[code] HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : PCTOMMY Windows . . . . . . . : 6.0.2.6002.X86/2 User name . . . . . . : pcTOMMY\Tommy UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (Expired) Scan date . . . . . . : 2017-01-10 20:14:24 Scan mode . . . . . . : Normal Scan duration . . . . : 11m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 28 Traces . . . . . . . : 307 Objects scanned . . . : 2.345.053 Files scanned . . . . : 53.659 Remnants scanned . . : 383.729 files / 1.907.665 keys Malware _____________________________________________________________________ C:\aaw7boot.log.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:57) Entropy . . . . . : 4.3 SHA-256 . . . . . : 742D12E8671A68C913CA70A72A3197D8C2B587D625D78B957762A0D520AC3160 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -7.3s C:\WindowsMediaCenter\ -7.3s C:\ProgramData\WindowsMediaCenter\ -5.6s C:\ProgramData\WindowsMediaCenter\.ico -0.3s C:\.rnd.exe -0.2s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico 0.0s C:\aaw7boot.log.exe 0.0s C:\ProgramData\WindowsMediaCenter\app3.ico 0.2s C:\app3.LOG.exe 0.2s C:\ProgramData\WindowsMediaCenter\autoexec.ico 0.3s C:\autoexec.bat.exe 0.4s C:\ProgramData\WindowsMediaCenter\bootmgr.ico 0.7s C:\bootmgr.exe 0.7s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico 0.9s C:\BOOTSECT.BAK.exe 0.9s C:\ProgramData\WindowsMediaCenter\CA21.ico 1.0s C:\CA21.txt.exe 1.1s C:\ProgramData\WindowsMediaCenter\config.ico 1.2s C:\config.sys.exe 1.2s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico 1.4s C:\ctapi_out_gr.txt.exe 1.4s C:\ProgramData\WindowsMediaCenter\devlist.ico 1.5s C:\devlist.txt.exe 1.6s C:\ProgramData\WindowsMediaCenter\Driver.ico 1.7s C:\Driver.10.exe 1.8s C:\ProgramData\WindowsMediaCenter\EamClean.ico 1.9s C:\EamClean.log.exe 1.9s C:\ProgramData\WindowsMediaCenter\error.ico 2.0s C:\error.txt.exe 2.0s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 2.2s C:\F5SLAS.BIN.exe 2.2s C:\ProgramData\WindowsMediaCenter\Finish.ico 2.3s C:\Finish.log.exe 2.4s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 2.6s C:\igoogle_log.txt.exe 2.6s C:\ProgramData\WindowsMediaCenter\inject.ico 2.7s C:\inject.log.exe 2.8s C:\ProgramData\WindowsMediaCenter\inject.log.ico 2.9s C:\inject.log.txt.exe 2.9s C:\ProgramData\WindowsMediaCenter\IO.ico 3.2s C:\IO.SYS.exe 3.2s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 3.3s C:\MSDOS.SYS.exe 3.3s C:\ProgramData\WindowsMediaCenter\NERO.ico 3.5s C:\NERO.LOG.exe 3.5s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 3.7s C:\NIS2009.TXT.exe 3.7s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 3.8s C:\OFFICE2007_A.TXT.exe 3.8s C:\ProgramData\WindowsMediaCenter\Pass.ico 3.9s C:\Pass.txt.exe 30.1s C:\ProgramData\WindowsMediaCenter\Patch.ico 30.3s C:\Patch.LOG.exe 30.3s C:\ProgramData\WindowsMediaCenter\READER_A.ico 30.4s C:\READER_A.TXT.exe 30.4s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 30.6s C:\RECOVERY.DAT.exe 30.6s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 30.7s C:\RHDSetup.log.exe 30.7s C:\ProgramData\WindowsMediaCenter\store.ico 30.8s C:\store.log.exe 30.8s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 30.9s C:\SumHidd.txt.exe 31.0s C:\ProgramData\WindowsMediaCenter\SumOS.ico 31.1s C:\SumOS.txt.exe 31.1s C:\ProgramData\WindowsMediaCenter\user.ico 31.3s C:\user.js.exe 31.3s C:\ProgramData\WindowsMediaCenter\V554.ico 31.5s C:\V554.txt.exe 31.5s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 31.6s C:\VundoFix.txt.exe 31.7s C:\ProgramData\WindowsMediaCenter\WarRock.ico 31.8s C:\WarRock.ini.exe 31.8s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 32.0s C:\WindowsLive_A.TXT.exe 35.5s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 35.7s C:\$RECYCLE.BIN.exe 35.8s C:\AdwCleaner.exe 36.1s C:\ASUS.SYS.exe 36.6s C:\AvaCam.exe 37.0s C:\bwinPoker.exe 37.4s C:\Edgard.exe 37.5s C:\Games.exe 37.8s C:\need for speed 2.exe 38.0s C:\PDFcreator.exe 38.1s C:\PerfLogs.exe 38.3s C:\Poker.exe 38.5s C:\Programs.exe 38.7s C:\Team17.exe 38.8s C:\TEMP.exe 39.0s C:\totalcmd.exe 39.6s C:\YDP.exe 39.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 39.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 40.3s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 40.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 41.6s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 41.9s C:\Users\Tommy\AppData\Roaming\Random\ 41.9s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 42.1s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 42.4s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 42.9s C:\Users\Tommy\AppData\Roaming\Random\Default\ 43.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 43.0s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 43.9s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 44.2s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 44.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 44.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 45.2s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 45.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 45.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 49.7s C:\ProgramData\WindowsMediaCenter\Ie.ico 50.7s C:\ProgramData\WindowsMediaCenter\Image.ico 51.8s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 52.0s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 52.0s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 52.2s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\AdwCleaner.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:32) Entropy . . . . . : 4.8 SHA-256 . . . . . : 10F8D5F9162CD2517EE6790CDA78F34D3294AEBDDB54868A7C84DD7D40AD7874 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -43.1s C:\WindowsMediaCenter\ -43.1s C:\ProgramData\WindowsMediaCenter\ -41.4s C:\ProgramData\WindowsMediaCenter\.ico -36.1s C:\.rnd.exe -36.0s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -35.8s C:\aaw7boot.log.exe -35.8s C:\ProgramData\WindowsMediaCenter\app3.ico -35.7s C:\app3.LOG.exe -35.6s C:\ProgramData\WindowsMediaCenter\autoexec.ico -35.5s C:\autoexec.bat.exe -35.4s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -35.1s C:\bootmgr.exe -35.1s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -34.9s C:\BOOTSECT.BAK.exe -34.9s C:\ProgramData\WindowsMediaCenter\CA21.ico -34.8s C:\CA21.txt.exe -34.8s C:\ProgramData\WindowsMediaCenter\config.ico -34.6s C:\config.sys.exe -34.6s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -34.5s C:\ctapi_out_gr.txt.exe -34.4s C:\ProgramData\WindowsMediaCenter\devlist.ico -34.3s C:\devlist.txt.exe -34.2s C:\ProgramData\WindowsMediaCenter\Driver.ico -34.1s C:\Driver.10.exe -34.0s C:\ProgramData\WindowsMediaCenter\EamClean.ico -33.9s C:\EamClean.log.exe -33.9s C:\ProgramData\WindowsMediaCenter\error.ico -33.8s C:\error.txt.exe -33.8s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -33.7s C:\F5SLAS.BIN.exe -33.6s C:\ProgramData\WindowsMediaCenter\Finish.ico -33.5s C:\Finish.log.exe -33.4s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -33.2s C:\igoogle_log.txt.exe -33.2s C:\ProgramData\WindowsMediaCenter\inject.ico -33.1s C:\inject.log.exe -33.0s C:\ProgramData\WindowsMediaCenter\inject.log.ico -32.9s C:\inject.log.txt.exe -32.9s C:\ProgramData\WindowsMediaCenter\IO.ico -32.6s C:\IO.SYS.exe -32.6s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -32.5s C:\MSDOS.SYS.exe -32.5s C:\ProgramData\WindowsMediaCenter\NERO.ico -32.3s C:\NERO.LOG.exe -32.3s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -32.1s C:\NIS2009.TXT.exe -32.1s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -32.0s C:\OFFICE2007_A.TXT.exe -32.0s C:\ProgramData\WindowsMediaCenter\Pass.ico -31.9s C:\Pass.txt.exe -5.7s C:\ProgramData\WindowsMediaCenter\Patch.ico -5.5s C:\Patch.LOG.exe -5.5s C:\ProgramData\WindowsMediaCenter\READER_A.ico -5.4s C:\READER_A.TXT.exe -5.4s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -5.2s C:\RECOVERY.DAT.exe -5.2s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -5.1s C:\RHDSetup.log.exe -5.1s C:\ProgramData\WindowsMediaCenter\store.ico -5.0s C:\store.log.exe -5.0s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -4.9s C:\SumHidd.txt.exe -4.8s C:\ProgramData\WindowsMediaCenter\SumOS.ico -4.7s C:\SumOS.txt.exe -4.7s C:\ProgramData\WindowsMediaCenter\user.ico -4.5s C:\user.js.exe -4.5s C:\ProgramData\WindowsMediaCenter\V554.ico -4.4s C:\V554.txt.exe -4.3s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -4.2s C:\VundoFix.txt.exe -4.1s C:\ProgramData\WindowsMediaCenter\WarRock.ico -4.0s C:\WarRock.ini.exe -4.0s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -3.8s C:\WindowsLive_A.TXT.exe -0.3s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -0.1s C:\$RECYCLE.BIN.exe 0.0s C:\AdwCleaner.exe 0.3s C:\ASUS.SYS.exe 0.8s C:\AvaCam.exe 1.2s C:\bwinPoker.exe 1.5s C:\Edgard.exe 1.7s C:\Games.exe 2.0s C:\need for speed 2.exe 2.2s C:\PDFcreator.exe 2.3s C:\PerfLogs.exe 2.5s C:\Poker.exe 2.7s C:\Programs.exe 2.9s C:\Team17.exe 3.0s C:\TEMP.exe 3.2s C:\totalcmd.exe 3.8s C:\YDP.exe 4.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 4.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 4.5s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 4.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 5.8s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 6.1s C:\Users\Tommy\AppData\Roaming\Random\ 6.1s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 6.3s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 6.6s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 7.1s C:\Users\Tommy\AppData\Roaming\Random\Default\ 7.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 7.2s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 8.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 8.3s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 8.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 9.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 9.4s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 9.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 10.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 13.9s C:\ProgramData\WindowsMediaCenter\Ie.ico 14.9s C:\ProgramData\WindowsMediaCenter\Image.ico 16.0s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 16.2s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 16.2s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 16.4s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\app3.LOG.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:57) Entropy . . . . . : 4.3 SHA-256 . . . . . : 91D79BD758391DCD7806D05E13F73DCA76D2A4993138A23FE426EB2709217C6D > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -7.4s C:\WindowsMediaCenter\ -7.4s C:\ProgramData\WindowsMediaCenter\ -5.7s C:\ProgramData\WindowsMediaCenter\.ico -0.4s C:\.rnd.exe -0.4s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -0.2s C:\aaw7boot.log.exe -0.1s C:\ProgramData\WindowsMediaCenter\app3.ico 0.0s C:\app3.LOG.exe 0.0s C:\ProgramData\WindowsMediaCenter\autoexec.ico 0.2s C:\autoexec.bat.exe 0.3s C:\ProgramData\WindowsMediaCenter\bootmgr.ico 0.5s C:\bootmgr.exe 0.5s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico 0.7s C:\BOOTSECT.BAK.exe 0.7s C:\ProgramData\WindowsMediaCenter\CA21.ico 0.9s C:\CA21.txt.exe 0.9s C:\ProgramData\WindowsMediaCenter\config.ico 1.0s C:\config.sys.exe 1.1s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico 1.2s C:\ctapi_out_gr.txt.exe 1.3s C:\ProgramData\WindowsMediaCenter\devlist.ico 1.4s C:\devlist.txt.exe 1.4s C:\ProgramData\WindowsMediaCenter\Driver.ico 1.5s C:\Driver.10.exe 1.6s C:\ProgramData\WindowsMediaCenter\EamClean.ico 1.7s C:\EamClean.log.exe 1.7s C:\ProgramData\WindowsMediaCenter\error.ico 1.9s C:\error.txt.exe 1.9s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 2.0s C:\F5SLAS.BIN.exe 2.0s C:\ProgramData\WindowsMediaCenter\Finish.ico 2.2s C:\Finish.log.exe 2.3s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 2.4s C:\igoogle_log.txt.exe 2.4s C:\ProgramData\WindowsMediaCenter\inject.ico 2.6s C:\inject.log.exe 2.6s C:\ProgramData\WindowsMediaCenter\inject.log.ico 2.7s C:\inject.log.txt.exe 2.8s C:\ProgramData\WindowsMediaCenter\IO.ico 3.0s C:\IO.SYS.exe 3.0s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 3.1s C:\MSDOS.SYS.exe 3.2s C:\ProgramData\WindowsMediaCenter\NERO.ico 3.4s C:\NERO.LOG.exe 3.4s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 3.5s C:\NIS2009.TXT.exe 3.5s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 3.6s C:\OFFICE2007_A.TXT.exe 3.7s C:\ProgramData\WindowsMediaCenter\Pass.ico 3.8s C:\Pass.txt.exe 30.0s C:\ProgramData\WindowsMediaCenter\Patch.ico 30.1s C:\Patch.LOG.exe 30.2s C:\ProgramData\WindowsMediaCenter\READER_A.ico 30.3s C:\READER_A.TXT.exe 30.3s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 30.4s C:\RECOVERY.DAT.exe 30.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 30.5s C:\RHDSetup.log.exe 30.6s C:\ProgramData\WindowsMediaCenter\store.ico 30.7s C:\store.log.exe 30.7s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 30.8s C:\SumHidd.txt.exe 30.8s C:\ProgramData\WindowsMediaCenter\SumOS.ico 30.9s C:\SumOS.txt.exe 31.0s C:\ProgramData\WindowsMediaCenter\user.ico 31.1s C:\user.js.exe 31.1s C:\ProgramData\WindowsMediaCenter\V554.ico 31.3s C:\V554.txt.exe 31.3s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 31.5s C:\VundoFix.txt.exe 31.5s C:\ProgramData\WindowsMediaCenter\WarRock.ico 31.7s C:\WarRock.ini.exe 31.7s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 31.8s C:\WindowsLive_A.TXT.exe 35.3s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 35.5s C:\$RECYCLE.BIN.exe 35.7s C:\AdwCleaner.exe 35.9s C:\ASUS.SYS.exe 36.5s C:\AvaCam.exe 36.8s C:\bwinPoker.exe 37.2s C:\Edgard.exe 37.3s C:\Games.exe 37.7s C:\need for speed 2.exe 37.8s C:\PDFcreator.exe 38.0s C:\PerfLogs.exe 38.1s C:\Poker.exe 38.4s C:\Programs.exe 38.5s C:\Team17.exe 38.7s C:\TEMP.exe 38.8s C:\totalcmd.exe 39.4s C:\YDP.exe 39.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 39.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 40.2s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 40.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 41.4s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 41.7s C:\Users\Tommy\AppData\Roaming\Random\ 41.8s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 41.9s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 42.3s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 42.8s C:\Users\Tommy\AppData\Roaming\Random\Default\ 42.8s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 42.9s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 43.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 44.0s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 44.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 44.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 45.0s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 45.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 45.7s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 49.6s C:\ProgramData\WindowsMediaCenter\Ie.ico 50.5s C:\ProgramData\WindowsMediaCenter\Image.ico 51.6s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 51.8s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 51.9s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 52.1s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\autoexec.bat.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:57) Entropy . . . . . : 5.0 SHA-256 . . . . . : A8FDA3A5ECF7E8E546E0EA0258B213F130002C07F4205F10472B5D3FA97E99AC > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -7.6s C:\WindowsMediaCenter\ -7.6s C:\ProgramData\WindowsMediaCenter\ -5.9s C:\ProgramData\WindowsMediaCenter\.ico -0.6s C:\.rnd.exe -0.6s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -0.3s C:\aaw7boot.log.exe -0.3s C:\ProgramData\WindowsMediaCenter\app3.ico -0.2s C:\app3.LOG.exe -0.2s C:\ProgramData\WindowsMediaCenter\autoexec.ico 0.0s C:\autoexec.bat.exe 0.1s C:\ProgramData\WindowsMediaCenter\bootmgr.ico 0.3s C:\bootmgr.exe 0.3s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico 0.5s C:\BOOTSECT.BAK.exe 0.6s C:\ProgramData\WindowsMediaCenter\CA21.ico 0.7s C:\CA21.txt.exe 0.7s C:\ProgramData\WindowsMediaCenter\config.ico 0.8s C:\config.sys.exe 0.9s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico 1.0s C:\ctapi_out_gr.txt.exe 1.1s C:\ProgramData\WindowsMediaCenter\devlist.ico 1.2s C:\devlist.txt.exe 1.2s C:\ProgramData\WindowsMediaCenter\Driver.ico 1.3s C:\Driver.10.exe 1.4s C:\ProgramData\WindowsMediaCenter\EamClean.ico 1.5s C:\EamClean.log.exe 1.5s C:\ProgramData\WindowsMediaCenter\error.ico 1.7s C:\error.txt.exe 1.7s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 1.8s C:\F5SLAS.BIN.exe 1.8s C:\ProgramData\WindowsMediaCenter\Finish.ico 2.0s C:\Finish.log.exe 2.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 2.2s C:\igoogle_log.txt.exe 2.3s C:\ProgramData\WindowsMediaCenter\inject.ico 2.4s C:\inject.log.exe 2.4s C:\ProgramData\WindowsMediaCenter\inject.log.ico 2.5s C:\inject.log.txt.exe 2.6s C:\ProgramData\WindowsMediaCenter\IO.ico 2.8s C:\IO.SYS.exe 2.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 3.0s C:\MSDOS.SYS.exe 3.0s C:\ProgramData\WindowsMediaCenter\NERO.ico 3.2s C:\NERO.LOG.exe 3.2s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 3.3s C:\NIS2009.TXT.exe 3.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 3.5s C:\OFFICE2007_A.TXT.exe 3.5s C:\ProgramData\WindowsMediaCenter\Pass.ico 3.6s C:\Pass.txt.exe 29.8s C:\ProgramData\WindowsMediaCenter\Patch.ico 29.9s C:\Patch.LOG.exe 30.0s C:\ProgramData\WindowsMediaCenter\READER_A.ico 30.1s C:\READER_A.TXT.exe 30.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 30.2s C:\RECOVERY.DAT.exe 30.2s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 30.3s C:\RHDSetup.log.exe 30.4s C:\ProgramData\WindowsMediaCenter\store.ico 30.5s C:\store.log.exe 30.5s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 30.6s C:\SumHidd.txt.exe 30.6s C:\ProgramData\WindowsMediaCenter\SumOS.ico 30.7s C:\SumOS.txt.exe 30.8s C:\ProgramData\WindowsMediaCenter\user.ico 30.9s C:\user.js.exe 30.9s C:\ProgramData\WindowsMediaCenter\V554.ico 31.1s C:\V554.txt.exe 31.1s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 31.3s C:\VundoFix.txt.exe 31.4s C:\ProgramData\WindowsMediaCenter\WarRock.ico 31.5s C:\WarRock.ini.exe 31.5s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 31.6s C:\WindowsLive_A.TXT.exe 35.1s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 35.3s C:\$RECYCLE.BIN.exe 35.5s C:\AdwCleaner.exe 35.7s C:\ASUS.SYS.exe 36.3s C:\AvaCam.exe 36.6s C:\bwinPoker.exe 37.0s C:\Edgard.exe 37.1s C:\Games.exe 37.5s C:\need for speed 2.exe 37.6s C:\PDFcreator.exe 37.8s C:\PerfLogs.exe 37.9s C:\Poker.exe 38.2s C:\Programs.exe 38.3s C:\Team17.exe 38.5s C:\TEMP.exe 38.7s C:\totalcmd.exe 39.2s C:\YDP.exe 39.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 39.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 40.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 40.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 41.2s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 41.6s C:\Users\Tommy\AppData\Roaming\Random\ 41.6s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 41.7s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 42.1s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 42.6s C:\Users\Tommy\AppData\Roaming\Random\Default\ 42.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 42.7s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 43.6s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 43.8s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 43.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 44.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 44.8s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 45.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 45.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 49.4s C:\ProgramData\WindowsMediaCenter\Ie.ico 50.3s C:\ProgramData\WindowsMediaCenter\Image.ico 51.4s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 51.6s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 51.7s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 51.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\AvaCam.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:33) Entropy . . . . . : 4.8 SHA-256 . . . . . : 7561EA0E6FA0D4B1295C0D7EB451515CF014FA1FEFD9737E8B09E91D799E8EFF > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -43.9s C:\WindowsMediaCenter\ -43.9s C:\ProgramData\WindowsMediaCenter\ -42.2s C:\ProgramData\WindowsMediaCenter\.ico -36.9s C:\.rnd.exe -36.8s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -36.6s C:\aaw7boot.log.exe -36.6s C:\ProgramData\WindowsMediaCenter\app3.ico -36.5s C:\app3.LOG.exe -36.4s C:\ProgramData\WindowsMediaCenter\autoexec.ico -36.3s C:\autoexec.bat.exe -36.2s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -35.9s C:\bootmgr.exe -35.9s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -35.7s C:\BOOTSECT.BAK.exe -35.7s C:\ProgramData\WindowsMediaCenter\CA21.ico -35.6s C:\CA21.txt.exe -35.6s C:\ProgramData\WindowsMediaCenter\config.ico -35.4s C:\config.sys.exe -35.4s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -35.3s C:\ctapi_out_gr.txt.exe -35.2s C:\ProgramData\WindowsMediaCenter\devlist.ico -35.1s C:\devlist.txt.exe -35.0s C:\ProgramData\WindowsMediaCenter\Driver.ico -34.9s C:\Driver.10.exe -34.9s C:\ProgramData\WindowsMediaCenter\EamClean.ico -34.7s C:\EamClean.log.exe -34.7s C:\ProgramData\WindowsMediaCenter\error.ico -34.6s C:\error.txt.exe -34.6s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -34.5s C:\F5SLAS.BIN.exe -34.4s C:\ProgramData\WindowsMediaCenter\Finish.ico -34.3s C:\Finish.log.exe -34.2s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -34.0s C:\igoogle_log.txt.exe -34.0s C:\ProgramData\WindowsMediaCenter\inject.ico -33.9s C:\inject.log.exe -33.8s C:\ProgramData\WindowsMediaCenter\inject.log.ico -33.7s C:\inject.log.txt.exe -33.7s C:\ProgramData\WindowsMediaCenter\IO.ico -33.4s C:\IO.SYS.exe -33.4s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -33.3s C:\MSDOS.SYS.exe -33.3s C:\ProgramData\WindowsMediaCenter\NERO.ico -33.1s C:\NERO.LOG.exe -33.1s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -33.0s C:\NIS2009.TXT.exe -32.9s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -32.8s C:\OFFICE2007_A.TXT.exe -32.8s C:\ProgramData\WindowsMediaCenter\Pass.ico -32.7s C:\Pass.txt.exe -6.5s C:\ProgramData\WindowsMediaCenter\Patch.ico -6.3s C:\Patch.LOG.exe -6.3s C:\ProgramData\WindowsMediaCenter\READER_A.ico -6.2s C:\READER_A.TXT.exe -6.2s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -6.1s C:\RECOVERY.DAT.exe -6.0s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -5.9s C:\RHDSetup.log.exe -5.9s C:\ProgramData\WindowsMediaCenter\store.ico -5.8s C:\store.log.exe -5.8s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -5.7s C:\SumHidd.txt.exe -5.6s C:\ProgramData\WindowsMediaCenter\SumOS.ico -5.5s C:\SumOS.txt.exe -5.5s C:\ProgramData\WindowsMediaCenter\user.ico -5.3s C:\user.js.exe -5.3s C:\ProgramData\WindowsMediaCenter\V554.ico -5.2s C:\V554.txt.exe -5.1s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -5.0s C:\VundoFix.txt.exe -4.9s C:\ProgramData\WindowsMediaCenter\WarRock.ico -4.8s C:\WarRock.ini.exe -4.8s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -4.6s C:\WindowsLive_A.TXT.exe -1.1s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -1.0s C:\$RECYCLE.BIN.exe -0.8s C:\AdwCleaner.exe -0.5s C:\ASUS.SYS.exe 0.0s C:\AvaCam.exe 0.4s C:\bwinPoker.exe 0.7s C:\Edgard.exe 0.9s C:\Games.exe 1.2s C:\need for speed 2.exe 1.4s C:\PDFcreator.exe 1.5s C:\PerfLogs.exe 1.7s C:\Poker.exe 1.9s C:\Programs.exe 2.1s C:\Team17.exe 2.2s C:\TEMP.exe 2.4s C:\totalcmd.exe 3.0s C:\YDP.exe 3.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 3.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 3.7s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 3.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 5.0s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 5.3s C:\Users\Tommy\AppData\Roaming\Random\ 5.3s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 5.5s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 5.8s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 6.3s C:\Users\Tommy\AppData\Roaming\Random\Default\ 6.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 6.4s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 7.3s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 7.5s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 7.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 8.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 8.6s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 8.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 9.2s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 13.1s C:\ProgramData\WindowsMediaCenter\Ie.ico 14.0s C:\ProgramData\WindowsMediaCenter\Image.ico 15.1s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 15.4s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 15.4s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 15.6s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\BOOTSECT.BAK.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:57) Entropy . . . . . : 4.3 SHA-256 . . . . . : 6C42B282A743D41302A8761DA1C14AA1D7025022DD97DFF73B6E504AA1100A7B > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -8.2s C:\WindowsMediaCenter\ -8.1s C:\ProgramData\WindowsMediaCenter\ -6.5s C:\ProgramData\WindowsMediaCenter\.ico -1.2s C:\.rnd.exe -1.1s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -0.9s C:\aaw7boot.log.exe -0.9s C:\ProgramData\WindowsMediaCenter\app3.ico -0.7s C:\app3.LOG.exe -0.7s C:\ProgramData\WindowsMediaCenter\autoexec.ico -0.5s C:\autoexec.bat.exe -0.5s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -0.2s C:\bootmgr.exe -0.2s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico 0.0s C:\BOOTSECT.BAK.exe 0.0s C:\ProgramData\WindowsMediaCenter\CA21.ico 0.2s C:\CA21.txt.exe 0.2s C:\ProgramData\WindowsMediaCenter\config.ico 0.3s C:\config.sys.exe 0.3s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico 0.5s C:\ctapi_out_gr.txt.exe 0.5s C:\ProgramData\WindowsMediaCenter\devlist.ico 0.7s C:\devlist.txt.exe 0.7s C:\ProgramData\WindowsMediaCenter\Driver.ico 0.8s C:\Driver.10.exe 0.9s C:\ProgramData\WindowsMediaCenter\EamClean.ico 1.0s C:\EamClean.log.exe 1.0s C:\ProgramData\WindowsMediaCenter\error.ico 1.1s C:\error.txt.exe 1.2s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 1.3s C:\F5SLAS.BIN.exe 1.3s C:\ProgramData\WindowsMediaCenter\Finish.ico 1.4s C:\Finish.log.exe 1.5s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 1.7s C:\igoogle_log.txt.exe 1.7s C:\ProgramData\WindowsMediaCenter\inject.ico 1.9s C:\inject.log.exe 1.9s C:\ProgramData\WindowsMediaCenter\inject.log.ico 2.0s C:\inject.log.txt.exe 2.0s C:\ProgramData\WindowsMediaCenter\IO.ico 2.3s C:\IO.SYS.exe 2.3s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 2.4s C:\MSDOS.SYS.exe 2.4s C:\ProgramData\WindowsMediaCenter\NERO.ico 2.6s C:\NERO.LOG.exe 2.7s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 2.8s C:\NIS2009.TXT.exe 2.8s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 2.9s C:\OFFICE2007_A.TXT.exe 2.9s C:\ProgramData\WindowsMediaCenter\Pass.ico 3.1s C:\Pass.txt.exe 29.3s C:\ProgramData\WindowsMediaCenter\Patch.ico 29.4s C:\Patch.LOG.exe 29.4s C:\ProgramData\WindowsMediaCenter\READER_A.ico 29.5s C:\READER_A.TXT.exe 29.6s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 29.7s C:\RECOVERY.DAT.exe 29.7s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 29.8s C:\RHDSetup.log.exe 29.8s C:\ProgramData\WindowsMediaCenter\store.ico 29.9s C:\store.log.exe 30.0s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 30.1s C:\SumHidd.txt.exe 30.1s C:\ProgramData\WindowsMediaCenter\SumOS.ico 30.2s C:\SumOS.txt.exe 30.2s C:\ProgramData\WindowsMediaCenter\user.ico 30.4s C:\user.js.exe 30.4s C:\ProgramData\WindowsMediaCenter\V554.ico 30.6s C:\V554.txt.exe 30.6s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 30.7s C:\VundoFix.txt.exe 30.8s C:\ProgramData\WindowsMediaCenter\WarRock.ico 30.9s C:\WarRock.ini.exe 30.9s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 31.1s C:\WindowsLive_A.TXT.exe 34.6s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 34.8s C:\$RECYCLE.BIN.exe 34.9s C:\AdwCleaner.exe 35.2s C:\ASUS.SYS.exe 35.7s C:\AvaCam.exe 36.1s C:\bwinPoker.exe 36.5s C:\Edgard.exe 36.6s C:\Games.exe 36.9s C:\need for speed 2.exe 37.1s C:\PDFcreator.exe 37.2s C:\PerfLogs.exe 37.4s C:\Poker.exe 37.6s C:\Programs.exe 37.8s C:\Team17.exe 37.9s C:\TEMP.exe 38.1s C:\totalcmd.exe 38.7s C:\YDP.exe 39.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 39.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 39.4s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 39.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 40.7s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 41.0s C:\Users\Tommy\AppData\Roaming\Random\ 41.0s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 41.2s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 41.6s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 42.0s C:\Users\Tommy\AppData\Roaming\Random\Default\ 42.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 42.1s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 43.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 43.3s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 43.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 44.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 44.3s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 44.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 44.9s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 48.8s C:\ProgramData\WindowsMediaCenter\Ie.ico 49.8s C:\ProgramData\WindowsMediaCenter\Image.ico 50.9s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 51.1s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 51.2s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 51.3s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\bwinPoker.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:34) Entropy . . . . . : 4.8 SHA-256 . . . . . : 26DA80691845F37590F170E796A6B83041267B25180DE8DE5588EF58AF1F174C > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -44.2s C:\WindowsMediaCenter\ -44.2s C:\ProgramData\WindowsMediaCenter\ -42.6s C:\ProgramData\WindowsMediaCenter\.ico -37.2s C:\.rnd.exe -37.2s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -37.0s C:\aaw7boot.log.exe -37.0s C:\ProgramData\WindowsMediaCenter\app3.ico -36.8s C:\app3.LOG.exe -36.8s C:\ProgramData\WindowsMediaCenter\autoexec.ico -36.6s C:\autoexec.bat.exe -36.5s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -36.3s C:\bootmgr.exe -36.3s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -36.1s C:\BOOTSECT.BAK.exe -36.1s C:\ProgramData\WindowsMediaCenter\CA21.ico -35.9s C:\CA21.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\config.ico -35.8s C:\config.sys.exe -35.8s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -35.6s C:\ctapi_out_gr.txt.exe -35.6s C:\ProgramData\WindowsMediaCenter\devlist.ico -35.4s C:\devlist.txt.exe -35.4s C:\ProgramData\WindowsMediaCenter\Driver.ico -35.3s C:\Driver.10.exe -35.2s C:\ProgramData\WindowsMediaCenter\EamClean.ico -35.1s C:\EamClean.log.exe -35.1s C:\ProgramData\WindowsMediaCenter\error.ico -35.0s C:\error.txt.exe -34.9s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -34.8s C:\F5SLAS.BIN.exe -34.8s C:\ProgramData\WindowsMediaCenter\Finish.ico -34.7s C:\Finish.log.exe -34.5s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -34.4s C:\igoogle_log.txt.exe -34.4s C:\ProgramData\WindowsMediaCenter\inject.ico -34.2s C:\inject.log.exe -34.2s C:\ProgramData\WindowsMediaCenter\inject.log.ico -34.1s C:\inject.log.txt.exe -34.1s C:\ProgramData\WindowsMediaCenter\IO.ico -33.8s C:\IO.SYS.exe -33.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -33.7s C:\MSDOS.SYS.exe -33.7s C:\ProgramData\WindowsMediaCenter\NERO.ico -33.4s C:\NERO.LOG.exe -33.4s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -33.3s C:\NIS2009.TXT.exe -33.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -33.2s C:\OFFICE2007_A.TXT.exe -33.2s C:\ProgramData\WindowsMediaCenter\Pass.ico -33.0s C:\Pass.txt.exe -6.8s C:\ProgramData\WindowsMediaCenter\Patch.ico -6.7s C:\Patch.LOG.exe -6.7s C:\ProgramData\WindowsMediaCenter\READER_A.ico -6.6s C:\READER_A.TXT.exe -6.5s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -6.4s C:\RECOVERY.DAT.exe -6.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -6.3s C:\RHDSetup.log.exe -6.3s C:\ProgramData\WindowsMediaCenter\store.ico -6.2s C:\store.log.exe -6.1s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -6.0s C:\SumHidd.txt.exe -6.0s C:\ProgramData\WindowsMediaCenter\SumOS.ico -5.9s C:\SumOS.txt.exe -5.9s C:\ProgramData\WindowsMediaCenter\user.ico -5.7s C:\user.js.exe -5.7s C:\ProgramData\WindowsMediaCenter\V554.ico -5.5s C:\V554.txt.exe -5.5s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -5.4s C:\VundoFix.txt.exe -5.3s C:\ProgramData\WindowsMediaCenter\WarRock.ico -5.2s C:\WarRock.ini.exe -5.1s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -5.0s C:\WindowsLive_A.TXT.exe -1.5s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -1.3s C:\$RECYCLE.BIN.exe -1.2s C:\AdwCleaner.exe -0.9s C:\ASUS.SYS.exe -0.4s C:\AvaCam.exe 0.0s C:\bwinPoker.exe 0.4s C:\Edgard.exe 0.5s C:\Games.exe 0.8s C:\need for speed 2.exe 1.0s C:\PDFcreator.exe 1.1s C:\PerfLogs.exe 1.3s C:\Poker.exe 1.6s C:\Programs.exe 1.7s C:\Team17.exe 1.8s C:\TEMP.exe 2.0s C:\totalcmd.exe 2.6s C:\YDP.exe 2.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 2.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 3.3s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 3.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 4.6s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 4.9s C:\Users\Tommy\AppData\Roaming\Random\ 4.9s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 5.1s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 5.5s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 6.0s C:\Users\Tommy\AppData\Roaming\Random\Default\ 6.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 6.1s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 7.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 7.2s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 7.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 7.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 8.2s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 8.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 8.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 12.8s C:\ProgramData\WindowsMediaCenter\Ie.ico 13.7s C:\ProgramData\WindowsMediaCenter\Image.ico 14.8s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 15.0s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 15.1s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 15.2s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\ctapi_out_gr.txt.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:58) Entropy . . . . . : 4.3 SHA-256 . . . . . : 0C7415A79E30980DB057CC884853AAAD1C2017F0B5F0E522E17C0CCD2087FB9B > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -8.6s C:\WindowsMediaCenter\ -8.6s C:\ProgramData\WindowsMediaCenter\ -6.9s C:\ProgramData\WindowsMediaCenter\.ico -1.6s C:\.rnd.exe -1.6s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -1.4s C:\aaw7boot.log.exe -1.3s C:\ProgramData\WindowsMediaCenter\app3.ico -1.2s C:\app3.LOG.exe -1.2s C:\ProgramData\WindowsMediaCenter\autoexec.ico -1.0s C:\autoexec.bat.exe -0.9s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -0.7s C:\bootmgr.exe -0.7s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -0.5s C:\BOOTSECT.BAK.exe -0.5s C:\ProgramData\WindowsMediaCenter\CA21.ico -0.3s C:\CA21.txt.exe -0.3s C:\ProgramData\WindowsMediaCenter\config.ico -0.2s C:\config.sys.exe -0.2s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico 0.0s C:\ctapi_out_gr.txt.exe 0.1s C:\ProgramData\WindowsMediaCenter\devlist.ico 0.2s C:\devlist.txt.exe 0.2s C:\ProgramData\WindowsMediaCenter\Driver.ico 0.3s C:\Driver.10.exe 0.4s C:\ProgramData\WindowsMediaCenter\EamClean.ico 0.5s C:\EamClean.log.exe 0.5s C:\ProgramData\WindowsMediaCenter\error.ico 0.7s C:\error.txt.exe 0.7s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 0.8s C:\F5SLAS.BIN.exe 0.8s C:\ProgramData\WindowsMediaCenter\Finish.ico 1.0s C:\Finish.log.exe 1.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 1.2s C:\igoogle_log.txt.exe 1.2s C:\ProgramData\WindowsMediaCenter\inject.ico 1.4s C:\inject.log.exe 1.4s C:\ProgramData\WindowsMediaCenter\inject.log.ico 1.5s C:\inject.log.txt.exe 1.6s C:\ProgramData\WindowsMediaCenter\IO.ico 1.8s C:\IO.SYS.exe 1.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 1.9s C:\MSDOS.SYS.exe 2.0s C:\ProgramData\WindowsMediaCenter\NERO.ico 2.2s C:\NERO.LOG.exe 2.2s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 2.3s C:\NIS2009.TXT.exe 2.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 2.4s C:\OFFICE2007_A.TXT.exe 2.5s C:\ProgramData\WindowsMediaCenter\Pass.ico 2.6s C:\Pass.txt.exe 28.8s C:\ProgramData\WindowsMediaCenter\Patch.ico 28.9s C:\Patch.LOG.exe 28.9s C:\ProgramData\WindowsMediaCenter\READER_A.ico 29.1s C:\READER_A.TXT.exe 29.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 29.2s C:\RECOVERY.DAT.exe 29.2s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 29.3s C:\RHDSetup.log.exe 29.3s C:\ProgramData\WindowsMediaCenter\store.ico 29.5s C:\store.log.exe 29.5s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 29.6s C:\SumHidd.txt.exe 29.6s C:\ProgramData\WindowsMediaCenter\SumOS.ico 29.7s C:\SumOS.txt.exe 29.8s C:\ProgramData\WindowsMediaCenter\user.ico 29.9s C:\user.js.exe 29.9s C:\ProgramData\WindowsMediaCenter\V554.ico 30.1s C:\V554.txt.exe 30.1s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 30.2s C:\VundoFix.txt.exe 30.3s C:\ProgramData\WindowsMediaCenter\WarRock.ico 30.5s C:\WarRock.ini.exe 30.5s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 30.6s C:\WindowsLive_A.TXT.exe 34.1s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 34.3s C:\$RECYCLE.BIN.exe 34.5s C:\AdwCleaner.exe 34.7s C:\ASUS.SYS.exe 35.3s C:\AvaCam.exe 35.6s C:\bwinPoker.exe 36.0s C:\Edgard.exe 36.1s C:\Games.exe 36.5s C:\need for speed 2.exe 36.6s C:\PDFcreator.exe 36.8s C:\PerfLogs.exe 36.9s C:\Poker.exe 37.2s C:\Programs.exe 37.3s C:\Team17.exe 37.5s C:\TEMP.exe 37.6s C:\totalcmd.exe 38.2s C:\YDP.exe 38.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 38.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 39.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 39.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 40.2s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 40.5s C:\Users\Tommy\AppData\Roaming\Random\ 40.5s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 40.7s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 41.1s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 41.6s C:\Users\Tommy\AppData\Roaming\Random\Default\ 41.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 41.7s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 42.6s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 42.8s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 42.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 43.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 43.8s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 44.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 44.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 48.4s C:\ProgramData\WindowsMediaCenter\Ie.ico 49.3s C:\ProgramData\WindowsMediaCenter\Image.ico 50.4s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 50.6s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 50.7s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 50.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\EamClean.log.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:58) Entropy . . . . . : 4.3 SHA-256 . . . . . : ABA1BBC9EA28264EE4CE571D9D2815E13C1AF90B7A259CADD10F4D11EE4033D5 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -9.1s C:\WindowsMediaCenter\ -9.1s C:\ProgramData\WindowsMediaCenter\ -7.4s C:\ProgramData\WindowsMediaCenter\.ico -2.1s C:\.rnd.exe -2.1s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -1.9s C:\aaw7boot.log.exe -1.9s C:\ProgramData\WindowsMediaCenter\app3.ico -1.7s C:\app3.LOG.exe -1.7s C:\ProgramData\WindowsMediaCenter\autoexec.ico -1.5s C:\autoexec.bat.exe -1.4s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -1.2s C:\bootmgr.exe -1.2s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -1.0s C:\BOOTSECT.BAK.exe -1.0s C:\ProgramData\WindowsMediaCenter\CA21.ico -0.8s C:\CA21.txt.exe -0.8s C:\ProgramData\WindowsMediaCenter\config.ico -0.7s C:\config.sys.exe -0.7s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -0.5s C:\ctapi_out_gr.txt.exe -0.5s C:\ProgramData\WindowsMediaCenter\devlist.ico -0.3s C:\devlist.txt.exe -0.3s C:\ProgramData\WindowsMediaCenter\Driver.ico -0.2s C:\Driver.10.exe -0.1s C:\ProgramData\WindowsMediaCenter\EamClean.ico 0.0s C:\EamClean.log.exe 0.0s C:\ProgramData\WindowsMediaCenter\error.ico 0.1s C:\error.txt.exe 0.2s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico 0.3s C:\F5SLAS.BIN.exe 0.3s C:\ProgramData\WindowsMediaCenter\Finish.ico 0.4s C:\Finish.log.exe 0.6s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 0.7s C:\igoogle_log.txt.exe 0.7s C:\ProgramData\WindowsMediaCenter\inject.ico 0.9s C:\inject.log.exe 0.9s C:\ProgramData\WindowsMediaCenter\inject.log.ico 1.0s C:\inject.log.txt.exe 1.0s C:\ProgramData\WindowsMediaCenter\IO.ico 1.3s C:\IO.SYS.exe 1.3s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 1.4s C:\MSDOS.SYS.exe 1.4s C:\ProgramData\WindowsMediaCenter\NERO.ico 1.7s C:\NERO.LOG.exe 1.7s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 1.8s C:\NIS2009.TXT.exe 1.8s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 1.9s C:\OFFICE2007_A.TXT.exe 1.9s C:\ProgramData\WindowsMediaCenter\Pass.ico 2.1s C:\Pass.txt.exe 28.3s C:\ProgramData\WindowsMediaCenter\Patch.ico 28.4s C:\Patch.LOG.exe 28.4s C:\ProgramData\WindowsMediaCenter\READER_A.ico 28.5s C:\READER_A.TXT.exe 28.6s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 28.7s C:\RECOVERY.DAT.exe 28.7s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 28.8s C:\RHDSetup.log.exe 28.8s C:\ProgramData\WindowsMediaCenter\store.ico 28.9s C:\store.log.exe 29.0s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 29.1s C:\SumHidd.txt.exe 29.1s C:\ProgramData\WindowsMediaCenter\SumOS.ico 29.2s C:\SumOS.txt.exe 29.2s C:\ProgramData\WindowsMediaCenter\user.ico 29.4s C:\user.js.exe 29.4s C:\ProgramData\WindowsMediaCenter\V554.ico 29.6s C:\V554.txt.exe 29.6s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 29.7s C:\VundoFix.txt.exe 29.8s C:\ProgramData\WindowsMediaCenter\WarRock.ico 29.9s C:\WarRock.ini.exe 30.0s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 30.1s C:\WindowsLive_A.TXT.exe 33.6s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 33.8s C:\$RECYCLE.BIN.exe 33.9s C:\AdwCleaner.exe 34.2s C:\ASUS.SYS.exe 34.7s C:\AvaCam.exe 35.1s C:\bwinPoker.exe 35.5s C:\Edgard.exe 35.6s C:\Games.exe 35.9s C:\need for speed 2.exe 36.1s C:\PDFcreator.exe 36.2s C:\PerfLogs.exe 36.4s C:\Poker.exe 36.7s C:\Programs.exe 36.8s C:\Team17.exe 36.9s C:\TEMP.exe 37.1s C:\totalcmd.exe 37.7s C:\YDP.exe 38.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 38.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 38.4s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 38.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 39.7s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 40.0s C:\Users\Tommy\AppData\Roaming\Random\ 40.0s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 40.2s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 40.6s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 41.1s C:\Users\Tommy\AppData\Roaming\Random\Default\ 41.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 41.2s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 42.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 42.3s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 42.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 43.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 43.3s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 43.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 43.9s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 47.9s C:\ProgramData\WindowsMediaCenter\Ie.ico 48.8s C:\ProgramData\WindowsMediaCenter\Image.ico 49.9s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 50.1s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 50.2s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 50.3s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Edgard.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:34) Entropy . . . . . : 4.8 SHA-256 . . . . . : 78EC87F2358C3B3667EDE9DD05AD719092AC1646F48FE7EB09A6A5A0328EA3E2 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -44.6s C:\WindowsMediaCenter\ -44.6s C:\ProgramData\WindowsMediaCenter\ -42.9s C:\ProgramData\WindowsMediaCenter\.ico -37.6s C:\.rnd.exe -37.6s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -37.4s C:\aaw7boot.log.exe -37.3s C:\ProgramData\WindowsMediaCenter\app3.ico -37.2s C:\app3.LOG.exe -37.2s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.0s C:\autoexec.bat.exe -36.9s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -36.7s C:\bootmgr.exe -36.7s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -36.5s C:\BOOTSECT.BAK.exe -36.5s C:\ProgramData\WindowsMediaCenter\CA21.ico -36.3s C:\CA21.txt.exe -36.3s C:\ProgramData\WindowsMediaCenter\config.ico -36.2s C:\config.sys.exe -36.2s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.0s C:\ctapi_out_gr.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\devlist.ico -35.8s C:\devlist.txt.exe -35.8s C:\ProgramData\WindowsMediaCenter\Driver.ico -35.7s C:\Driver.10.exe -35.6s C:\ProgramData\WindowsMediaCenter\EamClean.ico -35.5s C:\EamClean.log.exe -35.5s C:\ProgramData\WindowsMediaCenter\error.ico -35.3s C:\error.txt.exe -35.3s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -35.2s C:\F5SLAS.BIN.exe -35.2s C:\ProgramData\WindowsMediaCenter\Finish.ico -35.0s C:\Finish.log.exe -34.9s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -34.8s C:\igoogle_log.txt.exe -34.8s C:\ProgramData\WindowsMediaCenter\inject.ico -34.6s C:\inject.log.exe -34.6s C:\ProgramData\WindowsMediaCenter\inject.log.ico -34.5s C:\inject.log.txt.exe -34.4s C:\ProgramData\WindowsMediaCenter\IO.ico -34.2s C:\IO.SYS.exe -34.2s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -34.1s C:\MSDOS.SYS.exe -34.0s C:\ProgramData\WindowsMediaCenter\NERO.ico -33.8s C:\NERO.LOG.exe -33.8s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -33.7s C:\NIS2009.TXT.exe -33.7s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -33.6s C:\OFFICE2007_A.TXT.exe -33.5s C:\ProgramData\WindowsMediaCenter\Pass.ico -33.4s C:\Pass.txt.exe -7.2s C:\ProgramData\WindowsMediaCenter\Patch.ico -7.1s C:\Patch.LOG.exe -7.1s C:\ProgramData\WindowsMediaCenter\READER_A.ico -6.9s C:\READER_A.TXT.exe -6.9s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -6.8s C:\RECOVERY.DAT.exe -6.8s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -6.7s C:\RHDSetup.log.exe -6.7s C:\ProgramData\WindowsMediaCenter\store.ico -6.5s C:\store.log.exe -6.5s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -6.4s C:\SumHidd.txt.exe -6.4s C:\ProgramData\WindowsMediaCenter\SumOS.ico -6.3s C:\SumOS.txt.exe -6.3s C:\ProgramData\WindowsMediaCenter\user.ico -6.1s C:\user.js.exe -6.1s C:\ProgramData\WindowsMediaCenter\V554.ico -5.9s C:\V554.txt.exe -5.9s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -5.8s C:\VundoFix.txt.exe -5.7s C:\ProgramData\WindowsMediaCenter\WarRock.ico -5.5s C:\WarRock.ini.exe -5.5s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -5.4s C:\WindowsLive_A.TXT.exe -1.9s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -1.7s C:\$RECYCLE.BIN.exe -1.5s C:\AdwCleaner.exe -1.3s C:\ASUS.SYS.exe -0.7s C:\AvaCam.exe -0.4s C:\bwinPoker.exe 0.0s C:\Edgard.exe 0.1s C:\Games.exe 0.5s C:\need for speed 2.exe 0.6s C:\PDFcreator.exe 0.8s C:\PerfLogs.exe 0.9s C:\Poker.exe 1.2s C:\Programs.exe 1.3s C:\Team17.exe 1.5s C:\TEMP.exe 1.6s C:\totalcmd.exe 2.2s C:\YDP.exe 2.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 2.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 3.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 3.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 4.2s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 4.5s C:\Users\Tommy\AppData\Roaming\Random\ 4.5s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 4.7s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 5.1s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 5.6s C:\Users\Tommy\AppData\Roaming\Random\Default\ 5.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 5.7s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 6.6s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 6.8s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 7.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 7.8s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 8.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 8.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 12.4s C:\ProgramData\WindowsMediaCenter\Ie.ico 13.3s C:\ProgramData\WindowsMediaCenter\Image.ico 14.4s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 14.6s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 14.7s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 14.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Games.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:34) Entropy . . . . . : 4.8 SHA-256 . . . . . : 81D0879A1C767149FA4D3B4B9D4B739D9D529779BFF9D0838FD84D0691844E5A > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -44.8s C:\WindowsMediaCenter\ -44.8s C:\ProgramData\WindowsMediaCenter\ -43.1s C:\ProgramData\WindowsMediaCenter\.ico -37.8s C:\.rnd.exe -37.7s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -37.5s C:\aaw7boot.log.exe -37.5s C:\ProgramData\WindowsMediaCenter\app3.ico -37.3s C:\app3.LOG.exe -37.3s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.1s C:\autoexec.bat.exe -37.1s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -36.8s C:\bootmgr.exe -36.8s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -36.6s C:\BOOTSECT.BAK.exe -36.6s C:\ProgramData\WindowsMediaCenter\CA21.ico -36.5s C:\CA21.txt.exe -36.4s C:\ProgramData\WindowsMediaCenter\config.ico -36.3s C:\config.sys.exe -36.3s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.1s C:\ctapi_out_gr.txt.exe -36.1s C:\ProgramData\WindowsMediaCenter\devlist.ico -35.9s C:\devlist.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\Driver.ico -35.8s C:\Driver.10.exe -35.7s C:\ProgramData\WindowsMediaCenter\EamClean.ico -35.6s C:\EamClean.log.exe -35.6s C:\ProgramData\WindowsMediaCenter\error.ico -35.5s C:\error.txt.exe -35.5s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -35.3s C:\F5SLAS.BIN.exe -35.3s C:\ProgramData\WindowsMediaCenter\Finish.ico -35.2s C:\Finish.log.exe -35.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -34.9s C:\igoogle_log.txt.exe -34.9s C:\ProgramData\WindowsMediaCenter\inject.ico -34.8s C:\inject.log.exe -34.7s C:\ProgramData\WindowsMediaCenter\inject.log.ico -34.6s C:\inject.log.txt.exe -34.6s C:\ProgramData\WindowsMediaCenter\IO.ico -34.3s C:\IO.SYS.exe -34.3s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -34.2s C:\MSDOS.SYS.exe -34.2s C:\ProgramData\WindowsMediaCenter\NERO.ico -34.0s C:\NERO.LOG.exe -33.9s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -33.8s C:\NIS2009.TXT.exe -33.8s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -33.7s C:\OFFICE2007_A.TXT.exe -33.7s C:\ProgramData\WindowsMediaCenter\Pass.ico -33.5s C:\Pass.txt.exe -7.4s C:\ProgramData\WindowsMediaCenter\Patch.ico -7.2s C:\Patch.LOG.exe -7.2s C:\ProgramData\WindowsMediaCenter\READER_A.ico -7.1s C:\READER_A.TXT.exe -7.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -6.9s C:\RECOVERY.DAT.exe -6.9s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -6.8s C:\RHDSetup.log.exe -6.8s C:\ProgramData\WindowsMediaCenter\store.ico -6.7s C:\store.log.exe -6.7s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -6.5s C:\SumHidd.txt.exe -6.5s C:\ProgramData\WindowsMediaCenter\SumOS.ico -6.4s C:\SumOS.txt.exe -6.4s C:\ProgramData\WindowsMediaCenter\user.ico -6.2s C:\user.js.exe -6.2s C:\ProgramData\WindowsMediaCenter\V554.ico -6.0s C:\V554.txt.exe -6.0s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -5.9s C:\VundoFix.txt.exe -5.8s C:\ProgramData\WindowsMediaCenter\WarRock.ico -5.7s C:\WarRock.ini.exe -5.7s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -5.5s C:\WindowsLive_A.TXT.exe -2.0s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -1.8s C:\$RECYCLE.BIN.exe -1.7s C:\AdwCleaner.exe -1.4s C:\ASUS.SYS.exe -0.9s C:\AvaCam.exe -0.5s C:\bwinPoker.exe -0.1s C:\Edgard.exe 0.0s C:\Games.exe 0.3s C:\need for speed 2.exe 0.5s C:\PDFcreator.exe 0.6s C:\PerfLogs.exe 0.8s C:\Poker.exe 1.0s C:\Programs.exe 1.2s C:\Team17.exe 1.3s C:\TEMP.exe 1.5s C:\totalcmd.exe 2.1s C:\YDP.exe 2.4s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 2.4s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 2.8s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 3.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 4.1s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 4.4s C:\Users\Tommy\AppData\Roaming\Random\ 4.4s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 4.6s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 4.9s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 5.4s C:\Users\Tommy\AppData\Roaming\Random\Default\ 5.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 5.5s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 6.4s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 6.7s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.8s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 7.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 7.7s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 8.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 8.3s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 12.2s C:\ProgramData\WindowsMediaCenter\Ie.ico 13.2s C:\ProgramData\WindowsMediaCenter\Image.ico 14.3s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 14.5s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 14.5s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 14.7s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\igoogle_log.txt.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:56:59) Entropy . . . . . : 4.3 SHA-256 . . . . . : BCE44882C2ACB5CEA99872495DABAEEAABA467F9963B52796E80C2C5C210B357 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -9.8s C:\WindowsMediaCenter\ -9.8s C:\ProgramData\WindowsMediaCenter\ -8.2s C:\ProgramData\WindowsMediaCenter\.ico -2.8s C:\.rnd.exe -2.8s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -2.6s C:\aaw7boot.log.exe -2.6s C:\ProgramData\WindowsMediaCenter\app3.ico -2.4s C:\app3.LOG.exe -2.4s C:\ProgramData\WindowsMediaCenter\autoexec.ico -2.2s C:\autoexec.bat.exe -2.2s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -1.9s C:\bootmgr.exe -1.9s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -1.7s C:\BOOTSECT.BAK.exe -1.7s C:\ProgramData\WindowsMediaCenter\CA21.ico -1.5s C:\CA21.txt.exe -1.5s C:\ProgramData\WindowsMediaCenter\config.ico -1.4s C:\config.sys.exe -1.4s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -1.2s C:\ctapi_out_gr.txt.exe -1.2s C:\ProgramData\WindowsMediaCenter\devlist.ico -1.0s C:\devlist.txt.exe -1.0s C:\ProgramData\WindowsMediaCenter\Driver.ico -0.9s C:\Driver.10.exe -0.8s C:\ProgramData\WindowsMediaCenter\EamClean.ico -0.7s C:\EamClean.log.exe -0.7s C:\ProgramData\WindowsMediaCenter\error.ico -0.6s C:\error.txt.exe -0.5s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -0.4s C:\F5SLAS.BIN.exe -0.4s C:\ProgramData\WindowsMediaCenter\Finish.ico -0.3s C:\Finish.log.exe -0.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico 0.0s C:\igoogle_log.txt.exe 0.0s C:\ProgramData\WindowsMediaCenter\inject.ico 0.2s C:\inject.log.exe 0.2s C:\ProgramData\WindowsMediaCenter\inject.log.ico 0.3s C:\inject.log.txt.exe 0.3s C:\ProgramData\WindowsMediaCenter\IO.ico 0.6s C:\IO.SYS.exe 0.6s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 0.7s C:\MSDOS.SYS.exe 0.7s C:\ProgramData\WindowsMediaCenter\NERO.ico 1.0s C:\NERO.LOG.exe 1.0s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 1.1s C:\NIS2009.TXT.exe 1.1s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 1.2s C:\OFFICE2007_A.TXT.exe 1.2s C:\ProgramData\WindowsMediaCenter\Pass.ico 1.4s C:\Pass.txt.exe 27.6s C:\ProgramData\WindowsMediaCenter\Patch.ico 27.7s C:\Patch.LOG.exe 27.7s C:\ProgramData\WindowsMediaCenter\READER_A.ico 27.8s C:\READER_A.TXT.exe 27.9s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 28.0s C:\RECOVERY.DAT.exe 28.0s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 28.1s C:\RHDSetup.log.exe 28.1s C:\ProgramData\WindowsMediaCenter\store.ico 28.2s C:\store.log.exe 28.3s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 28.4s C:\SumHidd.txt.exe 28.4s C:\ProgramData\WindowsMediaCenter\SumOS.ico 28.5s C:\SumOS.txt.exe 28.5s C:\ProgramData\WindowsMediaCenter\user.ico 28.7s C:\user.js.exe 28.7s C:\ProgramData\WindowsMediaCenter\V554.ico 28.9s C:\V554.txt.exe 28.9s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 29.0s C:\VundoFix.txt.exe 29.1s C:\ProgramData\WindowsMediaCenter\WarRock.ico 29.2s C:\WarRock.ini.exe 29.3s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 29.4s C:\WindowsLive_A.TXT.exe 32.9s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 33.1s C:\$RECYCLE.BIN.exe 33.2s C:\AdwCleaner.exe 33.5s C:\ASUS.SYS.exe 34.0s C:\AvaCam.exe 34.4s C:\bwinPoker.exe 34.8s C:\Edgard.exe 34.9s C:\Games.exe 35.2s C:\need for speed 2.exe 35.4s C:\PDFcreator.exe 35.5s C:\PerfLogs.exe 35.7s C:\Poker.exe 36.0s C:\Programs.exe 36.1s C:\Team17.exe 36.2s C:\TEMP.exe 36.4s C:\totalcmd.exe 37.0s C:\YDP.exe 37.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 37.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 37.7s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 37.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 39.0s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 39.3s C:\Users\Tommy\AppData\Roaming\Random\ 39.3s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 39.5s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 39.9s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 40.4s C:\Users\Tommy\AppData\Roaming\Random\Default\ 40.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 40.5s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 41.4s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 41.6s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 41.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 42.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 42.6s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 42.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 43.2s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 47.2s C:\ProgramData\WindowsMediaCenter\Ie.ico 48.1s C:\ProgramData\WindowsMediaCenter\Image.ico 49.2s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 49.4s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 49.5s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 49.6s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\IO.SYS.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:00) Entropy . . . . . : 4.5 SHA-256 . . . . . : D5B517B57B8F0AA620A6FCEA7F35715AAB95311B5741E5E93CDBC9E043875BAC > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -10.4s C:\WindowsMediaCenter\ -10.4s C:\ProgramData\WindowsMediaCenter\ -8.7s C:\ProgramData\WindowsMediaCenter\.ico -3.4s C:\.rnd.exe -3.4s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -3.2s C:\aaw7boot.log.exe -3.1s C:\ProgramData\WindowsMediaCenter\app3.ico -3.0s C:\app3.LOG.exe -3.0s C:\ProgramData\WindowsMediaCenter\autoexec.ico -2.8s C:\autoexec.bat.exe -2.7s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -2.5s C:\bootmgr.exe -2.5s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -2.3s C:\BOOTSECT.BAK.exe -2.3s C:\ProgramData\WindowsMediaCenter\CA21.ico -2.1s C:\CA21.txt.exe -2.1s C:\ProgramData\WindowsMediaCenter\config.ico -2.0s C:\config.sys.exe -2.0s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -1.8s C:\ctapi_out_gr.txt.exe -1.8s C:\ProgramData\WindowsMediaCenter\devlist.ico -1.6s C:\devlist.txt.exe -1.6s C:\ProgramData\WindowsMediaCenter\Driver.ico -1.5s C:\Driver.10.exe -1.4s C:\ProgramData\WindowsMediaCenter\EamClean.ico -1.3s C:\EamClean.log.exe -1.3s C:\ProgramData\WindowsMediaCenter\error.ico -1.2s C:\error.txt.exe -1.1s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -1.0s C:\F5SLAS.BIN.exe -1.0s C:\ProgramData\WindowsMediaCenter\Finish.ico -0.8s C:\Finish.log.exe -0.7s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -0.6s C:\igoogle_log.txt.exe -0.6s C:\ProgramData\WindowsMediaCenter\inject.ico -0.4s C:\inject.log.exe -0.4s C:\ProgramData\WindowsMediaCenter\inject.log.ico -0.3s C:\inject.log.txt.exe -0.3s C:\ProgramData\WindowsMediaCenter\IO.ico 0.0s C:\IO.SYS.exe 0.0s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 0.1s C:\MSDOS.SYS.exe 0.2s C:\ProgramData\WindowsMediaCenter\NERO.ico 0.4s C:\NERO.LOG.exe 0.4s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 0.5s C:\NIS2009.TXT.exe 0.5s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 0.6s C:\OFFICE2007_A.TXT.exe 0.6s C:\ProgramData\WindowsMediaCenter\Pass.ico 0.8s C:\Pass.txt.exe 27.0s C:\ProgramData\WindowsMediaCenter\Patch.ico 27.1s C:\Patch.LOG.exe 27.1s C:\ProgramData\WindowsMediaCenter\READER_A.ico 27.3s C:\READER_A.TXT.exe 27.3s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 27.4s C:\RECOVERY.DAT.exe 27.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 27.5s C:\RHDSetup.log.exe 27.5s C:\ProgramData\WindowsMediaCenter\store.ico 27.7s C:\store.log.exe 27.7s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 27.8s C:\SumHidd.txt.exe 27.8s C:\ProgramData\WindowsMediaCenter\SumOS.ico 27.9s C:\SumOS.txt.exe 27.9s C:\ProgramData\WindowsMediaCenter\user.ico 28.1s C:\user.js.exe 28.1s C:\ProgramData\WindowsMediaCenter\V554.ico 28.3s C:\V554.txt.exe 28.3s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 28.4s C:\VundoFix.txt.exe 28.5s C:\ProgramData\WindowsMediaCenter\WarRock.ico 28.6s C:\WarRock.ini.exe 28.7s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 28.8s C:\WindowsLive_A.TXT.exe 32.3s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 32.5s C:\$RECYCLE.BIN.exe 32.6s C:\AdwCleaner.exe 32.9s C:\ASUS.SYS.exe 33.4s C:\AvaCam.exe 33.8s C:\bwinPoker.exe 34.2s C:\Edgard.exe 34.3s C:\Games.exe 34.6s C:\need for speed 2.exe 34.8s C:\PDFcreator.exe 35.0s C:\PerfLogs.exe 35.1s C:\Poker.exe 35.4s C:\Programs.exe 35.5s C:\Team17.exe 35.6s C:\TEMP.exe 35.8s C:\totalcmd.exe 36.4s C:\YDP.exe 36.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 36.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 37.2s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 37.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 38.4s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 38.7s C:\Users\Tommy\AppData\Roaming\Random\ 38.7s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 38.9s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 39.3s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 39.8s C:\Users\Tommy\AppData\Roaming\Random\Default\ 39.8s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 39.9s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 40.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 41.0s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 41.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 41.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 42.0s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 42.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 42.7s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 46.6s C:\ProgramData\WindowsMediaCenter\Ie.ico 47.5s C:\ProgramData\WindowsMediaCenter\Image.ico 48.6s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 48.8s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 48.9s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 49.0s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\MSDOS.SYS.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:00) Entropy . . . . . : 4.5 SHA-256 . . . . . : C3D7CA6B7BB75D9B460E6A683D932D7493B0F33419723112E706B16A397545FD > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -10.6s C:\WindowsMediaCenter\ -10.6s C:\ProgramData\WindowsMediaCenter\ -8.9s C:\ProgramData\WindowsMediaCenter\.ico -3.6s C:\.rnd.exe -3.5s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -3.3s C:\aaw7boot.log.exe -3.3s C:\ProgramData\WindowsMediaCenter\app3.ico -3.1s C:\app3.LOG.exe -3.1s C:\ProgramData\WindowsMediaCenter\autoexec.ico -3.0s C:\autoexec.bat.exe -2.9s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -2.6s C:\bootmgr.exe -2.6s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -2.4s C:\BOOTSECT.BAK.exe -2.4s C:\ProgramData\WindowsMediaCenter\CA21.ico -2.3s C:\CA21.txt.exe -2.2s C:\ProgramData\WindowsMediaCenter\config.ico -2.1s C:\config.sys.exe -2.1s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -1.9s C:\ctapi_out_gr.txt.exe -1.9s C:\ProgramData\WindowsMediaCenter\devlist.ico -1.8s C:\devlist.txt.exe -1.7s C:\ProgramData\WindowsMediaCenter\Driver.ico -1.6s C:\Driver.10.exe -1.5s C:\ProgramData\WindowsMediaCenter\EamClean.ico -1.4s C:\EamClean.log.exe -1.4s C:\ProgramData\WindowsMediaCenter\error.ico -1.3s C:\error.txt.exe -1.3s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -1.1s C:\F5SLAS.BIN.exe -1.1s C:\ProgramData\WindowsMediaCenter\Finish.ico -1.0s C:\Finish.log.exe -0.9s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -0.7s C:\igoogle_log.txt.exe -0.7s C:\ProgramData\WindowsMediaCenter\inject.ico -0.6s C:\inject.log.exe -0.5s C:\ProgramData\WindowsMediaCenter\inject.log.ico -0.4s C:\inject.log.txt.exe -0.4s C:\ProgramData\WindowsMediaCenter\IO.ico -0.1s C:\IO.SYS.exe -0.1s C:\ProgramData\WindowsMediaCenter\MSDOS.ico 0.0s C:\MSDOS.SYS.exe 0.0s C:\ProgramData\WindowsMediaCenter\NERO.ico 0.2s C:\NERO.LOG.exe 0.2s C:\ProgramData\WindowsMediaCenter\NIS2009.ico 0.4s C:\NIS2009.TXT.exe 0.4s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico 0.5s C:\OFFICE2007_A.TXT.exe 0.5s C:\ProgramData\WindowsMediaCenter\Pass.ico 0.6s C:\Pass.txt.exe 26.8s C:\ProgramData\WindowsMediaCenter\Patch.ico 27.0s C:\Patch.LOG.exe 27.0s C:\ProgramData\WindowsMediaCenter\READER_A.ico 27.1s C:\READER_A.TXT.exe 27.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 27.3s C:\RECOVERY.DAT.exe 27.3s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 27.4s C:\RHDSetup.log.exe 27.4s C:\ProgramData\WindowsMediaCenter\store.ico 27.5s C:\store.log.exe 27.5s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 27.6s C:\SumHidd.txt.exe 27.7s C:\ProgramData\WindowsMediaCenter\SumOS.ico 27.8s C:\SumOS.txt.exe 27.8s C:\ProgramData\WindowsMediaCenter\user.ico 28.0s C:\user.js.exe 28.0s C:\ProgramData\WindowsMediaCenter\V554.ico 28.2s C:\V554.txt.exe 28.2s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 28.3s C:\VundoFix.txt.exe 28.4s C:\ProgramData\WindowsMediaCenter\WarRock.ico 28.5s C:\WarRock.ini.exe 28.5s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 28.7s C:\WindowsLive_A.TXT.exe 32.2s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 32.4s C:\$RECYCLE.BIN.exe 32.5s C:\AdwCleaner.exe 32.8s C:\ASUS.SYS.exe 33.3s C:\AvaCam.exe 33.7s C:\bwinPoker.exe 34.1s C:\Edgard.exe 34.2s C:\Games.exe 34.5s C:\need for speed 2.exe 34.7s C:\PDFcreator.exe 34.8s C:\PerfLogs.exe 35.0s C:\Poker.exe 35.2s C:\Programs.exe 35.4s C:\Team17.exe 35.5s C:\TEMP.exe 35.7s C:\totalcmd.exe 36.3s C:\YDP.exe 36.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 36.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 37.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 37.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 38.3s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 38.6s C:\Users\Tommy\AppData\Roaming\Random\ 38.6s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 38.8s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 39.1s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 39.6s C:\Users\Tommy\AppData\Roaming\Random\Default\ 39.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 39.7s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 40.6s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 40.9s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 41.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 41.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 41.9s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 42.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 42.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 46.4s C:\ProgramData\WindowsMediaCenter\Ie.ico 47.4s C:\ProgramData\WindowsMediaCenter\Image.ico 48.5s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 48.7s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 48.7s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 48.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\need for speed 2.exe Size . . . . . . . : 8.192 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:34) Entropy . . . . . : 4.6 SHA-256 . . . . . : 817C35B9C9C2E9648853A4E3F42DE10D8AF385C825E1AFBDDD70F015793EA98F > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -45.1s C:\WindowsMediaCenter\ -45.1s C:\ProgramData\WindowsMediaCenter\ -43.4s C:\ProgramData\WindowsMediaCenter\.ico -38.1s C:\.rnd.exe -38.0s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -37.8s C:\aaw7boot.log.exe -37.8s C:\ProgramData\WindowsMediaCenter\app3.ico -37.7s C:\app3.LOG.exe -37.6s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.5s C:\autoexec.bat.exe -37.4s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -37.1s C:\bootmgr.exe -37.1s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -36.9s C:\BOOTSECT.BAK.exe -36.9s C:\ProgramData\WindowsMediaCenter\CA21.ico -36.8s C:\CA21.txt.exe -36.8s C:\ProgramData\WindowsMediaCenter\config.ico -36.6s C:\config.sys.exe -36.6s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.5s C:\ctapi_out_gr.txt.exe -36.4s C:\ProgramData\WindowsMediaCenter\devlist.ico -36.3s C:\devlist.txt.exe -36.2s C:\ProgramData\WindowsMediaCenter\Driver.ico -36.1s C:\Driver.10.exe -36.1s C:\ProgramData\WindowsMediaCenter\EamClean.ico -35.9s C:\EamClean.log.exe -35.9s C:\ProgramData\WindowsMediaCenter\error.ico -35.8s C:\error.txt.exe -35.8s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -35.7s C:\F5SLAS.BIN.exe -35.6s C:\ProgramData\WindowsMediaCenter\Finish.ico -35.5s C:\Finish.log.exe -35.4s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -35.2s C:\igoogle_log.txt.exe -35.2s C:\ProgramData\WindowsMediaCenter\inject.ico -35.1s C:\inject.log.exe -35.0s C:\ProgramData\WindowsMediaCenter\inject.log.ico -34.9s C:\inject.log.txt.exe -34.9s C:\ProgramData\WindowsMediaCenter\IO.ico -34.6s C:\IO.SYS.exe -34.6s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -34.5s C:\MSDOS.SYS.exe -34.5s C:\ProgramData\WindowsMediaCenter\NERO.ico -34.3s C:\NERO.LOG.exe -34.3s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -34.2s C:\NIS2009.TXT.exe -34.1s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.0s C:\OFFICE2007_A.TXT.exe -34.0s C:\ProgramData\WindowsMediaCenter\Pass.ico -33.9s C:\Pass.txt.exe -7.7s C:\ProgramData\WindowsMediaCenter\Patch.ico -7.5s C:\Patch.LOG.exe -7.5s C:\ProgramData\WindowsMediaCenter\READER_A.ico -7.4s C:\READER_A.TXT.exe -7.4s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -7.3s C:\RECOVERY.DAT.exe -7.2s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -7.1s C:\RHDSetup.log.exe -7.1s C:\ProgramData\WindowsMediaCenter\store.ico -7.0s C:\store.log.exe -7.0s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -6.9s C:\SumHidd.txt.exe -6.8s C:\ProgramData\WindowsMediaCenter\SumOS.ico -6.7s C:\SumOS.txt.exe -6.7s C:\ProgramData\WindowsMediaCenter\user.ico -6.5s C:\user.js.exe -6.5s C:\ProgramData\WindowsMediaCenter\V554.ico -6.4s C:\V554.txt.exe -6.3s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -6.2s C:\VundoFix.txt.exe -6.1s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.0s C:\WarRock.ini.exe -6.0s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -5.8s C:\WindowsLive_A.TXT.exe -2.3s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -2.2s C:\$RECYCLE.BIN.exe -2.0s C:\AdwCleaner.exe -1.7s C:\ASUS.SYS.exe -1.2s C:\AvaCam.exe -0.8s C:\bwinPoker.exe -0.5s C:\Edgard.exe -0.3s C:\Games.exe 0.0s C:\need for speed 2.exe 0.2s C:\PDFcreator.exe 0.3s C:\PerfLogs.exe 0.5s C:\Poker.exe 0.7s C:\Programs.exe 0.9s C:\Team17.exe 1.0s C:\TEMP.exe 1.2s C:\totalcmd.exe 1.8s C:\YDP.exe 2.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 2.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 2.5s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 2.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 3.8s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 4.1s C:\Users\Tommy\AppData\Roaming\Random\ 4.1s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 4.3s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 4.6s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 5.1s C:\Users\Tommy\AppData\Roaming\Random\Default\ 5.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 5.2s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 6.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 6.3s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 7.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 7.4s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 7.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 8.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.9s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.8s C:\ProgramData\WindowsMediaCenter\Image.ico 13.9s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 14.2s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 14.2s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 14.4s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\PDFcreator.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : 21D4C03711CD35640626D1C2BAF2A33435C94073EF3EBEB2145D4649614B7404 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -45.3s C:\WindowsMediaCenter\ -45.2s C:\ProgramData\WindowsMediaCenter\ -43.6s C:\ProgramData\WindowsMediaCenter\.ico -38.2s C:\.rnd.exe -38.2s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.0s C:\aaw7boot.log.exe -38.0s C:\ProgramData\WindowsMediaCenter\app3.ico -37.8s C:\app3.LOG.exe -37.8s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.6s C:\autoexec.bat.exe -37.6s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -37.3s C:\bootmgr.exe -37.3s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.1s C:\BOOTSECT.BAK.exe -37.1s C:\ProgramData\WindowsMediaCenter\CA21.ico -36.9s C:\CA21.txt.exe -36.9s C:\ProgramData\WindowsMediaCenter\config.ico -36.8s C:\config.sys.exe -36.8s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.6s C:\ctapi_out_gr.txt.exe -36.6s C:\ProgramData\WindowsMediaCenter\devlist.ico -36.4s C:\devlist.txt.exe -36.4s C:\ProgramData\WindowsMediaCenter\Driver.ico -36.3s C:\Driver.10.exe -36.2s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.1s C:\EamClean.log.exe -36.1s C:\ProgramData\WindowsMediaCenter\error.ico -36.0s C:\error.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -35.8s C:\F5SLAS.BIN.exe -35.8s C:\ProgramData\WindowsMediaCenter\Finish.ico -35.7s C:\Finish.log.exe -35.5s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -35.4s C:\igoogle_log.txt.exe -35.4s C:\ProgramData\WindowsMediaCenter\inject.ico -35.2s C:\inject.log.exe -35.2s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.1s C:\inject.log.txt.exe -35.1s C:\ProgramData\WindowsMediaCenter\IO.ico -34.8s C:\IO.SYS.exe -34.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -34.7s C:\MSDOS.SYS.exe -34.7s C:\ProgramData\WindowsMediaCenter\NERO.ico -34.4s C:\NERO.LOG.exe -34.4s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -34.3s C:\NIS2009.TXT.exe -34.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.2s C:\OFFICE2007_A.TXT.exe -34.2s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.0s C:\Pass.txt.exe -7.8s C:\ProgramData\WindowsMediaCenter\Patch.ico -7.7s C:\Patch.LOG.exe -7.7s C:\ProgramData\WindowsMediaCenter\READER_A.ico -7.6s C:\READER_A.TXT.exe -7.5s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -7.4s C:\RECOVERY.DAT.exe -7.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -7.3s C:\RHDSetup.log.exe -7.3s C:\ProgramData\WindowsMediaCenter\store.ico -7.2s C:\store.log.exe -7.1s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.0s C:\SumHidd.txt.exe -7.0s C:\ProgramData\WindowsMediaCenter\SumOS.ico -6.9s C:\SumOS.txt.exe -6.9s C:\ProgramData\WindowsMediaCenter\user.ico -6.7s C:\user.js.exe -6.7s C:\ProgramData\WindowsMediaCenter\V554.ico -6.5s C:\V554.txt.exe -6.5s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -6.4s C:\VundoFix.txt.exe -6.3s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.2s C:\WarRock.ini.exe -6.1s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.0s C:\WindowsLive_A.TXT.exe -2.5s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -2.3s C:\$RECYCLE.BIN.exe -2.2s C:\AdwCleaner.exe -1.9s C:\ASUS.SYS.exe -1.4s C:\AvaCam.exe -1.0s C:\bwinPoker.exe -0.6s C:\Edgard.exe -0.5s C:\Games.exe -0.2s C:\need for speed 2.exe 0.0s C:\PDFcreator.exe 0.1s C:\PerfLogs.exe 0.3s C:\Poker.exe 0.6s C:\Programs.exe 0.7s C:\Team17.exe 0.8s C:\TEMP.exe 1.0s C:\totalcmd.exe 1.6s C:\YDP.exe 1.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 2.3s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 2.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 3.6s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.9s C:\Users\Tommy\AppData\Roaming\Random\ 3.9s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 4.1s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 4.5s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 5.0s C:\Users\Tommy\AppData\Roaming\Random\Default\ 5.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 5.1s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 6.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 6.2s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 7.2s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 7.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.8s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.7s C:\ProgramData\WindowsMediaCenter\Image.ico 13.8s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 14.0s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 14.1s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 14.2s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\PerfLogs.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : 58957F5410D90FF601BCEC53DBBAE29216F723C279BD1FB97C55C207D5567EAF > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -45.4s C:\WindowsMediaCenter\ -45.4s C:\ProgramData\WindowsMediaCenter\ -43.7s C:\ProgramData\WindowsMediaCenter\.ico -38.4s C:\.rnd.exe -38.3s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.1s C:\aaw7boot.log.exe -38.1s C:\ProgramData\WindowsMediaCenter\app3.ico -38.0s C:\app3.LOG.exe -37.9s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.8s C:\autoexec.bat.exe -37.7s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -37.5s C:\bootmgr.exe -37.4s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.2s C:\BOOTSECT.BAK.exe -37.2s C:\ProgramData\WindowsMediaCenter\CA21.ico -37.1s C:\CA21.txt.exe -37.1s C:\ProgramData\WindowsMediaCenter\config.ico -36.9s C:\config.sys.exe -36.9s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.8s C:\ctapi_out_gr.txt.exe -36.7s C:\ProgramData\WindowsMediaCenter\devlist.ico -36.6s C:\devlist.txt.exe -36.6s C:\ProgramData\WindowsMediaCenter\Driver.ico -36.4s C:\Driver.10.exe -36.4s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.2s C:\EamClean.log.exe -36.2s C:\ProgramData\WindowsMediaCenter\error.ico -36.1s C:\error.txt.exe -36.1s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.0s C:\F5SLAS.BIN.exe -35.9s C:\ProgramData\WindowsMediaCenter\Finish.ico -35.8s C:\Finish.log.exe -35.7s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -35.5s C:\igoogle_log.txt.exe -35.5s C:\ProgramData\WindowsMediaCenter\inject.ico -35.4s C:\inject.log.exe -35.3s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.2s C:\inject.log.txt.exe -35.2s C:\ProgramData\WindowsMediaCenter\IO.ico -35.0s C:\IO.SYS.exe -34.9s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -34.8s C:\MSDOS.SYS.exe -34.8s C:\ProgramData\WindowsMediaCenter\NERO.ico -34.6s C:\NERO.LOG.exe -34.6s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -34.5s C:\NIS2009.TXT.exe -34.4s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.3s C:\OFFICE2007_A.TXT.exe -34.3s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.2s C:\Pass.txt.exe -8.0s C:\ProgramData\WindowsMediaCenter\Patch.ico -7.8s C:\Patch.LOG.exe -7.8s C:\ProgramData\WindowsMediaCenter\READER_A.ico -7.7s C:\READER_A.TXT.exe -7.7s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -7.6s C:\RECOVERY.DAT.exe -7.5s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -7.4s C:\RHDSetup.log.exe -7.4s C:\ProgramData\WindowsMediaCenter\store.ico -7.3s C:\store.log.exe -7.3s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.2s C:\SumHidd.txt.exe -7.1s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.0s C:\SumOS.txt.exe -7.0s C:\ProgramData\WindowsMediaCenter\user.ico -6.8s C:\user.js.exe -6.8s C:\ProgramData\WindowsMediaCenter\V554.ico -6.7s C:\V554.txt.exe -6.6s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -6.5s C:\VundoFix.txt.exe -6.4s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.3s C:\WarRock.ini.exe -6.3s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.1s C:\WindowsLive_A.TXT.exe -2.6s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -2.5s C:\$RECYCLE.BIN.exe -2.3s C:\AdwCleaner.exe -2.0s C:\ASUS.SYS.exe -1.5s C:\AvaCam.exe -1.1s C:\bwinPoker.exe -0.8s C:\Edgard.exe -0.6s C:\Games.exe -0.3s C:\need for speed 2.exe -0.1s C:\PDFcreator.exe 0.0s C:\PerfLogs.exe 0.2s C:\Poker.exe 0.4s C:\Programs.exe 0.6s C:\Team17.exe 0.7s C:\TEMP.exe 0.9s C:\totalcmd.exe 1.5s C:\YDP.exe 1.8s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.8s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 2.2s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 2.4s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 3.5s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.8s C:\Users\Tommy\AppData\Roaming\Random\ 3.8s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.9s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 4.3s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 4.8s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.9s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 5.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 6.0s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.8s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 7.1s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 7.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.7s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.6s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.5s C:\ProgramData\WindowsMediaCenter\Image.ico 13.6s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.9s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.9s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 14.1s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Poker.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : F9A8A212577C2EA0E3AEB36BA60685D758D10A11DBE2B963031F7CDAA9149869 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -45.6s C:\WindowsMediaCenter\ -45.5s C:\ProgramData\WindowsMediaCenter\ -43.9s C:\ProgramData\WindowsMediaCenter\.ico -38.6s C:\.rnd.exe -38.5s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.3s C:\aaw7boot.log.exe -38.3s C:\ProgramData\WindowsMediaCenter\app3.ico -38.1s C:\app3.LOG.exe -38.1s C:\ProgramData\WindowsMediaCenter\autoexec.ico -37.9s C:\autoexec.bat.exe -37.9s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -37.6s C:\bootmgr.exe -37.6s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.4s C:\BOOTSECT.BAK.exe -37.4s C:\ProgramData\WindowsMediaCenter\CA21.ico -37.2s C:\CA21.txt.exe -37.2s C:\ProgramData\WindowsMediaCenter\config.ico -37.1s C:\config.sys.exe -37.1s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -36.9s C:\ctapi_out_gr.txt.exe -36.9s C:\ProgramData\WindowsMediaCenter\devlist.ico -36.7s C:\devlist.txt.exe -36.7s C:\ProgramData\WindowsMediaCenter\Driver.ico -36.6s C:\Driver.10.exe -36.5s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.4s C:\EamClean.log.exe -36.4s C:\ProgramData\WindowsMediaCenter\error.ico -36.3s C:\error.txt.exe -36.2s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.1s C:\F5SLAS.BIN.exe -36.1s C:\ProgramData\WindowsMediaCenter\Finish.ico -36.0s C:\Finish.log.exe -35.9s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -35.7s C:\igoogle_log.txt.exe -35.7s C:\ProgramData\WindowsMediaCenter\inject.ico -35.5s C:\inject.log.exe -35.5s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.4s C:\inject.log.txt.exe -35.4s C:\ProgramData\WindowsMediaCenter\IO.ico -35.1s C:\IO.SYS.exe -35.1s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -35.0s C:\MSDOS.SYS.exe -35.0s C:\ProgramData\WindowsMediaCenter\NERO.ico -34.8s C:\NERO.LOG.exe -34.7s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -34.6s C:\NIS2009.TXT.exe -34.6s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.5s C:\OFFICE2007_A.TXT.exe -34.5s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.3s C:\Pass.txt.exe -8.2s C:\ProgramData\WindowsMediaCenter\Patch.ico -8.0s C:\Patch.LOG.exe -8.0s C:\ProgramData\WindowsMediaCenter\READER_A.ico -7.9s C:\READER_A.TXT.exe -7.9s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -7.7s C:\RECOVERY.DAT.exe -7.7s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -7.6s C:\RHDSetup.log.exe -7.6s C:\ProgramData\WindowsMediaCenter\store.ico -7.5s C:\store.log.exe -7.5s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.3s C:\SumHidd.txt.exe -7.3s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.2s C:\SumOS.txt.exe -7.2s C:\ProgramData\WindowsMediaCenter\user.ico -7.0s C:\user.js.exe -7.0s C:\ProgramData\WindowsMediaCenter\V554.ico -6.8s C:\V554.txt.exe -6.8s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -6.7s C:\VundoFix.txt.exe -6.6s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.5s C:\WarRock.ini.exe -6.5s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.3s C:\WindowsLive_A.TXT.exe -2.8s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -2.6s C:\$RECYCLE.BIN.exe -2.5s C:\AdwCleaner.exe -2.2s C:\ASUS.SYS.exe -1.7s C:\AvaCam.exe -1.3s C:\bwinPoker.exe -0.9s C:\Edgard.exe -0.8s C:\Games.exe -0.5s C:\need for speed 2.exe -0.3s C:\PDFcreator.exe -0.2s C:\PerfLogs.exe 0.0s C:\Poker.exe 0.2s C:\Programs.exe 0.4s C:\Team17.exe 0.5s C:\TEMP.exe 0.7s C:\totalcmd.exe 1.3s C:\YDP.exe 1.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 2.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 2.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 3.3s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.6s C:\Users\Tommy\AppData\Roaming\Random\ 3.6s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.8s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 4.1s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 4.6s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.7s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 5.7s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 5.9s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 6.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 6.9s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 7.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.4s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.4s C:\ProgramData\WindowsMediaCenter\Image.ico 13.5s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.7s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.8s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 13.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Programs.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : 37E28068BAD5A5A7BBCB91197F85D06D55C37188B5AC5D9A932B9A2D9329137A > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -45.8s C:\WindowsMediaCenter\ -45.8s C:\ProgramData\WindowsMediaCenter\ -44.1s C:\ProgramData\WindowsMediaCenter\.ico -38.8s C:\.rnd.exe -38.8s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.5s C:\aaw7boot.log.exe -38.5s C:\ProgramData\WindowsMediaCenter\app3.ico -38.4s C:\app3.LOG.exe -38.3s C:\ProgramData\WindowsMediaCenter\autoexec.ico -38.2s C:\autoexec.bat.exe -38.1s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -37.9s C:\bootmgr.exe -37.8s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.6s C:\BOOTSECT.BAK.exe -37.6s C:\ProgramData\WindowsMediaCenter\CA21.ico -37.5s C:\CA21.txt.exe -37.5s C:\ProgramData\WindowsMediaCenter\config.ico -37.3s C:\config.sys.exe -37.3s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -37.2s C:\ctapi_out_gr.txt.exe -37.1s C:\ProgramData\WindowsMediaCenter\devlist.ico -37.0s C:\devlist.txt.exe -37.0s C:\ProgramData\WindowsMediaCenter\Driver.ico -36.9s C:\Driver.10.exe -36.8s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.7s C:\EamClean.log.exe -36.6s C:\ProgramData\WindowsMediaCenter\error.ico -36.5s C:\error.txt.exe -36.5s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.4s C:\F5SLAS.BIN.exe -36.4s C:\ProgramData\WindowsMediaCenter\Finish.ico -36.2s C:\Finish.log.exe -36.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -36.0s C:\igoogle_log.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\inject.ico -35.8s C:\inject.log.exe -35.7s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.6s C:\inject.log.txt.exe -35.6s C:\ProgramData\WindowsMediaCenter\IO.ico -35.4s C:\IO.SYS.exe -35.3s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -35.2s C:\MSDOS.SYS.exe -35.2s C:\ProgramData\WindowsMediaCenter\NERO.ico -35.0s C:\NERO.LOG.exe -35.0s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -34.9s C:\NIS2009.TXT.exe -34.9s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.7s C:\OFFICE2007_A.TXT.exe -34.7s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.6s C:\Pass.txt.exe -8.4s C:\ProgramData\WindowsMediaCenter\Patch.ico -8.2s C:\Patch.LOG.exe -8.2s C:\ProgramData\WindowsMediaCenter\READER_A.ico -8.1s C:\READER_A.TXT.exe -8.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -8.0s C:\RECOVERY.DAT.exe -8.0s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -7.8s C:\RHDSetup.log.exe -7.8s C:\ProgramData\WindowsMediaCenter\store.ico -7.7s C:\store.log.exe -7.7s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.6s C:\SumHidd.txt.exe -7.5s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.4s C:\SumOS.txt.exe -7.4s C:\ProgramData\WindowsMediaCenter\user.ico -7.3s C:\user.js.exe -7.2s C:\ProgramData\WindowsMediaCenter\V554.ico -7.1s C:\V554.txt.exe -7.1s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -6.9s C:\VundoFix.txt.exe -6.8s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.7s C:\WarRock.ini.exe -6.7s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.5s C:\WindowsLive_A.TXT.exe -3.0s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -2.9s C:\$RECYCLE.BIN.exe -2.7s C:\AdwCleaner.exe -2.5s C:\ASUS.SYS.exe -1.9s C:\AvaCam.exe -1.6s C:\bwinPoker.exe -1.2s C:\Edgard.exe -1.0s C:\Games.exe -0.7s C:\need for speed 2.exe -0.6s C:\PDFcreator.exe -0.4s C:\PerfLogs.exe -0.2s C:\Poker.exe 0.0s C:\Programs.exe 0.1s C:\Team17.exe 0.3s C:\TEMP.exe 0.5s C:\totalcmd.exe 1.0s C:\YDP.exe 1.4s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.4s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 1.8s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 2.0s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 3.1s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.4s C:\Users\Tommy\AppData\Roaming\Random\ 3.4s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.5s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 3.9s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 4.4s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.5s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 5.4s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 5.6s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 5.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 6.6s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 7.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.3s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.2s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.1s C:\ProgramData\WindowsMediaCenter\Image.ico 13.2s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.4s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.5s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 13.7s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\RECOVERY.DAT.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:27) Entropy . . . . . : 4.3 SHA-256 . . . . . : DA0C03AF61999E2A529D5C3F75178C7BFE3DE99EB22C7497D3322C4F6E39D673 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -37.8s C:\WindowsMediaCenter\ -37.8s C:\ProgramData\WindowsMediaCenter\ -36.1s C:\ProgramData\WindowsMediaCenter\.ico -30.8s C:\.rnd.exe -30.8s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -30.6s C:\aaw7boot.log.exe -30.5s C:\ProgramData\WindowsMediaCenter\app3.ico -30.4s C:\app3.LOG.exe -30.4s C:\ProgramData\WindowsMediaCenter\autoexec.ico -30.2s C:\autoexec.bat.exe -30.1s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -29.9s C:\bootmgr.exe -29.9s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -29.7s C:\BOOTSECT.BAK.exe -29.7s C:\ProgramData\WindowsMediaCenter\CA21.ico -29.5s C:\CA21.txt.exe -29.5s C:\ProgramData\WindowsMediaCenter\config.ico -29.4s C:\config.sys.exe -29.4s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -29.2s C:\ctapi_out_gr.txt.exe -29.1s C:\ProgramData\WindowsMediaCenter\devlist.ico -29.0s C:\devlist.txt.exe -29.0s C:\ProgramData\WindowsMediaCenter\Driver.ico -28.9s C:\Driver.10.exe -28.8s C:\ProgramData\WindowsMediaCenter\EamClean.ico -28.7s C:\EamClean.log.exe -28.7s C:\ProgramData\WindowsMediaCenter\error.ico -28.5s C:\error.txt.exe -28.5s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -28.4s C:\F5SLAS.BIN.exe -28.4s C:\ProgramData\WindowsMediaCenter\Finish.ico -28.2s C:\Finish.log.exe -28.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -28.0s C:\igoogle_log.txt.exe -28.0s C:\ProgramData\WindowsMediaCenter\inject.ico -27.8s C:\inject.log.exe -27.8s C:\ProgramData\WindowsMediaCenter\inject.log.ico -27.7s C:\inject.log.txt.exe -27.7s C:\ProgramData\WindowsMediaCenter\IO.ico -27.4s C:\IO.SYS.exe -27.4s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -27.3s C:\MSDOS.SYS.exe -27.2s C:\ProgramData\WindowsMediaCenter\NERO.ico -27.0s C:\NERO.LOG.exe -27.0s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -26.9s C:\NIS2009.TXT.exe -26.9s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -26.8s C:\OFFICE2007_A.TXT.exe -26.7s C:\ProgramData\WindowsMediaCenter\Pass.ico -26.6s C:\Pass.txt.exe -0.4s C:\ProgramData\WindowsMediaCenter\Patch.ico -0.3s C:\Patch.LOG.exe -0.3s C:\ProgramData\WindowsMediaCenter\READER_A.ico -0.1s C:\READER_A.TXT.exe -0.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico 0.0s C:\RECOVERY.DAT.exe 0.0s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico 0.1s C:\RHDSetup.log.exe 0.1s C:\ProgramData\WindowsMediaCenter\store.ico 0.3s C:\store.log.exe 0.3s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 0.4s C:\SumHidd.txt.exe 0.4s C:\ProgramData\WindowsMediaCenter\SumOS.ico 0.5s C:\SumOS.txt.exe 0.5s C:\ProgramData\WindowsMediaCenter\user.ico 0.7s C:\user.js.exe 0.7s C:\ProgramData\WindowsMediaCenter\V554.ico 0.9s C:\V554.txt.exe 0.9s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 1.0s C:\VundoFix.txt.exe 1.1s C:\ProgramData\WindowsMediaCenter\WarRock.ico 1.3s C:\WarRock.ini.exe 1.3s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 1.4s C:\WindowsLive_A.TXT.exe 4.9s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 5.1s C:\$RECYCLE.BIN.exe 5.2s C:\AdwCleaner.exe 5.5s C:\ASUS.SYS.exe 6.1s C:\AvaCam.exe 6.4s C:\bwinPoker.exe 6.8s C:\Edgard.exe 6.9s C:\Games.exe 7.3s C:\need for speed 2.exe 7.4s C:\PDFcreator.exe 7.6s C:\PerfLogs.exe 7.7s C:\Poker.exe 8.0s C:\Programs.exe 8.1s C:\Team17.exe 8.3s C:\TEMP.exe 8.4s C:\totalcmd.exe 9.0s C:\YDP.exe 9.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 9.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 9.8s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 9.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 11.0s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 11.3s C:\Users\Tommy\AppData\Roaming\Random\ 11.3s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 11.5s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 11.9s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 12.4s C:\Users\Tommy\AppData\Roaming\Random\Default\ 12.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 12.5s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 13.4s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 13.6s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 13.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 14.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 14.6s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 14.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 15.3s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 19.2s C:\ProgramData\WindowsMediaCenter\Ie.ico 20.1s C:\ProgramData\WindowsMediaCenter\Image.ico 21.2s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 21.4s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 21.5s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 21.6s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\SumHidd.txt.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:28) Entropy . . . . . : 4.3 SHA-256 . . . . . : 806DD3D5D0B9A8CECC3434326D37EBCEE02DAC7C683D83EA6EE18EB94B1A3D55 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -38.2s C:\WindowsMediaCenter\ -38.2s C:\ProgramData\WindowsMediaCenter\ -36.5s C:\ProgramData\WindowsMediaCenter\.ico -31.2s C:\.rnd.exe -31.2s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -30.9s C:\aaw7boot.log.exe -30.9s C:\ProgramData\WindowsMediaCenter\app3.ico -30.8s C:\app3.LOG.exe -30.8s C:\ProgramData\WindowsMediaCenter\autoexec.ico -30.6s C:\autoexec.bat.exe -30.5s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -30.3s C:\bootmgr.exe -30.3s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -30.1s C:\BOOTSECT.BAK.exe -30.0s C:\ProgramData\WindowsMediaCenter\CA21.ico -29.9s C:\CA21.txt.exe -29.9s C:\ProgramData\WindowsMediaCenter\config.ico -29.8s C:\config.sys.exe -29.7s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -29.6s C:\ctapi_out_gr.txt.exe -29.5s C:\ProgramData\WindowsMediaCenter\devlist.ico -29.4s C:\devlist.txt.exe -29.4s C:\ProgramData\WindowsMediaCenter\Driver.ico -29.3s C:\Driver.10.exe -29.2s C:\ProgramData\WindowsMediaCenter\EamClean.ico -29.1s C:\EamClean.log.exe -29.1s C:\ProgramData\WindowsMediaCenter\error.ico -28.9s C:\error.txt.exe -28.9s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -28.8s C:\F5SLAS.BIN.exe -28.8s C:\ProgramData\WindowsMediaCenter\Finish.ico -28.6s C:\Finish.log.exe -28.5s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -28.4s C:\igoogle_log.txt.exe -28.3s C:\ProgramData\WindowsMediaCenter\inject.ico -28.2s C:\inject.log.exe -28.2s C:\ProgramData\WindowsMediaCenter\inject.log.ico -28.1s C:\inject.log.txt.exe -28.0s C:\ProgramData\WindowsMediaCenter\IO.ico -27.8s C:\IO.SYS.exe -27.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -27.6s C:\MSDOS.SYS.exe -27.6s C:\ProgramData\WindowsMediaCenter\NERO.ico -27.4s C:\NERO.LOG.exe -27.4s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -27.3s C:\NIS2009.TXT.exe -27.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -27.1s C:\OFFICE2007_A.TXT.exe -27.1s C:\ProgramData\WindowsMediaCenter\Pass.ico -27.0s C:\Pass.txt.exe -0.8s C:\ProgramData\WindowsMediaCenter\Patch.ico -0.7s C:\Patch.LOG.exe -0.6s C:\ProgramData\WindowsMediaCenter\READER_A.ico -0.5s C:\READER_A.TXT.exe -0.5s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -0.4s C:\RECOVERY.DAT.exe -0.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -0.3s C:\RHDSetup.log.exe -0.2s C:\ProgramData\WindowsMediaCenter\store.ico -0.1s C:\store.log.exe -0.1s C:\ProgramData\WindowsMediaCenter\SumHidd.ico 0.0s C:\SumHidd.txt.exe 0.0s C:\ProgramData\WindowsMediaCenter\SumOS.ico 0.1s C:\SumOS.txt.exe 0.2s C:\ProgramData\WindowsMediaCenter\user.ico 0.3s C:\user.js.exe 0.3s C:\ProgramData\WindowsMediaCenter\V554.ico 0.5s C:\V554.txt.exe 0.5s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 0.7s C:\VundoFix.txt.exe 0.8s C:\ProgramData\WindowsMediaCenter\WarRock.ico 0.9s C:\WarRock.ini.exe 0.9s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 1.0s C:\WindowsLive_A.TXT.exe 4.5s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 4.7s C:\$RECYCLE.BIN.exe 4.9s C:\AdwCleaner.exe 5.1s C:\ASUS.SYS.exe 5.7s C:\AvaCam.exe 6.0s C:\bwinPoker.exe 6.4s C:\Edgard.exe 6.5s C:\Games.exe 6.9s C:\need for speed 2.exe 7.0s C:\PDFcreator.exe 7.2s C:\PerfLogs.exe 7.3s C:\Poker.exe 7.6s C:\Programs.exe 7.7s C:\Team17.exe 7.9s C:\TEMP.exe 8.1s C:\totalcmd.exe 8.6s C:\YDP.exe 8.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 8.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 9.4s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 9.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 10.6s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 11.0s C:\Users\Tommy\AppData\Roaming\Random\ 11.0s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 11.1s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 11.5s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 12.0s C:\Users\Tommy\AppData\Roaming\Random\Default\ 12.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 12.1s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 13.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 13.2s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 13.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 13.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 14.2s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 14.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 14.9s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 18.8s C:\ProgramData\WindowsMediaCenter\Ie.ico 19.7s C:\ProgramData\WindowsMediaCenter\Image.ico 20.8s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 21.0s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 21.1s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 21.3s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Team17.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : B7CFC731258DB36979AA3234DCC39E56ED84EA1C7A4ED63F9E79B4ED62B9AAFA > Bitdefender . . . : Gen:Variant.Razy.116208 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 107.0 Forensic Cluster -45.9s C:\WindowsMediaCenter\ -45.9s C:\ProgramData\WindowsMediaCenter\ -44.2s C:\ProgramData\WindowsMediaCenter\.ico -38.9s C:\.rnd.exe -38.9s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.7s C:\aaw7boot.log.exe -38.7s C:\ProgramData\WindowsMediaCenter\app3.ico -38.5s C:\app3.LOG.exe -38.5s C:\ProgramData\WindowsMediaCenter\autoexec.ico -38.3s C:\autoexec.bat.exe -38.2s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -38.0s C:\bootmgr.exe -38.0s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.8s C:\BOOTSECT.BAK.exe -37.8s C:\ProgramData\WindowsMediaCenter\CA21.ico -37.6s C:\CA21.txt.exe -37.6s C:\ProgramData\WindowsMediaCenter\config.ico -37.5s C:\config.sys.exe -37.5s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -37.3s C:\ctapi_out_gr.txt.exe -37.3s C:\ProgramData\WindowsMediaCenter\devlist.ico -37.1s C:\devlist.txt.exe -37.1s C:\ProgramData\WindowsMediaCenter\Driver.ico -37.0s C:\Driver.10.exe -36.9s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.8s C:\EamClean.log.exe -36.8s C:\ProgramData\WindowsMediaCenter\error.ico -36.7s C:\error.txt.exe -36.6s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.5s C:\F5SLAS.BIN.exe -36.5s C:\ProgramData\WindowsMediaCenter\Finish.ico -36.4s C:\Finish.log.exe -36.2s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -36.1s C:\igoogle_log.txt.exe -36.1s C:\ProgramData\WindowsMediaCenter\inject.ico -35.9s C:\inject.log.exe -35.9s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.8s C:\inject.log.txt.exe -35.8s C:\ProgramData\WindowsMediaCenter\IO.ico -35.5s C:\IO.SYS.exe -35.5s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -35.4s C:\MSDOS.SYS.exe -35.4s C:\ProgramData\WindowsMediaCenter\NERO.ico -35.1s C:\NERO.LOG.exe -35.1s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -35.0s C:\NIS2009.TXT.exe -35.0s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -34.9s C:\OFFICE2007_A.TXT.exe -34.9s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.7s C:\Pass.txt.exe -8.5s C:\ProgramData\WindowsMediaCenter\Patch.ico -8.4s C:\Patch.LOG.exe -8.4s C:\ProgramData\WindowsMediaCenter\READER_A.ico -8.3s C:\READER_A.TXT.exe -8.2s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -8.1s C:\RECOVERY.DAT.exe -8.1s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -8.0s C:\RHDSetup.log.exe -8.0s C:\ProgramData\WindowsMediaCenter\store.ico -7.9s C:\store.log.exe -7.8s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.7s C:\SumHidd.txt.exe -7.7s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.6s C:\SumOS.txt.exe -7.6s C:\ProgramData\WindowsMediaCenter\user.ico -7.4s C:\user.js.exe -7.4s C:\ProgramData\WindowsMediaCenter\V554.ico -7.2s C:\V554.txt.exe -7.2s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -7.1s C:\VundoFix.txt.exe -7.0s C:\ProgramData\WindowsMediaCenter\WarRock.ico -6.9s C:\WarRock.ini.exe -6.8s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.7s C:\WindowsLive_A.TXT.exe -3.2s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -3.0s C:\$RECYCLE.BIN.exe -2.9s C:\AdwCleaner.exe -2.6s C:\ASUS.SYS.exe -2.1s C:\AvaCam.exe -1.7s C:\bwinPoker.exe -1.3s C:\Edgard.exe -1.2s C:\Games.exe -0.9s C:\need for speed 2.exe -0.7s C:\PDFcreator.exe -0.6s C:\PerfLogs.exe -0.4s C:\Poker.exe -0.1s C:\Programs.exe 0.0s C:\Team17.exe 0.1s C:\TEMP.exe 0.3s C:\totalcmd.exe 0.9s C:\YDP.exe 1.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 1.7s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 1.8s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 2.9s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.2s C:\Users\Tommy\AppData\Roaming\Random\ 3.2s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.4s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 3.8s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 4.3s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.4s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 5.3s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 5.5s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 5.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 6.5s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 6.8s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 11.1s C:\ProgramData\WindowsMediaCenter\Ie.ico 12.0s C:\ProgramData\WindowsMediaCenter\Image.ico 13.1s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.3s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.4s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 13.5s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\TEMP.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:35) Entropy . . . . . : 4.8 SHA-256 . . . . . : 85336A8E6430C8857724A7FC4C8F3CD6E8520F1BBF8282D088D64E4C1E797258 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -46.1s C:\WindowsMediaCenter\ -46.1s C:\ProgramData\WindowsMediaCenter\ -44.4s C:\ProgramData\WindowsMediaCenter\.ico -39.1s C:\.rnd.exe -39.0s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -38.8s C:\aaw7boot.log.exe -38.8s C:\ProgramData\WindowsMediaCenter\app3.ico -38.7s C:\app3.LOG.exe -38.6s C:\ProgramData\WindowsMediaCenter\autoexec.ico -38.5s C:\autoexec.bat.exe -38.4s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -38.1s C:\bootmgr.exe -38.1s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -37.9s C:\BOOTSECT.BAK.exe -37.9s C:\ProgramData\WindowsMediaCenter\CA21.ico -37.8s C:\CA21.txt.exe -37.8s C:\ProgramData\WindowsMediaCenter\config.ico -37.6s C:\config.sys.exe -37.6s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -37.5s C:\ctapi_out_gr.txt.exe -37.4s C:\ProgramData\WindowsMediaCenter\devlist.ico -37.3s C:\devlist.txt.exe -37.2s C:\ProgramData\WindowsMediaCenter\Driver.ico -37.1s C:\Driver.10.exe -37.1s C:\ProgramData\WindowsMediaCenter\EamClean.ico -36.9s C:\EamClean.log.exe -36.9s C:\ProgramData\WindowsMediaCenter\error.ico -36.8s C:\error.txt.exe -36.8s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.7s C:\F5SLAS.BIN.exe -36.6s C:\ProgramData\WindowsMediaCenter\Finish.ico -36.5s C:\Finish.log.exe -36.4s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -36.2s C:\igoogle_log.txt.exe -36.2s C:\ProgramData\WindowsMediaCenter\inject.ico -36.1s C:\inject.log.exe -36.0s C:\ProgramData\WindowsMediaCenter\inject.log.ico -35.9s C:\inject.log.txt.exe -35.9s C:\ProgramData\WindowsMediaCenter\IO.ico -35.6s C:\IO.SYS.exe -35.6s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -35.5s C:\MSDOS.SYS.exe -35.5s C:\ProgramData\WindowsMediaCenter\NERO.ico -35.3s C:\NERO.LOG.exe -35.3s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -35.2s C:\NIS2009.TXT.exe -35.1s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -35.0s C:\OFFICE2007_A.TXT.exe -35.0s C:\ProgramData\WindowsMediaCenter\Pass.ico -34.9s C:\Pass.txt.exe -8.7s C:\ProgramData\WindowsMediaCenter\Patch.ico -8.5s C:\Patch.LOG.exe -8.5s C:\ProgramData\WindowsMediaCenter\READER_A.ico -8.4s C:\READER_A.TXT.exe -8.4s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -8.3s C:\RECOVERY.DAT.exe -8.2s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -8.1s C:\RHDSetup.log.exe -8.1s C:\ProgramData\WindowsMediaCenter\store.ico -8.0s C:\store.log.exe -8.0s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -7.9s C:\SumHidd.txt.exe -7.8s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.7s C:\SumOS.txt.exe -7.7s C:\ProgramData\WindowsMediaCenter\user.ico -7.5s C:\user.js.exe -7.5s C:\ProgramData\WindowsMediaCenter\V554.ico -7.4s C:\V554.txt.exe -7.3s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -7.2s C:\VundoFix.txt.exe -7.1s C:\ProgramData\WindowsMediaCenter\WarRock.ico -7.0s C:\WarRock.ini.exe -7.0s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -6.8s C:\WindowsLive_A.TXT.exe -3.3s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -3.1s C:\$RECYCLE.BIN.exe -3.0s C:\AdwCleaner.exe -2.7s C:\ASUS.SYS.exe -2.2s C:\AvaCam.exe -1.8s C:\bwinPoker.exe -1.5s C:\Edgard.exe -1.3s C:\Games.exe -1.0s C:\need for speed 2.exe -0.8s C:\PDFcreator.exe -0.7s C:\PerfLogs.exe -0.5s C:\Poker.exe -0.3s C:\Programs.exe -0.1s C:\Team17.exe 0.0s C:\TEMP.exe 0.2s C:\totalcmd.exe 0.8s C:\YDP.exe 1.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 1.1s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 1.5s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 1.7s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 2.8s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 3.1s C:\Users\Tommy\AppData\Roaming\Random\ 3.1s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.3s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 3.6s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 4.1s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.2s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 5.1s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 5.3s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 5.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 6.1s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 6.4s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 6.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 7.0s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 10.9s C:\ProgramData\WindowsMediaCenter\Ie.ico 11.8s C:\ProgramData\WindowsMediaCenter\Image.ico 12.9s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.2s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.2s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 13.4s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\totalcmd.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:36) Entropy . . . . . : 4.8 SHA-256 . . . . . : 56B9ADB7A3531C867E0C82CF6118387624C100287C8CE804CB2AA8A8EE6AD8A0 > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -46.3s C:\WindowsMediaCenter\ -46.3s C:\ProgramData\WindowsMediaCenter\ -44.6s C:\ProgramData\WindowsMediaCenter\.ico -39.3s C:\.rnd.exe -39.2s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -39.0s C:\aaw7boot.log.exe -39.0s C:\ProgramData\WindowsMediaCenter\app3.ico -38.8s C:\app3.LOG.exe -38.8s C:\ProgramData\WindowsMediaCenter\autoexec.ico -38.7s C:\autoexec.bat.exe -38.6s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -38.3s C:\bootmgr.exe -38.3s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -38.1s C:\BOOTSECT.BAK.exe -38.1s C:\ProgramData\WindowsMediaCenter\CA21.ico -38.0s C:\CA21.txt.exe -37.9s C:\ProgramData\WindowsMediaCenter\config.ico -37.8s C:\config.sys.exe -37.8s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -37.6s C:\ctapi_out_gr.txt.exe -37.6s C:\ProgramData\WindowsMediaCenter\devlist.ico -37.5s C:\devlist.txt.exe -37.4s C:\ProgramData\WindowsMediaCenter\Driver.ico -37.3s C:\Driver.10.exe -37.2s C:\ProgramData\WindowsMediaCenter\EamClean.ico -37.1s C:\EamClean.log.exe -37.1s C:\ProgramData\WindowsMediaCenter\error.ico -37.0s C:\error.txt.exe -37.0s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -36.8s C:\F5SLAS.BIN.exe -36.8s C:\ProgramData\WindowsMediaCenter\Finish.ico -36.7s C:\Finish.log.exe -36.6s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -36.4s C:\igoogle_log.txt.exe -36.4s C:\ProgramData\WindowsMediaCenter\inject.ico -36.3s C:\inject.log.exe -36.2s C:\ProgramData\WindowsMediaCenter\inject.log.ico -36.1s C:\inject.log.txt.exe -36.1s C:\ProgramData\WindowsMediaCenter\IO.ico -35.8s C:\IO.SYS.exe -35.8s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -35.7s C:\MSDOS.SYS.exe -35.7s C:\ProgramData\WindowsMediaCenter\NERO.ico -35.5s C:\NERO.LOG.exe -35.5s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -35.3s C:\NIS2009.TXT.exe -35.3s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -35.2s C:\OFFICE2007_A.TXT.exe -35.2s C:\ProgramData\WindowsMediaCenter\Pass.ico -35.1s C:\Pass.txt.exe -8.9s C:\ProgramData\WindowsMediaCenter\Patch.ico -8.7s C:\Patch.LOG.exe -8.7s C:\ProgramData\WindowsMediaCenter\READER_A.ico -8.6s C:\READER_A.TXT.exe -8.6s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -8.4s C:\RECOVERY.DAT.exe -8.4s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -8.3s C:\RHDSetup.log.exe -8.3s C:\ProgramData\WindowsMediaCenter\store.ico -8.2s C:\store.log.exe -8.2s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -8.1s C:\SumHidd.txt.exe -8.0s C:\ProgramData\WindowsMediaCenter\SumOS.ico -7.9s C:\SumOS.txt.exe -7.9s C:\ProgramData\WindowsMediaCenter\user.ico -7.7s C:\user.js.exe -7.7s C:\ProgramData\WindowsMediaCenter\V554.ico -7.5s C:\V554.txt.exe -7.5s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -7.4s C:\VundoFix.txt.exe -7.3s C:\ProgramData\WindowsMediaCenter\WarRock.ico -7.2s C:\WarRock.ini.exe -7.2s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -7.0s C:\WindowsLive_A.TXT.exe -3.5s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -3.3s C:\$RECYCLE.BIN.exe -3.2s C:\AdwCleaner.exe -2.9s C:\ASUS.SYS.exe -2.4s C:\AvaCam.exe -2.0s C:\bwinPoker.exe -1.6s C:\Edgard.exe -1.5s C:\Games.exe -1.2s C:\need for speed 2.exe -1.0s C:\PDFcreator.exe -0.9s C:\PerfLogs.exe -0.7s C:\Poker.exe -0.5s C:\Programs.exe -0.3s C:\Team17.exe -0.2s C:\TEMP.exe 0.0s C:\totalcmd.exe 0.6s C:\YDP.exe 0.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 0.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 1.3s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 1.5s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 2.6s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 2.9s C:\Users\Tommy\AppData\Roaming\Random\ 2.9s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 3.1s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 3.4s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 3.9s C:\Users\Tommy\AppData\Roaming\Random\Default\ 4.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 4.0s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 4.9s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 5.2s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 5.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 5.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 6.2s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 6.5s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 6.8s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 10.7s C:\ProgramData\WindowsMediaCenter\Ie.ico 11.7s C:\ProgramData\WindowsMediaCenter\Image.ico 12.8s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 13.0s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 13.0s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 13.2s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\user.js.exe Size . . . . . . . : 11.264 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:28) Entropy . . . . . : 3.8 SHA-256 . . . . . : A032CA837A064E0D1A3A2D3332E4CDDEE8DCBE1142D93022BF106D42D2B43597 > Bitdefender . . . : Gen:Trojan.Heur.DNP.am0@aWvxoll Fuzzy . . . . . . : 107.0 Forensic Cluster -38.5s C:\WindowsMediaCenter\ -38.5s C:\ProgramData\WindowsMediaCenter\ -36.8s C:\ProgramData\WindowsMediaCenter\.ico -31.5s C:\.rnd.exe -31.5s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -31.3s C:\aaw7boot.log.exe -31.3s C:\ProgramData\WindowsMediaCenter\app3.ico -31.1s C:\app3.LOG.exe -31.1s C:\ProgramData\WindowsMediaCenter\autoexec.ico -30.9s C:\autoexec.bat.exe -30.8s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -30.6s C:\bootmgr.exe -30.6s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -30.4s C:\BOOTSECT.BAK.exe -30.4s C:\ProgramData\WindowsMediaCenter\CA21.ico -30.2s C:\CA21.txt.exe -30.2s C:\ProgramData\WindowsMediaCenter\config.ico -30.1s C:\config.sys.exe -30.1s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -29.9s C:\ctapi_out_gr.txt.exe -29.9s C:\ProgramData\WindowsMediaCenter\devlist.ico -29.7s C:\devlist.txt.exe -29.7s C:\ProgramData\WindowsMediaCenter\Driver.ico -29.6s C:\Driver.10.exe -29.5s C:\ProgramData\WindowsMediaCenter\EamClean.ico -29.4s C:\EamClean.log.exe -29.4s C:\ProgramData\WindowsMediaCenter\error.ico -29.3s C:\error.txt.exe -29.2s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -29.1s C:\F5SLAS.BIN.exe -29.1s C:\ProgramData\WindowsMediaCenter\Finish.ico -29.0s C:\Finish.log.exe -28.8s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -28.7s C:\igoogle_log.txt.exe -28.7s C:\ProgramData\WindowsMediaCenter\inject.ico -28.5s C:\inject.log.exe -28.5s C:\ProgramData\WindowsMediaCenter\inject.log.ico -28.4s C:\inject.log.txt.exe -28.4s C:\ProgramData\WindowsMediaCenter\IO.ico -28.1s C:\IO.SYS.exe -28.1s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -28.0s C:\MSDOS.SYS.exe -28.0s C:\ProgramData\WindowsMediaCenter\NERO.ico -27.7s C:\NERO.LOG.exe -27.7s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -27.6s C:\NIS2009.TXT.exe -27.6s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -27.5s C:\OFFICE2007_A.TXT.exe -27.5s C:\ProgramData\WindowsMediaCenter\Pass.ico -27.3s C:\Pass.txt.exe -1.1s C:\ProgramData\WindowsMediaCenter\Patch.ico -1.0s C:\Patch.LOG.exe -1.0s C:\ProgramData\WindowsMediaCenter\READER_A.ico -0.9s C:\READER_A.TXT.exe -0.8s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -0.7s C:\RECOVERY.DAT.exe -0.7s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -0.6s C:\RHDSetup.log.exe -0.6s C:\ProgramData\WindowsMediaCenter\store.ico -0.5s C:\store.log.exe -0.4s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -0.3s C:\SumHidd.txt.exe -0.3s C:\ProgramData\WindowsMediaCenter\SumOS.ico -0.2s C:\SumOS.txt.exe -0.2s C:\ProgramData\WindowsMediaCenter\user.ico 0.0s C:\user.js.exe 0.0s C:\ProgramData\WindowsMediaCenter\V554.ico 0.2s C:\V554.txt.exe 0.2s C:\ProgramData\WindowsMediaCenter\VundoFix.ico 0.3s C:\VundoFix.txt.exe 0.4s C:\ProgramData\WindowsMediaCenter\WarRock.ico 0.5s C:\WarRock.ini.exe 0.6s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico 0.7s C:\WindowsLive_A.TXT.exe 4.2s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico 4.4s C:\$RECYCLE.BIN.exe 4.5s C:\AdwCleaner.exe 4.8s C:\ASUS.SYS.exe 5.3s C:\AvaCam.exe 5.7s C:\bwinPoker.exe 6.1s C:\Edgard.exe 6.2s C:\Games.exe 6.5s C:\need for speed 2.exe 6.7s C:\PDFcreator.exe 6.8s C:\PerfLogs.exe 7.0s C:\Poker.exe 7.3s C:\Programs.exe 7.4s C:\Team17.exe 7.5s C:\TEMP.exe 7.7s C:\totalcmd.exe 8.3s C:\YDP.exe 8.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 8.6s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 9.0s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 9.2s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 10.3s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 10.6s C:\Users\Tommy\AppData\Roaming\Random\ 10.6s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 10.8s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 11.2s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 11.7s C:\Users\Tommy\AppData\Roaming\Random\Default\ 11.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 11.8s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 12.7s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 12.9s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 13.0s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 13.6s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 13.9s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 14.2s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 14.5s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 18.5s C:\ProgramData\WindowsMediaCenter\Ie.ico 19.4s C:\ProgramData\WindowsMediaCenter\Image.ico 20.5s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 20.7s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 20.8s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 20.9s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico C:\Users\Tommy\Desktop\MOJE DOKUMENTY\FastActivate-28-07-2013\FastActivate.exe Size . . . . . . . : 1.662.976 bytes Age . . . . . . . : 1258.0 days (2013-08-01 21:12:29) Entropy . . . . . : 8.0 SHA-256 . . . . . : 8561B2DF0B95656D23422BDAD658EE3D070FD5E4B76B10025DB60F814B51708E Needs elevation . : Yes Product . . . . . : FastActivate Publisher . . . . : TT Description . . . : Activate Maps,Voices, Speedcams & Fuel prices. Patch Navcore & HOME. Check current meta code. Update QuickGPSfix Version . . . . . : 28,07,2013,0 Copyright . . . . : TT LanguageID . . . . : 1033 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 111.0 C:\YDP.exe Size . . . . . . . : 7.680 bytes Age . . . . . . . : 8.0 days (2017-01-02 20:57:36) Entropy . . . . . : 4.8 SHA-256 . . . . . : 9F44D2F6238821F312DE3A3B01DE1BB1878BEA49AA30C6BFDE3015C26957988D > Bitdefender . . . : Gen:Variant.Razy.116208 Fuzzy . . . . . . : 107.0 Forensic Cluster -46.8s C:\WindowsMediaCenter\ -46.8s C:\ProgramData\WindowsMediaCenter\ -45.2s C:\ProgramData\WindowsMediaCenter\.ico -39.8s C:\.rnd.exe -39.8s C:\ProgramData\WindowsMediaCenter\aaw7boot.ico -39.6s C:\aaw7boot.log.exe -39.6s C:\ProgramData\WindowsMediaCenter\app3.ico -39.4s C:\app3.LOG.exe -39.4s C:\ProgramData\WindowsMediaCenter\autoexec.ico -39.2s C:\autoexec.bat.exe -39.1s C:\ProgramData\WindowsMediaCenter\bootmgr.ico -38.9s C:\bootmgr.exe -38.9s C:\ProgramData\WindowsMediaCenter\BOOTSECT.ico -38.7s C:\BOOTSECT.BAK.exe -38.7s C:\ProgramData\WindowsMediaCenter\CA21.ico -38.5s C:\CA21.txt.exe -38.5s C:\ProgramData\WindowsMediaCenter\config.ico -38.4s C:\config.sys.exe -38.4s C:\ProgramData\WindowsMediaCenter\ctapi_out_gr.ico -38.2s C:\ctapi_out_gr.txt.exe -38.2s C:\ProgramData\WindowsMediaCenter\devlist.ico -38.0s C:\devlist.txt.exe -38.0s C:\ProgramData\WindowsMediaCenter\Driver.ico -37.9s C:\Driver.10.exe -37.8s C:\ProgramData\WindowsMediaCenter\EamClean.ico -37.7s C:\EamClean.log.exe -37.7s C:\ProgramData\WindowsMediaCenter\error.ico -37.6s C:\error.txt.exe -37.5s C:\ProgramData\WindowsMediaCenter\F5SLAS.ico -37.4s C:\F5SLAS.BIN.exe -37.4s C:\ProgramData\WindowsMediaCenter\Finish.ico -37.3s C:\Finish.log.exe -37.1s C:\ProgramData\WindowsMediaCenter\igoogle_log.ico -37.0s C:\igoogle_log.txt.exe -37.0s C:\ProgramData\WindowsMediaCenter\inject.ico -36.8s C:\inject.log.exe -36.8s C:\ProgramData\WindowsMediaCenter\inject.log.ico -36.7s C:\inject.log.txt.exe -36.7s C:\ProgramData\WindowsMediaCenter\IO.ico -36.4s C:\IO.SYS.exe -36.4s C:\ProgramData\WindowsMediaCenter\MSDOS.ico -36.3s C:\MSDOS.SYS.exe -36.3s C:\ProgramData\WindowsMediaCenter\NERO.ico -36.0s C:\NERO.LOG.exe -36.0s C:\ProgramData\WindowsMediaCenter\NIS2009.ico -35.9s C:\NIS2009.TXT.exe -35.9s C:\ProgramData\WindowsMediaCenter\OFFICE2007_A.ico -35.8s C:\OFFICE2007_A.TXT.exe -35.8s C:\ProgramData\WindowsMediaCenter\Pass.ico -35.6s C:\Pass.txt.exe -9.4s C:\ProgramData\WindowsMediaCenter\Patch.ico -9.3s C:\Patch.LOG.exe -9.3s C:\ProgramData\WindowsMediaCenter\READER_A.ico -9.2s C:\READER_A.TXT.exe -9.1s C:\ProgramData\WindowsMediaCenter\RECOVERY.ico -9.0s C:\RECOVERY.DAT.exe -9.0s C:\ProgramData\WindowsMediaCenter\RHDSetup.ico -8.9s C:\RHDSetup.log.exe -8.9s C:\ProgramData\WindowsMediaCenter\store.ico -8.8s C:\store.log.exe -8.7s C:\ProgramData\WindowsMediaCenter\SumHidd.ico -8.6s C:\SumHidd.txt.exe -8.6s C:\ProgramData\WindowsMediaCenter\SumOS.ico -8.5s C:\SumOS.txt.exe -8.5s C:\ProgramData\WindowsMediaCenter\user.ico -8.3s C:\user.js.exe -8.3s C:\ProgramData\WindowsMediaCenter\V554.ico -8.1s C:\V554.txt.exe -8.1s C:\ProgramData\WindowsMediaCenter\VundoFix.ico -8.0s C:\VundoFix.txt.exe -7.9s C:\ProgramData\WindowsMediaCenter\WarRock.ico -7.8s C:\WarRock.ini.exe -7.7s C:\ProgramData\WindowsMediaCenter\WindowsLive_A.ico -7.6s C:\WindowsLive_A.TXT.exe -4.1s C:\ProgramData\WindowsMediaCenter\KrUUgHRH.ico -3.9s C:\$RECYCLE.BIN.exe -3.8s C:\AdwCleaner.exe -3.5s C:\ASUS.SYS.exe -3.0s C:\AvaCam.exe -2.6s C:\bwinPoker.exe -2.2s C:\Edgard.exe -2.1s C:\Games.exe -1.8s C:\need for speed 2.exe -1.6s C:\PDFcreator.exe -1.5s C:\PerfLogs.exe -1.3s C:\Poker.exe -1.0s C:\Programs.exe -0.9s C:\Team17.exe -0.8s C:\TEMP.exe -0.6s C:\totalcmd.exe 0.0s C:\YDP.exe 0.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs.xBAD 0.3s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js.xBAD 0.7s C:\ProgramData\WindowsMediaCenter\Cztery pory Roku.ico 0.9s C:\FRST\Quarantine\C\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL.xBAD 2.0s C:\ProgramData\WindowsMediaCenter\E.L. James - Pięćdziesiąt twarzy Greya.ico 2.3s C:\Users\Tommy\AppData\Roaming\Random\ 2.3s C:\Users\Tommy\AppData\Roaming\Random\Optional\ 2.5s C:\ProgramData\WindowsMediaCenter\LABEDZIE.ico 2.9s C:\ProgramData\WindowsMediaCenter\Piecdziesiat twarzy Greya - E. L. James.ico 3.4s C:\Users\Tommy\AppData\Roaming\Random\Default\ 3.4s C:\Users\Tommy\AppData\Roaming\Random\Default\Anki.exe 3.5s C:\ProgramData\WindowsMediaCenter\treeinfo.ico 4.4s C:\Users\Tommy\AppData\Roaming\Random\Default\VT Niemiecki Kurs podstawowy mp3.exe 4.6s C:\Users\Tommy\AppData\Roaming\Random\Default\DVDVideoSoft Free Studio.exe 4.7s C:\Users\Tommy\AppData\Roaming\Random\Default\Free Audio Editor.exe 5.3s C:\Users\Tommy\AppData\Roaming\Random\Default\Google Earth.exe 5.6s C:\Users\Tommy\AppData\Roaming\Random\Default\NAVIGON Fresh.exe 5.9s C:\Users\Tommy\AppData\Roaming\Random\Default\Reader for PC.exe 6.2s C:\Users\Tommy\AppData\Roaming\Random\Default\VLC media player.exe 10.2s C:\ProgramData\WindowsMediaCenter\Ie.ico 11.1s C:\ProgramData\WindowsMediaCenter\Image.ico 12.2s C:\ProgramData\WindowsMediaCenter\pmp_usb.ico 12.4s C:\ProgramData\WindowsMediaCenter\PROGRAM DO SKYPE.ico 12.5s C:\ProgramData\WindowsMediaCenter\SdHeuristic.ico 12.6s C:\ProgramData\WindowsMediaCenter\winamp_cache_0001.ico Suspicious files ____________________________________________________________ C:\Users\Tommy\Desktop\FRST.exe Size . . . . . . . : 1.761.280 bytes Age . . . . . . . : 0.3 days (2017-01-10 13:18:55) Entropy . . . . . : 7.6 SHA-256 . . . . . : 8F8C091D63FE317EC9390E1D7C842904CE73E534A7E291EBD43F48237B236853 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Tommy\Desktop\FRST.exe Malware remnants ____________________________________________________________ HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com\ (SuperFish) Potential Unwanted Programs _________________________________________________ C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg (Bandoo) HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}\ (Iminent) HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ (Bandoo) HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ (Bandoo) HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ (Bandoo) HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ (Bandoo) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739\ (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) HKLM\SYSTEM\ControlSet002\Services\IBUpdaterService\ (Sweetpacks) HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application\Wpm\ (FTDownloader) HKLM\SYSTEM\ControlSet004\Services\Eventlog\Application\Wpm\ (FTDownloader) HKLM\SYSTEM\ControlSet005\Services\Eventlog\Application\Wpm\ (FTDownloader) HKLM\SYSTEM\ControlSet006\Services\Eventlog\Application\Wpm\ (FTDownloader) HKLM\SYSTEM\ControlSet007\Services\Eventlog\Application\Wpm\ (FTDownloader) HKLM\SYSTEM\ControlSet008\Services\IBUpdaterService\ (Sweetpacks) HKLM\SYSTEM\ControlSet009\Services\Eventlog\Application\Wpm\ (FTDownloader) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) HKU\S-1-5-21-365035492-1695249228-1794944439-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows\ (Softonic) HKU\S-1-5-21-365035492-1695249228-1794944439-1006\Software\Softonic\ (Softonic) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Conduit\ (Conduit) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\IM\ (Sweetpacks) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\ImInstaller\ (Sweetpacks) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Microsoft\Internet Explorer\DOMStorage\ask.com\ (MindSpark) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ (Incredibar) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\SweetIM\ (Sweetpacks) HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\WNLT\ (Sweetpacks) Cookies _____________________________________________________________________ C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:acxiom-online.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adocean.pl C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.gameflow.pl C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.jmg.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad3.adfarm1.adition.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.businessclick.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ngo.pl C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.o2.pl C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultadworld.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertisegame.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:cxense.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:espressoporno.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:hornytube.xxx C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibeu2.mookie1.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:it.pornoid.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:korrelate.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:lupoporno.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoid.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:rvty.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.4u.pl C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:triggit.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hornytube.xxx C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:xxxfilm.it C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:227214290.log.optimizely.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:acxiom-online.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldpartners.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adformdsp.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.businessclick.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.o2.pl C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.snipershide.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.williamhill.it C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscience.nl C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertine.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.adform.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmp.adform.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibeu2.mookie1.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:kau.li C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:p.univide.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pswec.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:relestar.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rs.gwallet.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:rvty.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adformdsp.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:servesharp.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.4u.pl C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:triggit.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:vizu.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\guest_\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\0RHYO2G1.txt C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\4HGO9J4M.txt C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\7EWOEO9D.txt C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\L6W0J0HQ.txt C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\OI5WK11F.txt [/code]