ad6],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO.1, Quarantined, [50eaf985cbb0e74fcaefd711956ef40c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox, Quarantined, [67d3631b6c0f80b66851b3354ab9e21e],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.Sandbox.1, Quarantined, [f743443a2f4cf343caef0bddf112e51b],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [8baf423cdc9f6acc6426f2018b7802fe],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\Datamngr, Quarantined, [6ccecfaf433881b59ed2ffb537cb2dd3],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, Quarantined, [c773c4ba4e2d64d2d760906207fc52ae],
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, Quarantined, [fb3fe39b6b107db9769b89270bf751af],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, Quarantined, [39010d7176054fe7f3ab5a79a9595ba5],
PUP.Optional.WebSearch.A, HKLM\SOFTWARE\WOW6432NODE\WS-Booster, Quarantined, [eb4f82fc562584b2900a7c4d936f35cb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO, Quarantined, [57e3d8a61b6077bfe0d99e4a23e0a060],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO.1, Quarantined, [96a43c42dd9e43f314a5cf1937cc21df],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox, Quarantined, [54e6bfbf790281b58b2e25c3a65d659b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.Sandbox.1, Quarantined, [9b9f631bd2a952e4774258903ec5e11f],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [40fa740ab4c7e155ce9d5f51a35f05fb],
PUP.Optional.Gophoto.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, Quarantined, [fe3c5529d7a40e285831ce1e53b09f61],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3bffd3ab0e6d66d0c4c6a84bf40f01ff],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}, Quarantined, [fc3e4a34a4d70135b6fce1cb35cd34cc],
PUP.Optional.HulaToo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update HulaToo, Quarantined, [e05a225ca1dac373a9cd606106fcf50b],
PUP.Optional.PursuePoint.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PursuePoint, Quarantined, [0e2ca3db8bf080b643abeb139f649967],
PUP.Optional.DatamngrCoordinator.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAMNGRCOORDINATOR, Quarantined, [2812a7d73f3c80b6174e579444bf18e8],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [b783bbc376050c2a6a4da92b649ecd33],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [1b1f83fbea91999dbe84399332d030d0],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Quarantined, [06349ae40e6d3501edc9e2f236cc738d],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [95a53f3fafcc37ffff289257a45fcb35],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [0931304e5c1f57df14d5ee188d77ce32],
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmileysWeLove, Quarantined, [fc3e710d7ffcba7c54f059575da536ca],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2b0f304eb9c22d0981beb94317ec45bb],
PUP.Optional.TornTV.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [ec4e6519d9a270c6420009c352b0d729],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [18225826d1aa5ed882360ac7e31f619f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5bdf5727d0ab47ef08c7f8ef8f746d93],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [51e9423c2c4f63d3655552969370eb15],
PUP.Optional.Qone8, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [b08a502e1b600234becb00f32ad99a66],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [05355a24691276c0d547e80e946f8c74],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2ghost.com/Plugin, Quarantined, [95a5017d720950e6ef93a62bde24768a],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [de5c0c72f8831a1ce51c6170a35faf51],
PUP.Optional.Softonic.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [d76391edff7cf04685f42a9617ebff01],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ADFF982C-29DF-43E1-B9F0-95CFF483240D}, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131190}, Quarantined, [7fbbc8b64e2db97d1971f19dac58d22e],

Registry Values: 5
Trojan.Bitminer, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost, regsvr32 /s "C:\Temp:0CCC2BF2.dat", Quarantined, [dd5da9d56912a6906cfc64e412ee5ba5]
PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={ADFF982C-29DF-43E1-B9F0-95CFF483240D}&serpv=22, Quarantined, [b8829fdf6b105adcf114ac4dd62d8a76]
PUP.Optional.DatamngrCoordinator.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAMNGRCOORDINATOR|ImagePath, C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe, Quarantined, [2812a7d73f3c80b6174e579444bf18e8]
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, Quarantined, [06349ae40e6d3501edc9e2f236cc738d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-972917567-3220589774-1664920983-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1L2U1C1H1Q0R2X1L1R1P0B1P, Quarantined, [5bdf5727d0ab47ef08c7f8ef8f746d93]

Registry Data: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2),Replaced,[09315a248eed41f50c6f682328dcc838]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2),Replaced,[1525fa84bcbf0135ab38265ba95beb15]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1400 ... MUAA2MUAA2),Replaced,[1e1cdda194e7cf6700e15130d430639d]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[3bffb1cd6a11fb3b4e2e96f5b94b2cd4]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1400 ... MUAA2MUAA2),Replaced,[9e9c3d41ea91e353e794d5b6a064d42c]

Folders: 45
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, Quarantined, [d36736484c2fa195592f09e321e2e51b],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\2C639530325940A2A94394DDC9009C9C, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\ADAE291BCB0A413F9F006F9016B16203, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\D3F187C5D1D54D6CA2822ECF882D945A, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FB19E903593E4D26B54B1B86D34F2BB0, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FE66058BBADB4222974461DCFACDC728, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me, Quarantined, [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\cache, Quarantined, [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.WeatherAlerts, C:\Users\Mal\AppData\Local\WeatherAlerts, Quarantined, [c9713e402f4c0432b5de7521f80a0cf4],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [9f9b344aa0db2a0c00266b2c43bfc937],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [9f9b344aa0db2a0c00266b2c43bfc937],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [3a00d8a6afccd660f6938612ae549e62],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],

Files: 161
Trojan.Bitminer, c:\temp:0ccc2bf2.dat, Delete-on-Reboot, [dd5da9d56912a6906cfc64e412ee5ba5],
Trojan.SProtector, C:\ProgramData\Assistant\AssistantSvc.dll, Quarantined, [91a9c5b9b0cbf64026e1312ff50c4db3],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Roaming\OpenCandy\2C639530325940A2A94394DDC9009C9C\sp-downloader.exe, Quarantined, [67d34d316e0d1521ea193ce6ab560ef2],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Roaming\OpenCandy\D3F187C5D1D54D6CA2822ECF882D945A\search_protect_global.exe, Quarantined, [b189047a94e71d195da6130f2cd5b24e],
PUP.Optional.SupTab.A, C:\Users\Mal\AppData\Roaming\SupTab\SupTab.dll, Quarantined, [e3576c127704d6605908c174c23e659b],
Trojan.Bitminer, C:\Temp\YKLIKhGtBYw.xdx, Quarantined, [71c96b138deea78f1a4e79cfa06043bd],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncphde.exe, Quarantined, [1525cab4265500368d3fb1e6a061639d],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncphde.exe, Quarantined, [0b2fc5b948339f970e6473a0e1204cb4],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncphde.exe, Quarantined, [8ab0f5894b306ec8d3f74761b948f60a],
PUP.Optional.Amonetize.A, C:\Users\Mal\AppData\Local\Temp\WindowsUpdateKB12695__3338_il2744723.exe, Quarantined, [0b2f027cbac1ec4ae18c33091fe19070],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup.exe, Quarantined, [2812225c0f6c90a6378a1c2856aa9868],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup__1546.exe, Quarantined, [bc7e6b138af15ed8bc05c77dbc4459a7],
PUP.Optional.Amonetize, C:\Users\Mal\AppData\Local\Temp\setup__3635.exe, Quarantined, [0d2d4c327efd280ea41d31130bf5d828],
PUP.Optional.Solimba, C:\Users\Mal\AppData\Local\Temp\tmp8F4C.tmp.exe, Quarantined, [80ba2e50582392a44ce14a35bc4806fa],
PUP.Optional.BundleInstaller.A, C:\Users\Mal\AppData\Local\Temp\n9012\s9012.exe, Quarantined, [72c8e89638433ff7856cc782d52b5da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslE5A1.exe, Quarantined, [c476483697e4290d8d48062809f83ac6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq22FF.exe, Quarantined, [58e20678720976c051840d21818002fe],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqE4D6.exe, Quarantined, [5ae0c6b883f83ff721b4b27c4fb25da3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw5565.exe, Quarantined, [63d70e705b2063d3ddf855d91ce513ed],
PUP.Optional.Superfish.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0c2e4c32eb9042f43117893008fa4ab6],
PUP.Optional.Superfish.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [13275a241566999d5aeeaf0a3dc51ae6],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, Quarantined, [a2986f0f66150c2a50d08f2b42c00cf4],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, Quarantined, [241690ee2a5171c57fa19b1fb54d7e82],
PUP.Optional.WebSearch.A, C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml, Quarantined, [ee4ca6d8c6b52313e9ec90370101659b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [300a770786f537ff067aeee07c86817f],
PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job, Quarantined, [c8720f6f3b403df93070557e0ef44cb4],
PUP.Optional.TornTV.A, C:\Windows\Tasks\Torntv V9.0-codedownloader.job, Quarantined, [6bcfb2cc8eed0f274b559f344fb3fb05],
Trojan.BitcoinMiner, C:\Users\Mal\AppData\Local\Temp\scrypt130511.cl, Quarantined, [56e4fa84f48764d27db412d4a55e50b0],
PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\gophotoit16.crx, Quarantined, [d36736484c2fa195592f09e321e2e51b],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\ADAE291BCB0A413F9F006F9016B16203\PureLeadsSetupx21701.exe, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FB19E903593E4D26B54B1B86D34F2BB0\SCUDownloader.exe, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.OpenCandy, C:\Users\Mal\AppData\Roaming\OpenCandy\FE66058BBADB4222974461DCFACDC728\SmileysWeLove_SetupS_cdn.exe, Quarantined, [4af05628324992a42f394a4a14ee03fd],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.NextLive.A, C:\Users\Mal\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [2d0da1ddc2b939fdaa6dd1c5b25035cb],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\passport.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\Autorun.inf, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\crx.tar, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameApps.ini, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameConsole.exe, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GameEngine.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\hmac.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\iestage2.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\IEToolbar.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\IEToolbar64.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\LastSession.log, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\log.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\MinecraftShims64.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\npTNT2Ghost.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\passport64.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\progress.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\regsvr.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\sqlite.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\tnt2chrome.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS64.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\TntMagicDel.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UnInjLib.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UnInjLib64.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UninstallDlg.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\untar.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\xpi.tar, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\2.0.0.1702\zipunzip.1.dll, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Common\pinnedSearch.htm, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\icon.ico, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\inst.ini, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\LastSession.log, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\os10809.xml, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\PARTNER.1.TNT, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\partner.dat, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\runt.ini, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\tnt_32x32.png, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\toolbar10809@findwide.com.xpi, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\yah10809.xml, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\174800aa848d25a8046ebe0627075e40, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\2acb3d320e6d06a1f53e26c88680578d, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\33d24483a26d2821cdf1424a88101c64, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\3b4af445da352763e9d749e3903a2a74, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\53347a1539592b7d0a13dee56d899d9d, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\6548291f8a8708c759468d383b69c32d, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\69eabf03002c2f08dc31f764265e0e84, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\9272262bbd60e7676a5afab5416ef7cb, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\ac7829f5a96db79589f0014e26c21af1, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\bbdc194061ce660e5e4224f5179609b8, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.TidyNetwork.A, C:\Users\Mal\AppData\Local\TNT2\Profiles\10809\Cache\e00c254ae55a4ba7b4eebbe03f39152c, Quarantined, [8eac4d311e5d93a3a9b781151fe3bb45],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.dat, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.dll, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\170.xpi, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\a.db, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\b.db, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Remarkithl170.bin, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Remarkithl170.exe, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re_markit\Uninstall.exe, Quarantined, [0b2f3f3fc1ba270fcfc465357f837987],
PUP.Optional.Conduit.A, C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP224674BA-696F-4C27-99D2-33DD05F6A357&SSPV=",), Replaced,[8ab0423c0c6fb87e431beecc669e8977]

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 19:01

# AdwCleaner v3.213 - Report created 29/06/2014 at 18:57:07
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mal - MAL-PC
# Running from : C:\Users\Mal\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : wStLibG64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Assistant
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\DealExpresS
Folder Deleted : C:\ProgramData\DOwnnSoavve
Folder Deleted : C:\ProgramData\NetoCouuppon
Folder Deleted : C:\ProgramData\safeweb
Folder Deleted : C:\ProgramData\Searcch-NewTTaB
Folder Deleted : C:\ProgramData\WebSSave
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\FoxTab
Folder Deleted : C:\Program Files (x86)\MediaViewV1
Folder Deleted : C:\Program Files (x86)\DealExpresS
Folder Deleted : C:\Program Files (x86)\NetoCouuppon
Folder Deleted : C:\Program Files (x86)\Searcch-NewTTaB
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Mal\AppData\Local\genienext
Folder Deleted : C:\Users\Mal\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Mal\AppData\Local\Popajar
Folder Deleted : C:\Users\Mal\AppData\Local\torch
Folder Deleted : C:\Users\Mal\AppData\Local\Temp\HulaToo
Folder Deleted : C:\Users\Mal\AppData\LocalLow\Torntv V9.0
Folder Deleted : C:\Users\Mal\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Mal\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Mal\AppData\Roaming\qone8
Folder Deleted : C:\Users\Mal\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Mal\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Mal\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekfhjncdfomllcfiblnceljjdgdafln
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfljojhinjcigkbnmneeefcecijfpic
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\himmadkjognfkkpdieleaghoaolfdngg
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\onffinbgnjkkcjkleefpeaanedgjpkfm
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\wStLibG64.sys
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Mal\daemonprocess.txt
File Deleted : C:\Users\Mal\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Mal\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Mal\AppData\Roaming\Uninstall.exe
File Deleted : C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage
File Deleted : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\Oxy

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Mal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Mal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Mal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\NetOCoaupon.NetOCoaupon
Key Deleted : HKLM\SOFTWARE\Classes\NetOCoaupon.NetOCoaupon.6.1
Key Deleted : HKLM\SOFTWARE\Classes\DealEExpreesS.DealEExpreesS
Key Deleted : HKLM\SOFTWARE\Classes\DealEExpreesS.DealEExpreesS.2.1
Key Deleted : HKCU\Software\6159c1d140fc52d49bf638aeb810767f
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{09732463-E7EF-8CB8-088C-85D79278256B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{155E562A-EE2E-7D28-5736-7D497E22D472}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3D0EA5EF-95E6-91F9-7964-F124BC7E5CB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7832C151-F483-5EB5-D88F-94ACA1E013A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ File : C:\Users\Mal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/04/02&hid=1820442260177589091&lg=EN&cc=CZ&l=1&q=");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Mal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBK ... trgb=CR&q={searchTerms}
Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={ADFF982C-29DF-43E1-B9F0-95CFF483240D}&action=default_search&serpv=22&k={searchTerms}
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gc ... nrs=AG2&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... 5F6A357&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/04/02&hid=1820442260177589091&lg=EN&cc=CZ
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=C74E10E3-EBBC-449B-9AC6-22B878949E9A&n=780c0095&ind=2014052501&p2=^GR^xdm609^YYA^cz&si=slot15855
Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts= ... A2MUAA2&q={searchTerms}
Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=ds&ts=14 ... A2MUAA2&q={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT33222 ... A357&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : onffinbgnjkkcjkleefpeaanedgjpkfm
Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

*************************

AdwCleaner[R0].txt - [25993 octets] - [29/06/2014 17:34:55]
AdwCleaner[R1].txt - [19217 octets] - [29/06/2014 18:55:29]
AdwCleaner[R2].txt - [20734 octets] - [29/06/2014 18:56:18]
AdwCleaner[S0].txt - [18057 octets] - [29/06/2014 18:57:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18118 octets] ##########
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 19:10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Mal on ne 29.06.2014 at 19:03:27,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{260C9C47-D378-4BC0-88F3-D718DF0D26AD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 29.06.2014 at 19:08:29,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 19:17

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mal [Admin rights]
Mode : Scan -- Date : 06/29/2014 19:16:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 7 ¤¤¤
[Suspicious.Path] \\GC_Informer -- "%LOCALAPPDATA%\GCC\Controller.exe" (--Informer) -> FOUND
[Suspicious.Path] \\GC_Scheduler -- "%LOCALAPPDATA%\GCC\Controller.exe" -> FOUND
[Suspicious.Path] \\RunAsStdUser Task -- C:\Users\Mal\AppData\Local\Oxy\Application\oxy.exe (--app=chrome-extension://cgeglcjaapbfihfpfmamaoipnbocnjkl/index.html#q="Brawl-Busters") -> FOUND
[Suspicious.Path] \\Windows Updater -- C:\Users\Mal\AppData\Roaming\Oxy\Updater.exe (oxy http://54.188.199.4 600000 3) -> FOUND
[Suspicious.Path] \\{2A7F0B50-5B23-49D8-A5C6-B03292B942A2} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Mal\AppData\Local\Temp\Rar$EXa0.466\AVP.part01.exe -d "C:\Program Files" -c -el -s2 "-dC:\Program Files" "-p" "-sp") -> FOUND
[Suspicious.Path] \\{87198FCB-9F28-4983-BE1E-5E3B823C6696} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Mal\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Mal\Downloads) -> FOUND
[Suspicious.Path] \Microsoft\Windows\Maintenance\UP_Scheduler -- "%LOCALAPPDATA%\GCC\Controller.exe" (--Update) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 ATA Device +++++
--- User ---
[MBR] 471428b0a77a30a9758dad6fd13e5655
[BSP] 4dbd1e8406f020d5be956857df73faec : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod jaro3 » 29 čer 2014 20:52

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 21:06

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mal [Admin rights]
Mode : Remove -- Date : 06/29/2014 21:05:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> DELETED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> DELETED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)

¤¤¤ Scheduled tasks : 7 ¤¤¤
[Suspicious.Path] \\GC_Informer -- "%LOCALAPPDATA%\GCC\Controller.exe" (--Informer) -> DELETED
[Suspicious.Path] \\GC_Scheduler -- "%LOCALAPPDATA%\GCC\Controller.exe" -> DELETED
[Suspicious.Path] \\RunAsStdUser Task -- C:\Users\Mal\AppData\Local\Oxy\Application\oxy.exe (--app=chrome-extension://cgeglcjaapbfihfpfmamaoipnbocnjkl/index.html#q="Brawl-Busters") -> DELETED
[Suspicious.Path] \\Windows Updater -- C:\Users\Mal\AppData\Roaming\Oxy\Updater.exe (oxy http://54.188.199.4 600000 3) -> DELETED
[Suspicious.Path] \\{2A7F0B50-5B23-49D8-A5C6-B03292B942A2} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Mal\AppData\Local\Temp\Rar$EXa0.466\AVP.part01.exe -d "C:\Program Files" -c -el -s2 "-dC:\Program Files" "-p" "-sp") -> DELETED
[Suspicious.Path] \\{87198FCB-9F28-4983-BE1E-5E3B823C6696} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Mal\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Mal\Downloads) -> DELETED
[Suspicious.Path] \Microsoft\Windows\Maintenance\UP_Scheduler -- "%LOCALAPPDATA%\GCC\Controller.exe" (--Update) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 8 ¤¤¤
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> DELETED
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Ponyhoof [efjjgphedlaihnlgaibiaihhmhaejjdd] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Minimal Memory [oipgklkggfaokcoipmecomffdpebimle] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 ATA Device +++++
--- User ---
[MBR] 471428b0a77a30a9758dad6fd13e5655
[BSP] 4dbd1e8406f020d5be956857df73faec : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06292014_191630.log - RKreport_SCN_06292014_210022.log - RKreport_SCN_06292014_210316.log
Nahoru
xXMaster
nováček
Příspěvky: 20
Registrován: červen 14
Pohlaví: Muž
Stav:
Offline

Re: Virus bitcoinu

Příspěvekod xXMaster » 29 čer 2014 21:11

21:07:06.0507 0x1204 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
21:07:17.0178 0x1204 ============================================================
21:07:17.0178 0x1204 Current date / time: 2014/06/29 21:07:17.0178
21:07:17.0178 0x1204 SystemInfo:
21:07:17.0178 0x1204
21:07:17.0178 0x1204 OS Version: 6.1.7601 ServicePack: 1.0
21:07:17.0178 0x1204 Product type: Workstation
21:07:17.0178 0x1204 ComputerName: MAL-PC
21:07:17.0178 0x1204 UserName: Mal
21:07:17.0178 0x1204 Windows directory: C:\Windows
21:07:17.0178 0x1204 System windows directory: C:\Windows
21:07:17.0178 0x1204 Running under WOW64
21:07:17.0178 0x1204 Processor architecture: Intel x64
21:07:17.0178 0x1204 Number of processors: 2
21:07:17.0178 0x1204 Page size: 0x1000
21:07:17.0178 0x1204 Boot type: Normal boot
21:07:17.0178 0x1204 ============================================================
21:07:19.0018 0x1204 KLMD registered as C:\Windows\system32\drivers\23667986.sys
21:07:19.0252 0x1204 System UUID: {AB3EB8E5-C714-670E-3EC3-5616BC01A600}
21:07:19.0845 0x1204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:19.0845 0x1204 ============================================================
21:07:19.0845 0x1204 \Device\Harddisk0\DR0:
21:07:19.0845 0x1204 MBR partitions:
21:07:19.0845 0x1204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:07:19.0845 0x1204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:07:19.0845 0x1204 ============================================================
21:07:19.0923 0x1204 C: <-> \Device\Harddisk0\DR0\Partition2
21:07:19.0923 0x1204 ============================================================
21:07:19.0923 0x1204 Initialize success
21:07:19.0923 0x1204 ============================================================
21:07:22.0840 0x03d8 ============================================================
21:07:22.0840 0x03d8 Scan started
21:07:22.0840 0x03d8 Mode: Manual;
21:07:22.0840 0x03d8 ============================================================
21:07:22.0840 0x03d8 KSN ping started
21:07:25.0602 0x03d8 KSN ping finished: true
21:07:26.0740 0x03d8 ================ Scan system memory ========================
21:07:26.0740 0x03d8 System memory - ok
21:07:26.0740 0x03d8 ================ Scan services =============================
21:07:27.0099 0x03d8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:07:27.0099 0x03d8 1394ohci - ok
21:07:27.0177 0x03d8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:07:27.0193 0x03d8 ACPI - ok
21:07:27.0224 0x03d8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:07:27.0224 0x03d8 AcpiPmi - ok
21:07:27.0520 0x03d8 [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:07:27.0520 0x03d8 AdobeFlashPlayerUpdateSvc - ok
21:07:27.0598 0x03d8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:07:27.0614 0x03d8 adp94xx - ok
21:07:27.0645 0x03d8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:07:27.0661 0x03d8 adpahci - ok
21:07:27.0692 0x03d8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:07:27.0692 0x03d8 adpu320 - ok
21:07:27.0723 0x03d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:07:27.0723 0x03d8 AeLookupSvc - ok
21:07:27.0801 0x03d8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
21:07:27.0817 0x03d8 AFD - ok
21:07:27.0864 0x03d8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:07:27.0879 0x03d8 agp440 - ok
21:07:27.0895 0x03d8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:07:27.0895 0x03d8 ALG - ok
21:07:27.0942 0x03d8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:07:27.0942 0x03d8 aliide - ok
21:07:27.0957 0x03d8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:07:27.0957 0x03d8 amdide - ok
21:07:27.0988 0x03d8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:07:28.0004 0x03d8 AmdK8 - ok
21:07:28.0004 0x03d8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:07:28.0004 0x03d8 AmdPPM - ok
21:07:28.0066 0x03d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:07:28.0066 0x03d8 amdsata - ok
21:07:28.0113 0x03d8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:07:28.0113 0x03d8 amdsbs - ok
21:07:28.0129 0x03d8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:07:28.0144 0x03d8 amdxata - ok
21:07:28.0176 0x03d8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
21:07:28.0176 0x03d8 AppID - ok
21:07:28.0207 0x03d8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:07:28.0207 0x03d8 AppIDSvc - ok
21:07:28.0254 0x03d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:07:28.0254 0x03d8 Appinfo - ok
21:07:28.0332 0x03d8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:07:28.0332 0x03d8 AppMgmt - ok
21:07:28.0394 0x03d8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:07:28.0410 0x03d8 arc - ok
21:07:28.0425 0x03d8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:07:28.0425 0x03d8 arcsas - ok
21:07:28.0675 0x03d8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:07:28.0706 0x03d8 aspnet_state - ok
21:07:28.0753 0x03d8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:07:28.0753 0x03d8 AsyncMac - ok
21:07:28.0784 0x03d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:07:28.0784 0x03d8 atapi - ok
21:07:28.0862 0x03d8 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:07:28.0878 0x03d8 atksgt - ok
21:07:28.0956 0x03d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:07:28.0987 0x03d8 AudioEndpointBuilder - ok
21:07:29.0002 0x03d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:07:29.0018 0x03d8 AudioSrv - ok
21:07:29.0065 0x03d8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:07:29.0065 0x03d8 AxInstSV - ok
21:07:29.0143 0x03d8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:07:29.0174 0x03d8 b06bdrv - ok
21:07:29.0252 0x03d8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:07:29.0252 0x03d8 b57nd60a - ok
21:07:29.0314 0x03d8 [ 30C51D195FFF1DA58AA041F290B63321, 7547CBB766CC6D5301978814D0186A7AA319F5957DDA22133298113502305D50 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:07:29.0314 0x03d8 BCM42RLY - ok
21:07:29.0502 0x03d8 [ FBC76C8D561D0AD159EF9452D9F328F6, 3A1A3E8ED48316ACF833554C50CAA3278C980F139332E9F35D889F1C46532FAA ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:07:29.0642 0x03d8 BCM43XX - ok
21:07:29.0720 0x03d8 [ B6FA52DE682784889E700B9B467F4D7A, 1D87AC22F42C5F5445AC59CF983CD1D0CEAB48C67DB8EFB6FD288FE2482C6420 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
21:07:29.0720 0x03d8 BcmVWL - ok
21:07:29.0782 0x03d8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:07:29.0782 0x03d8 BDESVC - ok
21:07:29.0845 0x03d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:07:29.0845 0x03d8 Beep - ok
21:07:29.0938 0x03d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:07:29.0985 0x03d8 BFE - ok
21:07:30.0032 0x03d8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
21:07:30.0063 0x03d8 BITS - ok
21:07:30.0110 0x03d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:07:30.0110 0x03d8 blbdrive - ok
21:07:30.0157 0x03d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:07:30.0157 0x03d8 bowser - ok
21:07:30.0219 0x03d8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:07:30.0219 0x03d8 BrFiltLo - ok
21:07:30.0219 0x03d8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:07:30.0235 0x03d8 BrFiltUp - ok
21:07:30.0282 0x03d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:07:30.0282 0x03d8 Browser - ok
21:07:30.0313 0x03d8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:07:30.0328 0x03d8 Brserid - ok
21:07:30.0344 0x03d8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:07:30.0344 0x03d8 BrSerWdm - ok
21:07:30.0344 0x03d8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:07:30.0360 0x03d8 BrUsbMdm - ok
21:07:30.0360 0x03d8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:07:30.0360 0x03d8 BrUsbSer - ok
21:07:30.0375 0x03d8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:07:30.0375 0x03d8 BTHMODEM - ok
21:07:30.0391 0x03d8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:07:30.0406 0x03d8 bthserv - ok
21:07:30.0438 0x03d8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:07:30.0438 0x03d8 cdfs - ok
21:07:30.0469 0x03d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:07:30.0469 0x03d8 cdrom - ok
21:07:30.0500 0x03d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:07:30.0500 0x03d8 CertPropSvc - ok
21:07:30.0531 0x03d8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:07:30.0531 0x03d8 circlass - ok
21:07:30.0578 0x03d8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
21:07:30.0609 0x03d8 CLFS - ok
21:07:30.0640 0x03d8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:07:30.0640 0x03d8 clr_optimization_v2.0.50727_32 - ok
21:07:30.0718 0x03d8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:07:30.0718 0x03d8 clr_optimization_v2.0.50727_64 - ok
21:07:30.0937 0x03d8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:31.0062 0x03d8 clr_optimization_v4.0.30319_32 - ok
21:07:31.0093 0x03d8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:07:31.0140 0x03d8 clr_optimization_v4.0.30319_64 - ok
21:07:31.0171 0x03d8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:31.0171 0x03d8 CmBatt - ok
21:07:31.0202 0x03d8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:07:31.0202 0x03d8 cmdide - ok
21:07:31.0264 0x03d8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
21:07:31.0280 0x03d8 CNG - ok
21:07:31.0327 0x03d8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:07:31.0327 0x03d8 Compbatt - ok
21:07:31.0358 0x03d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:07:31.0358 0x03d8 CompositeBus - ok
21:07:31.0389 0x03d8 COMSysApp - ok
21:07:31.0436 0x03d8 [ 2EF1B96EF990B70F13D260F324E4AFA8, F9B8DA895C307B3AB61C982A46436E0DB9F1E360279C759B3D672756D021975C ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:07:31.0452 0x03d8 cphs - ok
21:07:31.0498 0x03d8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:07:31.0498 0x03d8 crcdisk - ok
21:07:31.0561 0x03d8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:07:31.0561 0x03d8 CryptSvc - ok
21:07:31.0623 0x03d8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:07:31.0654 0x03d8 CSC - ok
21:07:31.0670 0x03d8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:07:31.0686 0x03d8 CscService - ok
21:07:31.0764 0x03d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:07:31.0795 0x03d8 DcomLaunch - ok
21:07:31.0857 0x03d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:07:31.0857 0x03d8 defragsvc - ok
21:07:31.0904 0x03d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:07:31.0904 0x03d8 DfsC - ok
21:07:31.0966 0x03d8 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:07:31.0982 0x03d8 dg_ssudbus - ok
21:07:32.0029 0x03d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:07:32.0044 0x03d8 Dhcp - ok
21:07:32.0076 0x03d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:07:32.0076 0x03d8 discache - ok
21:07:32.0091 0x03d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:07:32.0091 0x03d8 Disk - ok
21:07:32.0122 0x03d8 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:07:32.0122 0x03d8 dmvsc - ok
21:07:32.0169 0x03d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:07:32.0169 0x03d8 Dnscache - ok
21:07:32.0216 0x03d8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:07:32.0216 0x03d8 dot3svc - ok
21:07:32.0263 0x03d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:07:32.0278 0x03d8 DPS - ok
21:07:32.0310 0x03d8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:07:32.0310 0x03d8 drmkaud - ok
21:07:32.0372 0x03d8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:07:32.0403 0x03d8 DXGKrnl - ok
21:07:32.0434 0x03d8 EagleX64 - ok
21:07:32.0466 0x03d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:07:32.0466 0x03d8 EapHost - ok
21:07:32.0590 0x03d8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:07:32.0684 0x03d8 ebdrv - ok
21:07:32.0731 0x03d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
21:07:32.0731 0x03d8 EFS - ok
21:07:32.0840 0x03d8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:07:32.0902 0x03d8 ehRecvr - ok
21:07:32.0918 0x03d8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:07:32.0918 0x03d8 ehSched - ok
21:07:32.0980 0x03d8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:07:33.0012 0x03d8 elxstor - ok
21:07:33.0027 0x03d8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:07:33.0027 0x03d8 ErrDev - ok
21:07:33.0105 0x03d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:07:33.0136 0x03d8 EventSystem - ok
21:07:33.0152 0x03d8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:07:33.0152 0x03d8 exfat - ok
21:07:33.0152 0x03d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:07:33.0168 0x03d8 fastfat - ok
21:07:33.0230 0x03d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:07:33.0246 0x03d8 Fax - ok
21:07:33.0261 0x03d8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
21:07:33.0261 0x03d8 fdc - ok
21:07:33.0292 0x03d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:07:33.0292 0x03d8 fdPHost - ok
21:07:33.0292 0x03d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:07:33.0308 0x03d8 FDResPub - ok
21:07:33.0339 0x03d8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:07:33.0339 0x03d8 FileInfo - ok
21:07:33.0339 0x03d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:07:33.0339 0x03d8 Filetrace - ok
21:07:33.0355 0x03d8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:07:33.0355 0x03d8 flpydisk - ok
21:07:33.0370 0x03d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:07:33.0370 0x03d8 FltMgr - ok
21:07:33.0433 0x03d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
21:07:33.0464 0x03d8 FontCache - ok
21:07:33.0526 0x03d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:07:33.0526 0x03d8 FontCache3.0.0.0 - ok
21:07:33.0526 0x03d8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:07:33.0526 0x03d8 FsDepends - ok
21:07:33.0558 0x03d8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:07:33.0573 0x03d8 Fs_Rec - ok
21:07:33.0636 0x03d8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:07:33.0651 0x03d8 fvevol - ok
21:07:33.0698 0x03d8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:07:33.0698 0x03d8 gagp30kx - ok
21:07:33.0760 0x03d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:07:33.0807 0x03d8 gpsvc - ok
21:07:33.0932 0x03d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:33.0932 0x03d8 gupdate - ok
21:07:33.0948 0x03d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:33.0948 0x03d8 gupdatem - ok
21:07:34.0010 0x03d8 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:07:34.0010 0x03d8 hamachi - ok
21:07:34.0072 0x03d8 Hamachi2Svc - ok
21:07:34.0088 0x03d8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:07:34.0104 0x03d8 hcw85cir - ok
21:07:34.0150 0x03d8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:07:34.0182 0x03d8 HdAudAddService - ok
21:07:34.0228 0x03d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:07:34.0244 0x03d8 HDAudBus - ok
21:07:34.0260 0x03d8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:07:34.0260 0x03d8 HidBatt - ok
21:07:34.0275 0x03d8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:07:34.0291 0x03d8 HidBth - ok
21:07:34.0322 0x03d8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:07:34.0322 0x03d8 HidIr - ok
21:07:34.0353 0x03d8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
21:07:34.0353 0x03d8 hidserv - ok
21:07:34.0416 0x03d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:07:34.0416 0x03d8 HidUsb - ok
21:07:34.0447 0x03d8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:07:34.0447 0x03d8 hkmsvc - ok
21:07:34.0478 0x03d8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:07:34.0478 0x03d8 HomeGroupListener - ok
21:07:34.0509 0x03d8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:07:34.0509 0x03d8 HomeGroupProvider - ok
21:07:34.0556 0x03d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:07:34.0556 0x03d8 HpSAMD - ok
21:07:34.0603 0x03d8 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:07:34.0603 0x03d8 HTCAND64 - ok
21:07:34.0650 0x03d8 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:07:34.0650 0x03d8 htcnprot - ok
21:07:34.0728 0x03d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:07:34.0759 0x03d8 HTTP - ok
21:07:34.0759 0x03d8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:07:34.0759 0x03d8 hwpolicy - ok
21:07:34.0806 0x03d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:07:34.0806 0x03d8 i8042prt - ok
21:07:34.0852 0x03d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:07:34.0884 0x03d8 iaStorV - ok
21:07:34.0962 0x03d8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:34.0993 0x03d8 idsvc - ok
21:07:35.0008 0x03d8 IEEtwCollectorService - ok
21:07:35.0461 0x03d8 [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:07:35.0898 0x03d8 igfx - ok
21:07:35.0976 0x03d8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:07:35.0976 0x03d8 iirsp - ok
21:07:36.0038 0x03d8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:07:36.0085 0x03d8 IKEEXT - ok
21:07:36.0163 0x03d8 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:07:36.0178 0x03d8 IntcDAud - ok
21:07:36.0194 0x03d8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:07:36.0194 0x03d8 intelide - ok
21:07:36.0225 0x03d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:07:36.0225 0x03d8 intelppm - ok
21:07:36.0256 0x03d8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:07:36.0256 0x03d8 IPBusEnum - ok
21:07:36.0303 0x03d8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:36.0303 0x03d8 IpFilterDriver - ok
21:07:36.0381 0x03d8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:07:36.0412 0x03d8 iphlpsvc - ok
21:07:36.0428 0x03d8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:07:36.0428 0x03d8 IPMIDRV - ok
21:07:36.0459 0x03d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:07:36.0459 0x03d8 IPNAT - ok
21:07:36.0490 0x03d8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:07:36.0490 0x03d8 IRENUM - ok
21:07:36.0506 0x03d8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:07:36.0506 0x03d8 isapnp - ok
21:07:36.0537 0x03d8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:07:36.0553 0x03d8 iScsiPrt - ok
21:07:36.0568 0x03d8 k57nd60a - ok
21:07:36.0584 0x03d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:07:36.0584 0x03d8 kbdclass - ok
21:07:36.0600 0x03d8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:07:36.0615 0x03d8 kbdhid - ok
21:07:36.0631 0x03d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
21:07:36.0631 0x03d8 KeyIso - ok
21:07:36.0662 0x03d8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:07:36.0662 0x03d8 KSecDD - ok
21:07:36.0693 0x03d8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:07:36.0693 0x03d8 KSecPkg - ok
21:07:36.0724 0x03d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:07:36.0724 0x03d8 ksthunk - ok
21:07:36.0756 0x03d8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:07:36.0771 0x03d8 KtmRm - ok
21:07:36.0818 0x03d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:07:36.0834 0x03d8 LanmanServer - ok
21:07:36.0880 0x03d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:07:36.0896 0x03d8 LanmanWorkstation - ok
21:07:36.0958 0x03d8 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:07:36.0958 0x03d8 lirsgt - ok
21:07:37.0005 0x03d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:07:37.0005 0x03d8 lltdio - ok
21:07:37.0036 0x03d8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:07:37.0036 0x03d8 lltdsvc - ok
21:07:37.0083 0x03d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:07:37.0083 0x03d8 lmhosts - ok
21:07:37.0114 0x03d8 [ E299C7D4AE6AF391F38EAE78D788E678, 830D9466FED497B793BD7AFC31053A903E41E4EE02765365E4D72BADA5C45338 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
21:07:37.0130 0x03d8 LMIGuardianSvc - ok
21:07:37.0192 0x03d8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:07:37.0192 0x03d8 LSI_FC - ok
21:07:37.0239 0x03d8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:07:37.0239 0x03d8 LSI_SAS - ok
21:07:37.0239 0x03d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:07:37.0255 0x03d8 LSI_SAS2 - ok
21:07:37.0255 0x03d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:07:37.0270 0x03d8 LSI_SCSI - ok
21:07:37.0286 0x03d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:07:37.0286 0x03d8 luafv - ok
21:07:37.0302 0x03d8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:07:37.0302 0x03d8 Mcx2Svc - ok
21:07:37.0333 0x03d8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:07:37.0333 0x03d8 megasas - ok
21:07:37.0348 0x03d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:07:37.0348 0x03d8 MegaSR - ok
21:07:37.0395 0x03d8 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:07:37.0395 0x03d8 MEIx64 - ok
21:07:37.0442 0x03d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:07:37.0458 0x03d8 MMCSS - ok
21:07:37.0458 0x03d8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:07:37.0458 0x03d8 Modem - ok
21:07:37.0504 0x03d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:07:37.0504 0x03d8 monitor - ok
21:07:37.0551 0x03d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:07:37.0567 0x03d8 mouclass - ok
21:07:37.0582 0x03d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:07:37.0582 0x03d8 mouhid - ok
21:07:37.0598 0x03d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:07:37.0598 0x03d8 mountmgr - ok
21:07:37.0660 0x03d8 [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:07:37.0676 0x03d8 MpFilter - ok
21:07:37.0707 0x03d8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:07:37.0723 0x03d8 mpio - ok
21:07:37.0770 0x03d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:07:37.0785 0x03d8 mpsdrv - ok
21:07:37.0848 0x03d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:07:37.0894 0x03d8 MpsSvc - ok
21:07:37.0988 0x03d8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:07:37.0988 0x03d8 MRxDAV - ok
21:07:38.0066 0x03d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:38.0082 0x03d8 mrxsmb - ok
21:07:38.0097 0x03d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:38.0113 0x03d8 mrxsmb10 - ok
21:07:38.0128 0x03d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:38.0128 0x03d8 mrxsmb20 - ok
21:07:38.0175 0x03d8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:07:38.0175 0x03d8 msahci - ok
21:07:38.0222 0x03d8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:07:38.0222 0x03d8 msdsm - ok
21:07:38.0238 0x03d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:07:38.0253 0x03d8 MSDTC - ok
21:07:38.0269 0x03d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:07:38.0269 0x03d8 Msfs - ok
21:07:38.0269 0x03d8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:07:38.0284 0x03d8 mshidkmdf - ok
21:07:38.0284 0x03d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:07:38.0284 0x03d8 msisadrv - ok
21:07:38.0316 0x03d8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:07:38.0316 0x03d8 MSiSCSI - ok
21:07:38.0316 0x03d8 msiserver - ok
21:07:38.0362 0x03d8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:07:38.0378 0x03d8 MSKSSRV - ok
21:07:38.0487 0x03d8 [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:07:38.0487 0x03d8 MsMpSvc - ok
21:07:38.0518 0x03d8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:38.0518 0x03d8 MSPCLOCK - ok
21:07:38.0534 0x03d8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:07:38.0534 0x03d8 MSPQM - ok
21:07:38.0565 0x03d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:07:38.0581 0x03d8 MsRPC - ok
21:07:38.0581 0x03d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:07:38.0581 0x03d8 mssmbios - ok
21:07:38.0612 0x03d8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:07:38.0612 0x03d8 MSTEE - ok
21:07:38.0628 0x03d8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:07:38.0628 0x03d8 MTConfig - ok
21:07:38.0628 0x03d8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:07:38.0628 0x03d8 Mup - ok
21:07:38.0674 0x03d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:07:38.0674 0x03d8 napagent - ok
21:07:38.0721 0x03d8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:07:38.0721 0x03d8 NativeWifiP - ok
21:07:38.0815 0x03d8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:07:38.0846 0x03d8 NDIS - ok
21:07:38.0893 0x03d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:38.0893 0x03d8 NdisCap - ok
21:07:38.0940 0x03d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:38.0940 0x03d8 NdisTapi - ok
21:07:38.0971 0x03d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:38.0971 0x03d8 Ndisuio - ok
21:07:38.0986 0x03d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:38.0986 0x03d8 NdisWan - ok
21:07:39.0002 0x03d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:07:39.0002 0x03d8 NDProxy - ok
21:07:39.0033 0x03d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:07:39.0033 0x03d8 NetBIOS - ok
21:07:39.0049 0x03d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:07:39.0064 0x03d8 NetBT - ok
21:07:39.0096 0x03d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
21:07:39.0096 0x03d8 Netlogon - ok
21:07:39.0158 0x03d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:07:39.0174 0x03d8 Netman - ok
21:07:39.0361 0x03d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:07:39.0392 0x03d8 NetMsmqActivator - ok
21:07:39.0392 0x03d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 93 hostů