[code] HitmanPro 3.7.9.238 www.hitmanpro.com Computer name . . . . : DAWID-PC Windows . . . . . . . : 5.1.3.2600.X86/2 User name . . . . . . : DAWID-PC\Dawid License . . . . . . . : Free Scan date . . . . . . : 2015-02-26 18:18:21 Scan mode . . . . . . : Normal Scan duration . . . . : 16m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 20 Traces . . . . . . . : 57 Objects scanned . . . : 586 282 Files scanned . . . . : 20 091 Remnants scanned . . : 131 868 files / 434 323 keys Malware _____________________________________________________________________ C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe Size . . . . . . . : 1 795 552 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:09) Entropy . . . . . : 6.9 SHA-256 . . . . . : 6BFA87B613322569D6935445D8B5647968300DB571B9EAE764B02449DD20424F Product . . . . . : Object Browser Publisher . . . . : Object Browser Description . . . : Object Browser exe Version . . . . . : 1000.1000.1000.1000 Copyright . . . . : Copyright 2011 RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Gen:Application.Heur.Tv1@mGTBoUeO > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.CrossRider.jqx Fuzzy . . . . . . : 95.0 Forensic Cluster -0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe 2.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk 2.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll 3.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini 3.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini 3.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys 3.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys 3.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys 4.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 4.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 4.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 4.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 4.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 5.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll Size . . . . . . . : 649 576 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:11) Entropy . . . . . : 6.7 SHA-256 . . . . . : DCA2797CE9195211BFFAF9F0E956FAF03B7FD4B4FE89D92E1447A9B1AA353A66 Publisher . . . . : Goobzo LTD Description . . . : Context menu handler Version . . . . . : 1.0.1.1 Copyright . . . . : Copyright (C) 2014 Goobzo LTD RSA Key Size . . . : 2048 Authenticode . . . : Valid > Kaspersky . . . . : not-a-virus:AdWare.Win32.Shopper.adw Fuzzy . . . . . . : 95.0 Forensic Cluster -2.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -2.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll 0.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini 0.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini 0.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys 1.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys 1.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys 1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 1.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 2.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 2.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 2.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 2.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys Size . . . . . . . : 55 816 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:12) Entropy . . . . . : 6.3 SHA-256 . . . . . : A5D7D0743AAF3F3334DD41C848DA6C896B235E5DDB9CCEE811B2B1BDD21B5C7C Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.NetFilter.J Fuzzy . . . . . . : 95.0 Forensic Cluster -3.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -3.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -1.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -0.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys 0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys 0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys 0.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 1.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 1.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 1.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys Size . . . . . . . : 55 232 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:13) Entropy . . . . . : 6.3 SHA-256 . . . . . : 8A40B28500D04EB4874A13594C1AA336578E3F5D7AE08236F3F3E0A364CCDEE8 Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.NetFilter.B Fuzzy . . . . . . : 95.0 Forensic Cluster -3.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -3.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -1.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini -0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys 0.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys 0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 1.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys Size . . . . . . . : 55 232 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:13) Entropy . . . . . : 6.3 SHA-256 . . . . . : 848AFE384EDD0EADAC5C3413E1483D8D2870318B0FE78D09C539633CC17984F5 Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.NetFilter.B Fuzzy . . . . . . : 95.0 Forensic Cluster -3.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -3.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -1.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -1.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys -0.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys 0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 0.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 1.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys Size . . . . . . . : 55 224 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:13) Entropy . . . . . : 6.3 SHA-256 . . . . . : 7BA99C930D6C4959D3687ABD2075E9E55CE31DFC3C002278E6BB5B3EF6B5EF0F Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.SwiftBrowse.L Fuzzy . . . . . . : 95.0 Forensic Cluster -4.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -4.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -2.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -1.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini -1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys -0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys -0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 0.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 0.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys Size . . . . . . . : 55 224 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:13) Entropy . . . . . : 6.3 SHA-256 . . . . . : D198D2EFFFDF798E5AC0FA94E80B675E2EAE0E199CC8E59A987014F83F9DD547 Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.SwiftBrowse.L Fuzzy . . . . . . : 95.0 Forensic Cluster -4.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -4.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -2.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -2.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -1.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -1.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini -1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys -0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys -0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys -0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys -0.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 0.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys Size . . . . . . . : 55 816 bytes Age . . . . . . . : 0.1 days (2015-02-26 15:01:14) Entropy . . . . . : 6.3 SHA-256 . . . . . : 32614F1E66060A580F95639CB9E449F617692D8384F5AD34162C4BE9BB5304E0 Product . . . . . : StdLib Publisher . . . . : StdLib Description . . . : StdLib Version . . . . . : 1.4.3.1 Copyright . . . . : Copyright © 2013 StdLib RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Adware.NetFilter.J Fuzzy . . . . . . : 95.0 Forensic Cluster -4.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042785.bat -4.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042786.exe -2.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042787.lnk -2.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042788.dll -1.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042789.ini -1.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042790.ini -1.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042791.sys -1.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042792.sys -0.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042793.sys -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042794.sys -0.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042795.sys -0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042796.sys 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042797.sys 0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042798.sys 0.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042799.sys C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP106\A0043004.exe Size . . . . . . . : 1 863 128 bytes Age . . . . . . . : 0.1 days (2015-02-26 16:31:06) Entropy . . . . . : 6.9 SHA-256 . . . . . : 505D2EAD7E735CB269FF67F07A168C4427707F59978452BBDA78C49372E4AC65 Product . . . . . : GoHDV26.02 Publisher . . . . : InstallMoonV26.02 Description . . . : GoHDV26.02 exe Version . . . . . : 1000.1000.1000.1000 Copyright . . . . : Copyright 2011 RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Gen:Application.Heur.Xv1@mKCD8McO Fuzzy . . . . . . : 95.0 C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040488.exe Size . . . . . . . : 244 224 bytes Age . . . . . . . : 2.8 days (2015-02-23 23:13:04) Entropy . . . . . : 7.0 SHA-256 . . . . . : C4B909FE22DD8EEE0BE5CDF4EA2F48B05C63B5CCFD68218579028AB8C9CC61B0 > Bitdefender . . . : Trojan.GenericKD.2183439 > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.lsyu Fuzzy . . . . . . : 112.0 Forensic Cluster 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040488.exe 0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040489.exe 1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe 1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040489.exe Size . . . . . . . : 244 224 bytes Age . . . . . . . : 2.8 days (2015-02-23 23:13:05) Entropy . . . . . : 7.0 SHA-256 . . . . . : C4B909FE22DD8EEE0BE5CDF4EA2F48B05C63B5CCFD68218579028AB8C9CC61B0 > Bitdefender . . . : Trojan.GenericKD.2183439 > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.lsyu Fuzzy . . . . . . : 112.0 Forensic Cluster -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040488.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040489.exe 1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe 1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe Size . . . . . . . : 244 224 bytes Age . . . . . . . : 2.8 days (2015-02-23 23:13:06) Entropy . . . . . : 7.0 SHA-256 . . . . . : C4B909FE22DD8EEE0BE5CDF4EA2F48B05C63B5CCFD68218579028AB8C9CC61B0 > Bitdefender . . . : Trojan.GenericKD.2183439 > Kaspersky . . . . : Trojan-Ransom.Win32.Foreign.lsyu Fuzzy . . . . . . : 112.0 Forensic Cluster -1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040488.exe -1.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040489.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040490.exe C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040499.exe Size . . . . . . . : 64 000 bytes Age . . . . . . . : 2.1 days (2015-02-24 16:00:56) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8A85187ACEB4D2FA31B226A1FEA022D2680A2B4E8B6B90974AE6A5691F71BF1A > Bitdefender . . . : Adware.Suptab.E > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.gvbh Fuzzy . . . . . . : 108.0 Forensic Cluster -4.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040498.ini 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040499.exe 0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040500.exe 7.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040502.spt 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042830.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041574.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041502.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041785.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.0s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042819.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041575.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041786.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042831.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041577.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041788.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 19.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 41.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040504.old 41.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040504.old 50.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040505.old 50.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040505.old 52.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040506.lnk 56.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 56.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 56.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 72.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040510.ico 72.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040510.ico 73.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040511.old 73.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040512.old 74.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 75.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040514.old 79.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040515.data 85.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040516.data 85.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040516.data C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040500.exe Size . . . . . . . : 73 216 bytes Age . . . . . . . : 2.1 days (2015-02-24 16:00:56) Entropy . . . . . : 5.0 SHA-256 . . . . . : BE3A8304FAF89856BDA1198245F58C7771743DCD354D07FAE987CBE888D21F66 > Kaspersky . . . . : not-a-virus:AdWare.Win64.Agent.w Fuzzy . . . . . . : 108.0 Forensic Cluster -4.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040498.ini -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040499.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040500.exe 7.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040502.spt 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042830.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041574.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041502.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041785.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 15.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042687.lnk 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 17.9s C:\Documents and Settings\Dawid\Ustawienia lokalne\Historia\History.IE5\MSHist012015022420150225\ 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042819.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041575.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041503.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041786.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 18.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042688.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP101\A0042831.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041577.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041505.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041788.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 19.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0042690.lnk 41.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040504.old 41.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040504.old 50.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040505.old 50.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040505.old 52.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040506.lnk 56.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 56.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 56.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040507.spt 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 61.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040509.old 72.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040510.ico 72.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040510.ico 73.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040511.old 73.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040512.old 74.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 74.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040513.old 75.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040514.old 78.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040515.data 85.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040516.data 85.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0040516.data C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe Size . . . . . . . : 64 000 bytes Age . . . . . . . : 1.9 days (2015-02-24 19:30:34) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8A85187ACEB4D2FA31B226A1FEA022D2680A2B4E8B6B90974AE6A5691F71BF1A > Bitdefender . . . : Adware.Suptab.E > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.gvbh Fuzzy . . . . . . : 108.0 Forensic Cluster -10.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041498.ini -10.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041498.ini 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe 0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041500.spt 0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041500.spt 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 18.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 18.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 18.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 40.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041507.data 51.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041508.spt C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe Size . . . . . . . : 73 216 bytes Age . . . . . . . : 1.9 days (2015-02-24 19:30:35) Entropy . . . . . : 5.0 SHA-256 . . . . . : BE3A8304FAF89856BDA1198245F58C7771743DCD354D07FAE987CBE888D21F66 > Kaspersky . . . . : not-a-virus:AdWare.Win64.Agent.w Fuzzy . . . . . . : 108.0 Forensic Cluster -11.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041498.ini -11.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041498.ini -0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe -0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe -0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe -0.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041499.exe -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041500.spt -0.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041500.spt 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041501.exe 17.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 17.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 17.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041506.lnk 39.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041507.data 50.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041508.spt C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe Size . . . . . . . : 64 000 bytes Age . . . . . . . : 1.1 days (2015-02-25 16:15:28) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8A85187ACEB4D2FA31B226A1FEA022D2680A2B4E8B6B90974AE6A5691F71BF1A > Bitdefender . . . : Adware.Suptab.E > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.gvbh Fuzzy . . . . . . : 108.0 Forensic Cluster -1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini -1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini -1.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041570.exe 8.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041572.spt 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 53.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 53.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 53.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 63.9s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041579.data 67.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041580.spt 67.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041580.spt 80.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old 80.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old 80.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041570.exe Size . . . . . . . : 73 216 bytes Age . . . . . . . : 1.1 days (2015-02-25 16:15:28) Entropy . . . . . : 5.0 SHA-256 . . . . . : BE3A8304FAF89856BDA1198245F58C7771743DCD354D07FAE987CBE888D21F66 > Kaspersky . . . . : not-a-virus:AdWare.Win64.Agent.w Fuzzy . . . . . . : 108.0 Forensic Cluster -1.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini -1.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini -1.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041568.ini -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe -0.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041569.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041570.exe 8.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041572.spt 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 25.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041573.lnk 53.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 53.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 53.4s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041578.data 63.7s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041579.data 67.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041580.spt 67.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041580.spt 80.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old 80.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old 80.6s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041612.old C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041781.exe Size . . . . . . . : 64 000 bytes Age . . . . . . . : 0.3 days (2015-02-26 11:55:30) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8A85187ACEB4D2FA31B226A1FEA022D2680A2B4E8B6B90974AE6A5691F71BF1A > Bitdefender . . . : Adware.Suptab.E > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.gvbh Fuzzy . . . . . . : 108.0 Forensic Cluster -13.5s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041780.ini -12.9s C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FC9AD9E.pf -0.1s C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -0.1s C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041781.exe 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041781.exe 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 0.6s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.3s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 2.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041782.exe 3.2s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 3.2s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 3.2s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 3.2s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.0s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 7.2s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 7.2s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 7.2s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 7.2s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 7.2s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 10.9s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 15.2s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 15.2s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 15.2s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 15.2s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 15.2s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 21.2s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 27.9s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 35.9s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 35.9s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 35.9s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 35.9s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 36.6s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 53.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 53.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 53.1s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 55.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 55.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 55.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 55.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041782.exe Size . . . . . . . : 73 216 bytes Age . . . . . . . : 0.3 days (2015-02-26 11:55:33) Entropy . . . . . : 5.0 SHA-256 . . . . . : BE3A8304FAF89856BDA1198245F58C7771743DCD354D07FAE987CBE888D21F66 > Kaspersky . . . . : not-a-virus:AdWare.Win64.Agent.w Fuzzy . . . . . . : 108.0 Forensic Cluster -16.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041780.ini -15.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FC9AD9E.pf -2.8s C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -2.8s C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -2.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041781.exe -2.8s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041781.exe -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -2.1s C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.5s C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf -0.3s C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE05486.pf 0.0s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041782.exe 0.5s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 0.5s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 0.5s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 0.5s C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 1.2s C:\WINDOWS\Prefetch\CMDSHELL.EXE-3605D229.pf 4.4s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 4.4s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 4.4s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 4.4s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 4.4s C:\WINDOWS\Prefetch\HPNOTIFY.EXE-2A0B73BB.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 8.1s C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 9.7s C:\WINDOWS\Prefetch\RUNDLL32.EXE-12EE76C7.pf 12.4s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 12.4s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 12.4s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 12.4s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 12.4s C:\WINDOWS\Prefetch\DTLITE.EXE-3B887FAB.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 18.4s C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 25.2s C:\WINDOWS\Prefetch\LOADER32.EXE-2CECAF1B.pf 33.2s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 33.2s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 33.2s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 33.2s C:\WINDOWS\Prefetch\OPTISETUP.EXE-234C42F3.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 33.8s C:\WINDOWS\Prefetch\SUPERPC_SOFT_PARTNER.EXE-3A040491.pf 50.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 50.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 50.3s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041783.spt 52.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 52.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 52.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt 52.2s C:\System Volume Information\_restore{7B5E071B-0403-4C36-810B-A191A583870B}\RP99\A0041784.spt Suspicious files ____________________________________________________________ C:\Documents and Settings\Dawid\Moje dokumenty\Downloads\FRST.exe Size . . . . . . . : 1 127 424 bytes Age . . . . . . . : 2.0 days (2015-02-24 18:35:13) Entropy . . . . . : 8.0 SHA-256 . . . . . : 02A89730323B7E496C3CD2B7F5AFB949F7B7BA78C29157CC0F07D73057C5AF18 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Dawid\Moje dokumenty\Downloads\FRST.exe Forensic Cluster 0.0s C:\Documents and Settings\Dawid\Moje dokumenty\Downloads\FRST.exe 0.0s C:\Documents and Settings\Dawid\Moje dokumenty\Downloads\FRST.exe Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL\ (Goobzo) HKLM\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}\ (iMesh) HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo) HKLM\SOFTWARE\Reg\Clean\ (AskBar) HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SBMNTR\ (Goobzo) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SBMNTR\ (Goobzo) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBMNTR\ (Goobzo) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) HKU\.DEFAULT\Software\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) HKU\S-1-5-18\Software\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ (ReimageRepair) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro) HKU\S-1-5-21-606747145-1592454029-1417001333-1003\Software\Reg\Clean\ (RegClean Pro) HKU\S-1-5-21-606747145-1592454029-1417001333-1003_Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) HKU\S-1-5-21-606747145-1592454029-1417001333-1003_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) HKU\S-1-5-21-606747145-1592454029-1417001333-1003_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) [/code]