Hink Napisano Czerwiec 22, 2012 Zgłoś Share Napisano Czerwiec 22, 2012 Witam. Ostatnio zauważyłem, w moich obrazach "about.Brontok.HTML".I co jakiś czas otwiera się dziwna strona, usunąć się tego nie da, ciągle od nowa się pojawia, Avast nie chce tego usunąć, a czasami kiedy dochodzi proces skanowania właśnie do tego folderu to komputer się resetuje. Nie wiem jak się tego pozbyć, myślę, żeby użyć ComboFixa, ale czy to będzie bezpieczne i jak się nim obsługiwać, szczerze nigdy nie miałem do czynienia z poważniejszymi wirusami więc jestem totalnie zielony w tych sprawach. Piszcie, wyśle logi z programów jeśli dam radę. Link do komentarza Udostępnij na innych stronach More sharing options...
RaZziaN Napisano Czerwiec 22, 2012 Zgłoś Share Napisano Czerwiec 22, 2012 Combofix powinien bardziej pomóc niż zaszkodzic.W razie czego pliki usuniete mozna przywrocic, przy okazjii program doinstaluje konsole odzyskiwania wiec nie powinno byc problemu.PRzed skanowaniem ale po instalacjii konsoli warto odlaczyc internet o ile to mozliwe, a w czasie skanowania nie dotykaj niczego i wszystko bedzie ok. Pamietaj by log po skanie zamiescic na jakims forum, aby sie upewnic co do all. Mozesz wczesniej sie pobawic w skan w Gmerze ale to wg mnie za dlugo by trwalo;pozdro Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 22, 2012 Zgłoś Share Napisano Czerwiec 22, 2012 Nie używaj combofix-a o ile nie wiesz dobrze jak go używać, lub osoba która ci pomaga wyraźnie zaznaczy, że masz to zrobić (przyjmując, że osoba ta wie co mówi).Teraz pisze z telefonu, wiec teraz nie napisze jak to usunac. wroce do domu to pomoge (w niedziele dopiero bede mogl pomoc) Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 22, 2012 Autor Zgłoś Share Napisano Czerwiec 22, 2012 Skoro ComboFix ma możliwość odzyskania plików, które usunął to w sumie nie powinno być problemu. W niedziele powiadasz, będę czekać jeśli infekcja się nie rozwinie w pokaźny sposób. Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 22, 2012 Zgłoś Share Napisano Czerwiec 22, 2012 Jesli zalezy ci na czasie (co nawet ma sens) to mozesz zalozyc temat na forum geekstogo.com, sam tam zajmuje sie usuwaniem wirusow, wiec wiem, ze jest pewnie i szybko Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 22, 2012 Autor Zgłoś Share Napisano Czerwiec 22, 2012 Zagraniczne forum ? Z angielskiego dobry nie jestem, ale warto spróbować, jeśli tam nic nie wskóram , to zaczekam za Tobą do niedzieli EDIT: Brontok nawet na użycie ComboFixa nie pozwala, przy próbie instalacji ponownie uruchamia komputer. Skoro nie mogę sprawdzić logów ani zainstalować żadnych innych antywirusów co pozostaje mi do zrobienia ? Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 24, 2012 Zgłoś Share Napisano Czerwiec 24, 2012 Jaki masz system operacyjny ? Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 24, 2012 Autor Zgłoś Share Napisano Czerwiec 24, 2012 System operacyjny - Windows 7 Ultimate 64bit. Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 24, 2012 Zgłoś Share Napisano Czerwiec 24, 2012 Możesz uruchomić OTL i wygenerować log ? Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 24, 2012 Autor Zgłoś Share Napisano Czerwiec 24, 2012 Nie wiem czy o to konkretnie Ci chodziło, ale log udało się wygenerować.[log]OTL logfile created on: 2012-06-24 20:21:42 - Run 1OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\PePe\Downloads64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,72% Memory free5,98 Gb Paging File | 4,63 Gb Available in Paging File | 77,48% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 97,65 Gb Total Space | 21,83 Gb Free Space | 22,36% Space Free | Partition Type: NTFSDrive D: | 97,65 Gb Total Space | 27,56 Gb Free Space | 28,22% Space Free | Partition Type: NTFSDrive E: | 102,77 Gb Total Space | 38,80 Gb Free Space | 37,75% Space Free | Partition Type: NTFSComputer Name: PEPE-KOMPUTER | User Name: PePe | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days========== Processes (All) ==========PRC - [2012-06-24 20:07:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PePe\Downloads\OTL.exePRC - [2012-06-13 15:15:04 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exePRC - [2012-06-13 15:15:03 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exePRC - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\chrome.exePRC - [2012-05-24 09:45:39 | 002,686,976 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exePRC - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exePRC - [2011-10-29 07:54:14 | 001,294,336 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\system\rads_user_kernel.exePRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exePRC - [2009-07-14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXEPRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\winlogon.exePRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\services.exePRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\lsass.exe========== Modules (All) ==========MOD - [2012-06-24 20:07:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PePe\Downloads\OTL.exeMOD - [2012-06-13 15:15:06 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dllMOD - [2012-06-13 15:15:03 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exeMOD - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\chrome.exeMOD - [2012-06-07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllMOD - [2012-06-07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllMOD - [2012-06-07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dllMOD - [2012-06-07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dllMOD - [2012-06-07 10:13:25 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\icudt.dllMOD - [2012-06-07 10:13:19 | 035,876,888 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome.dllMOD - [2012-06-07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dllMOD - [2012-06-07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dllMOD - [2012-06-07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dllMOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllMOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dllMOD - [2012-05-24 09:45:39 | 002,686,976 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exeMOD - [2012-01-30 17:13:10 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dllMOD - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeMOD - [2011-11-17 07:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dllMOD - [2011-11-17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dllMOD - [2011-11-17 07:39:21 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dllMOD - [2011-11-17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dllMOD - [2011-11-17 07:35:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dllMOD - [2011-11-05 06:35:50 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dllMOD - [2011-11-05 06:35:47 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dllMOD - [2011-11-05 06:34:00 | 002,072,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dllMOD - [2011-10-29 07:54:14 | 001,294,336 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\system\rads_user_kernel.exeMOD - [2011-09-07 16:48:42 | 000,118,784 | ---- | M] (Solid State Networks) -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\launcher.maestro.dllMOD - [2011-08-27 06:43:07 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dllMOD - [2011-08-27 06:43:06 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dllMOD - [2011-07-16 06:32:14 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\acwow64.dllMOD - [2011-07-16 06:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dllMOD - [2011-07-16 06:30:27 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dllMOD - [2011-05-24 12:34:20 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dllMOD - [2011-05-24 12:34:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dllMOD - [2011-03-03 07:29:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dllMOD - [2010-12-21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dllMOD - [2010-12-21 07:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dllMOD - [2010-08-21 07:33:24 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dllMOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dllMOD - [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dllMOD - [2010-06-29 07:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dllMOD - [2010-06-19 08:23:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dllMOD - [2010-05-26 12:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_43.dllMOD - [2010-05-26 12:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DX9_43.dllMOD - [2010-05-23 12:11:48 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dllMOD - [2009-12-29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dllMOD - [2009-09-23 13:18:08 | 003,829,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dllMOD - [2009-09-23 13:14:54 | 000,536,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumdx32.dllMOD - [2009-08-29 08:57:31 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dllMOD - [2009-08-18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLLMOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dllMOD - [2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dllMOD - [2009-07-14 03:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dllMOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dllMOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dllMOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLLMOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dllMOD - [2009-07-14 03:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dllMOD - [2009-07-14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dllMOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dllMOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dllMOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dllMOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dllMOD - [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dllMOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dllMOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dllMOD - [2009-07-14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dllMOD - [2009-07-14 03:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sqmapi.dllMOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dllMOD - [2009-07-14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dllMOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dllMOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dllMOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dllMOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dllMOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dllMOD - [2009-07-14 03:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dllMOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dllMOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dllMOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dllMOD - [2009-07-14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dllMOD - [2009-07-14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dllMOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dllMOD - [2009-07-14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dllMOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dllMOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dllMOD - [2009-07-14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dllMOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dllMOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dllMOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dllMOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dllMOD - [2009-07-14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dllMOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dllMOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dllMOD - [2009-07-14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dllMOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dllMOD - [2009-07-14 03:16:02 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dllMOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dllMOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dllMOD - [2009-07-14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvbvm60.dllMOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dllMOD - [2009-07-14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dllMOD - [2009-07-14 03:15:46 | 002,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dllMOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dllMOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dllMOD - [2009-07-14 03:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dllMOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dllMOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dllMOD - [2009-07-14 03:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dllMOD - [2009-07-14 03:15:36 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\logoncli.dllMOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dllMOD - [2009-07-14 03:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dllMOD - [2009-07-14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLLMOD - [2009-07-14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dllMOD - [2009-07-14 03:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dllMOD - [2009-07-14 03:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLLMOD - [2009-07-14 03:15:19 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\evr.dllMOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dllMOD - [2009-07-14 03:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dllMOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dllMOD - [2009-07-14 03:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dllMOD - [2009-07-14 03:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dllMOD - [2009-07-14 03:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dllMOD - [2009-07-14 03:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dllMOD - [2009-07-14 03:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dllMOD - [2009-07-14 03:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dllMOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dllMOD - [2009-07-14 03:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dllMOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dllMOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dllMOD - [2009-07-14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dllMOD - [2009-07-14 03:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dllMOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dllMOD - [2009-07-14 03:15:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dllMOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dllMOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dllMOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dllMOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dllMOD - [2009-07-14 03:14:52 | 000,260,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsnt.dllMOD - [2009-07-14 03:14:52 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsldpc.dllMOD - [2009-07-14 03:14:52 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\activeds.dllMOD - [2009-07-14 03:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dllMOD - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exeMOD - [2009-07-14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXEMOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocxMOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drvMOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dllMOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dllMOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dllMOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dllMOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dllMOD - [2009-07-14 03:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dllMOD - [2009-06-10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dllMOD - [2009-06-10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dllMOD - [2009-06-10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dllMOD - [2009-06-10 23:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dllMOD - [2008-07-12 09:18:52 | 003,851,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DX9_39.dllMOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\winlogon.exeMOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\services.exeMOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\lsass.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2012-06-13 15:15:04 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)SRV - [2012-05-03 09:49:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2009-07-13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012-04-09 20:01:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2011-10-24 09:50:28 | 000,052,936 | ---- | M] (TrustPort, a.s.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers psec.sys -- (tpsec)DRV:64bit: - [2010-03-25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)DRV:64bit: - [2010-03-24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)DRV:64bit: - [2010-03-20 12:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)DRV:64bit: - [2010-03-20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)DRV:64bit: - [2009-09-23 13:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009-07-14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2009-07-13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)DRV:64bit: - [2009-06-25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)DRV:64bit: - [2009-06-10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel?DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2007-08-09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)DRV:64bit: - [2006-11-18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)DRV - [2011-10-24 09:48:18 | 000,020,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\TrustPort\bin\dsio.sys -- (dsio)DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-04-17 20:05:13&v=10.2.0.3&sap=hpIE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-17 20:05:13&v=10.2.0.3&sap=dsp&q={searchTerms}IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-06-13 15:15:32 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: Java? Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: Google Update (Enabled) = C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dllCHR - Extension: YouTube = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Szukaj w Google = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012-01-30 17:13:03 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 genuine.microsoft.comO1 - Hosts: 127.0.0.1 mpa.one.microsoft.comO1 - Hosts: 127.0.0.1 sls.microsoft.comO2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not foundO2 - BHO: (Java? Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()O3 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [4StoryPrePatch] D:\Program Files (x86)\Gameforge4D\4Story_PL\PrePatch.exe File not foundO4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe ()O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner File not foundO4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Tok-Cirrhatus] C:\Users\PePe\AppData\Local\smss.exe ()O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1O7 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30230CF4-0E9E-42C5-B36A-16FA6C59F939}: DhcpNameServer = 192.168.1.1 192.168.1.1O18:64bit: - Protocol\Handler\viprotocol - No CLSID value foundO18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2012-04-25 13:13:35 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2007-04-15 12:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2010-06-15 18:53:19 | 000,000,089 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]O33 - MountPoints2\{0fb14e8f-9e83-11e1-9d7b-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{0fb14e8f-9e83-11e1-9d7b-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{229457a9-4a9f-11e1-89e8-001f3c635a76}\Shell - "" = AutoRunO33 - MountPoints2\{229457a9-4a9f-11e1-89e8-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{229457e3-4a9f-11e1-89e8-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{229457e3-4a9f-11e1-89e8-002215367d29}\Shell\AutoRun\command - "" = G:\AutoRun.exeO33 - MountPoints2\{68e2b609-9f47-11e1-9c34-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{68e2b609-9f47-11e1-9c34-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{68e2b61c-9f47-11e1-9c34-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{68e2b61c-9f47-11e1-9c34-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{7700cfba-bb02-11e1-822f-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{7700cfba-bb02-11e1-822f-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell - "" = AutoRunO33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell\AutoRun\command - "" = G:\Setup.ExeO33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell\menu01\command - "" = notepad.exe "readme.txt"O33 - MountPoints2\{982eef6c-9e81-11e1-9dc5-001f3c635a76}\Shell - "" = AutoRunO33 - MountPoints2\{982eef6c-9e81-11e1-9dc5-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{982eef7e-9e81-11e1-9dc5-001f3c635a76}\Shell - "" = AutoRunO33 - MountPoints2\{982eef7e-9e81-11e1-9dc5-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{c4884bc6-7d7d-11e1-9d67-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{c4884bc6-7d7d-11e1-9d67-002215367d29}\Shell\AutoRun\command - "" = G:\USBAutoRun.exeO33 - MountPoints2\{c4abd37c-abca-11e1-b6aa-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{c4abd37c-abca-11e1-b6aa-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exeO33 - MountPoints2\{f59c2344-4ca9-11e1-8fa8-002215367d29}\Shell - "" = AutoRunO33 - MountPoints2\{f59c2344-4ca9-11e1-8fa8-002215367d29}\Shell\AutoRun\command - "" = I:\AutoRun.exeO33 - MountPoints2\H\Shell - "" = AutoRunO33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exeO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)MsConfig:64bit - StartUpFolder: C:^Users^PePe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif - C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif - ()MsConfig:64bit - State: "startup" - Reg Error: Key error.SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SafeBootMin:64bit: Base - Driver GroupSafeBootMin:64bit: Boot Bus Extender - Driver GroupSafeBootMin:64bit: Boot file system - Driver GroupSafeBootMin:64bit: File system - Driver GroupSafeBootMin:64bit: Filter - Driver GroupSafeBootMin:64bit: HelpSvc - ServiceSafeBootMin:64bit: PCI Configuration - Driver GroupSafeBootMin:64bit: PNP Filter - Driver GroupSafeBootMin:64bit: Primary disk - Driver GroupSafeBootMin:64bit: sacsvr - ServiceSafeBootMin:64bit: SCSI Class - Driver GroupSafeBootMin:64bit: System Bus Extender - Driver GroupSafeBootMin:64bit: vmms - ServiceSafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: HelpSvc - ServiceSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: sacsvr - ServiceSafeBootMin: SCSI Class - Driver GroupSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vmms - ServiceSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SafeBootNet:64bit: avasdmft - DriverSafeBootNet:64bit: avas_service - ServiceSafeBootNet:64bit: avss_service - ServiceSafeBootNet:64bit: Base - Driver GroupSafeBootNet:64bit: Boot Bus Extender - Driver GroupSafeBootNet:64bit: Boot file system - Driver GroupSafeBootNet:64bit: File system - Driver GroupSafeBootNet:64bit: Filter - Driver GroupSafeBootNet:64bit: HelpSvc - ServiceSafeBootNet:64bit: Messenger - ServiceSafeBootNet:64bit: NDIS Wrapper - Driver GroupSafeBootNet:64bit: NetBIOSGroup - Driver GroupSafeBootNet:64bit: NetDDEGroup - Driver GroupSafeBootNet:64bit: Network - Driver GroupSafeBootNet:64bit: NetworkProvider - Driver GroupSafeBootNet:64bit: PCI Configuration - Driver GroupSafeBootNet:64bit: PNP Filter - Driver GroupSafeBootNet:64bit: PNP_TDI - Driver GroupSafeBootNet:64bit: Primary disk - Driver GroupSafeBootNet:64bit: rdsessmgr - ServiceSafeBootNet:64bit: sacsvr - ServiceSafeBootNet:64bit: SCSI Class - Driver GroupSafeBootNet:64bit: Streams Drivers - Driver GroupSafeBootNet:64bit: System Bus Extender - Driver GroupSafeBootNet:64bit: TDI - Driver GroupSafeBootNet:64bit: tpavdrw_service - ServiceSafeBootNet:64bit: tpsec - C:\Windows\SysNative\drivers psec.sys (TrustPort, a.s.)SafeBootNet:64bit: vmms - ServiceSafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SafeBootNet:64bit: WudfUsbccidDriver - DriverSafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootNet: avasdmft - DriverSafeBootNet: avas_service - ServiceSafeBootNet: avss_service - ServiceSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: HelpSvc - ServiceSafeBootNet: Messenger - ServiceSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: rdsessmgr - ServiceSafeBootNet: sacsvr - ServiceSafeBootNet: SCSI Class - Driver GroupSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: tpavdrw_service - ServiceSafeBootNet: vmms - ServiceSafeBootNet: WudfUsbccidDriver - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices========== Files/Folders - Created Within 60 Days ==========[2012-06-24 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-24[2012-06-23 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-23[2012-06-22 23:02:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012-06-22 23:02:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW[2012-06-22 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-22[2012-06-20 21:47:08 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys[2012-06-20 21:47:08 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys[2012-06-20 21:47:08 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys[2012-06-20 21:47:08 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys[2012-06-20 21:47:08 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys[2012-06-20 21:47:08 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys[2012-06-14 06:52:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\AVG Secure Search[2012-06-13 12:10:22 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\PePe\Desktop\minecraftsp.exe[2012-06-12 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\.minecraft[2012-06-11 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deep Silver[2012-06-11 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\InstallShield[2012-06-10 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\Desktop\stalker-stcs[2012-06-10 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\Desktop\STALKER-SHOC[2012-06-10 11:30:30 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps[2012-06-09 00:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3[2012-06-09 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\AIMP3[2012-06-09 00:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3[2012-06-05 18:18:37 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Tropico 3[2012-06-05 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\XRay Engine[2012-06-05 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-stcs[2012-06-04 13:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSC Game World[2012-06-04 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC[2012-05-23 20:40:50 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\LolClient2[2012-05-22 18:14:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive[2012-05-22 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace[2012-05-19 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\RRR2[2012-05-19 18:22:07 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Hydrophobia[2012-05-16 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\gtk-2.0[2012-05-16 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\PePe\.thumbnails[2012-05-15 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\T-Mobile[2012-05-15 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService[2012-05-13 00:02:31 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\gegl-0.0[2012-05-13 00:02:31 | 000,000,000 | ---D | C] -- C:\Users\PePe\.gimp-2.6[2012-05-13 00:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP[2012-05-13 00:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0[2012-05-13 00:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v9Soft[2012-05-12 21:24:11 | 000,000,000 | ---D | C] -- C:\Users\PePe\Nowy folder[2012-05-12 21:23:48 | 000,000,000 | ---D | C] -- C:\Users\PePe\Zdjecia[2012-05-08 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\ZombieDriver[2012-05-08 14:49:05 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2012-05-08 14:49:05 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2012-05-08 14:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL[2012-05-08 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive[2012-05-03 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games[2012-05-03 16:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES[2012-05-03 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\EA Games[2012-05-03 16:06:46 | 000,442,368 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll[2012-05-03 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt[2012-05-02 12:15:17 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Tomb Raider - Legend[2012-05-01 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fashion Tycoon[2012-05-01 15:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation[2012-05-01 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Legend - Hand of God[2012-05-01 15:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Total Gameplay[2012-05-01 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Ascaron Entertainment[2012-04-30 15:51:50 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Gas Powered Games[2012-04-29 16:49:08 | 000,000,000 | -HSD | C] -- C:\Users\PePe\AppData\Roaming\.#[2012-04-29 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Ascaron Entertainment[2012-04-29 16:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkstar One[2012-04-26 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kurka Wodna[2012-04-26 21:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurka Wodna[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 60 Days ==========[2012-06-24 20:26:27 | 000,000,062 | ---- | M] () -- C:\Users\PePe\AppData\Local\BronNetDomList.bat[2012-06-24 20:21:15 | 000,012,393 | ---- | M] () -- C:\Users\PePe\AppData\Local\Update.12.Bron.Tok.bin[2012-06-24 20:15:37 | 000,012,393 | ---- | M] () -- C:\Users\PePe\AppData\Local\Bron.tok.A12.em.bin[2012-06-24 20:12:00 | 000,001,054 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2718601013-2663961341-4238597413-1001UA.job[2012-06-24 20:09:06 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012-06-24 20:09:06 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012-06-24 20:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012-06-24 20:03:45 | 2409,025,536 | -HS- | M] () -- C:\hiberfil.sys[2012-06-23 15:12:03 | 000,001,002 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2718601013-2663961341-4238597413-1001Core.job[2012-06-22 19:22:16 | 000,008,955 | ---- | M] () -- C:\Users\PePe\.recently-used.xbel[2012-06-20 21:49:23 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012-06-20 21:49:23 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat[2012-06-20 21:49:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012-06-20 21:49:23 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat[2012-06-20 21:49:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012-06-11 19:34:26 | 000,001,168 | ---- | M] () -- C:\Users\PePe\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk[2012-06-11 19:06:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\PePe\Desktop\minecraftsp.exe[2012-06-10 17:20:06 | 000,015,136 | ---- | M] () -- C:\Windows\SysNative\results.xml[2012-06-10 11:30:30 | 000,000,572 | ---- | M] () -- C:\Users\PePe\Desktop\Fraps.lnk[2012-06-09 00:39:46 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk[2012-06-04 13:14:48 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk[2012-05-22 20:54:08 | 000,005,880 | -HS- | M] () -- C:\Users\PePe\Documents\Folder.jpg[2012-05-22 20:54:08 | 000,005,880 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Large.jpg[2012-05-22 20:54:05 | 000,001,261 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArtSmall.jpg[2012-05-22 20:54:05 | 000,001,261 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Small.jpg[2012-05-17 07:07:53 | 000,277,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012-05-15 13:38:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf[2012-05-15 13:38:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf[2012-05-15 13:37:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf[2012-05-08 14:49:05 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2012-05-08 14:49:05 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2012-05-05 00:56:03 | 000,413,373 | RHS- | M] () -- C:\DTPHI[2012-05-05 00:56:03 | 000,000,000 | RHS- | M] () -- C:\jmsh.ld[2012-05-03 15:45:10 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012-06-24 20:21:15 | 000,012,393 | ---- | C] () -- C:\Users\PePe\AppData\Local\Update.12.Bron.Tok.bin[2012-06-24 20:15:37 | 000,012,393 | ---- | C] () -- C:\Users\PePe\AppData\Local\Bron.tok.A12.em.bin[2012-06-22 19:22:16 | 000,008,955 | ---- | C] () -- C:\Users\PePe\.recently-used.xbel[2012-06-11 19:34:26 | 000,001,168 | ---- | C] () -- C:\Users\PePe\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk[2012-06-10 11:30:30 | 000,000,572 | ---- | C] () -- C:\Users\PePe\Desktop\Fraps.lnk[2012-06-09 00:39:46 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk[2012-06-04 13:14:48 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk[2012-05-22 20:54:08 | 000,005,880 | -HS- | C] () -- C:\Users\PePe\Documents\Folder.jpg[2012-05-22 20:54:08 | 000,005,880 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Large.jpg[2012-05-22 20:54:08 | 000,001,261 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArtSmall.jpg[2012-05-22 20:54:08 | 000,001,261 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Small.jpg[2012-05-21 20:08:58 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk[2012-05-15 13:38:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf[2012-05-15 13:38:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf[2012-05-15 13:37:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf[2012-05-05 00:56:03 | 000,413,373 | RHS- | C] () -- C:\DTPHI[2012-05-05 00:56:03 | 000,000,000 | RHS- | C] () -- C:\jmsh.ld[2012-04-26 21:26:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\fsgscom.dll[2012-04-25 13:15:53 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe[2012-04-08 17:27:54 | 000,007,602 | ---- | C] () -- C:\Users\PePe\AppData\Local\Resmon.ResmonCfg[2012-04-02 09:02:38 | 000,042,667 | -H-- | C] () -- C:\Windows\eksplorasi.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\winlogon.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\smss.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\services.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\lsass.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\inetinfo.exe[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\csrss.exe[2012-02-02 15:59:15 | 000,892,361 | ---- | C] () -- C:\Users\PePe\DSC03384.JPG[2012-02-02 15:58:55 | 001,085,417 | ---- | C] () -- C:\Users\PePe\DSC03389.JPG[2012-02-02 15:58:55 | 000,650,847 | ---- | C] () -- C:\Users\PePe\DSC03386.JPG[2012-01-30 17:13:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat========== LOP Check ==========[2012-04-29 16:54:44 | 000,000,000 | -HSD | M] -- C:\Users\PePe\AppData\Roaming\.#[2012-06-13 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\.minecraft[2012-06-24 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\AIMP3[2012-05-01 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Ascaron Entertainment[2012-04-09 01:19:49 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\BitTorrent[2012-04-09 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\DAEMON Tools Lite[2012-02-27 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Foxit Software[2012-01-30 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Gadu-Gadu 10[2012-01-30 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\GG Tools[2012-06-22 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\gtk-2.0[2012-03-23 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\LolClient[2012-05-23 20:40:50 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\LolClient2[2012-03-14 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Mount&Blade Warband[2012-03-14 21:49:12 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\OpenFM[2012-05-15 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\T-Mobile[2012-02-29 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\ToD[2012-06-17 22:33:48 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Tropico 3[2012-02-16 00:19:51 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\TS3Client[2012-03-30 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Ubisoft[2012-06-05 14:56:09 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\XRay Engine[2012-05-08 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\ZombieDriver[2012-06-17 09:07:19 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Custom Scans ==========< %systemdrive%\*.* >[2012-05-03 15:45:10 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG[2012-04-25 13:13:35 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT[2007-04-15 12:57:52 | 000,000,025 | -HS- | M] () -- C:\autorun.inf[2011-08-04 09:38:34 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK[2012-01-29 19:12:43 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr[2012-01-29 19:12:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK[2010-07-02 12:52:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2012-05-05 00:56:03 | 000,413,373 | RHS- | M] () -- C:\DTPHI[2011-03-26 16:25:18 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini[2012-06-24 20:03:45 | 2409,025,536 | -HS- | M] () -- C:\hiberfil.sys[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll[2010-07-02 12:52:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2012-05-05 00:56:03 | 000,000,000 | RHS- | M] () -- C:\jmsh.ld[2011-11-01 11:06:53 | 000,000,088 | ---- | M] () -- C:\lxbu.log[2012-01-21 14:55:05 | 000,077,328 | ---- | M] () -- C:\lxbuscan.log[2011-10-27 17:32:45 | 000,000,458 | ---- | M] () -- C:\memory.txt[2010-07-02 12:52:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr[2012-06-24 20:03:50 | 3212,034,048 | -HS- | M] () -- C:\pagefile.sys[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI[2007-04-15 12:57:52 | 000,025,214 | -HS- | M] () -- C:\vista.ico< MD5 for: AGP440.SYS >[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys< MD5 for: ATAPI.SYS >[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys< MD5 for: BEEP.SYS >[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys< MD5 for: CDROM.SYS >[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys< MD5 for: NDIS.SYS >[2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys[2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys< MD5 for: WINLOGON.EXE >[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe[2008-01-04 15:44:48 | 000,042,667 | ---- | M] () MD5=EF44B817DCEB4C3BFD21FD3D08B5D28D -- C:\Users\PePe\AppData\Local\winlogon.exe Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 24, 2012 Zgłoś Share Napisano Czerwiec 24, 2012 Użyj tego: http://www.bitdefender.com/site/Downloads/downloadFile/773/FreeRemovalTool Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 25, 2012 Autor Zgłoś Share Napisano Czerwiec 25, 2012 Dobra, skan w toku, czy to wystarczy by pozbyć się Brontoka ?EDIT: Skanowanie zakończone, nic nie wykrył i nic nie usunął. Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 25, 2012 Zgłoś Share Napisano Czerwiec 25, 2012 Ooook.... to dziwne. Przyznam szczerze, że miałem na razie tylko raz doczynienia z tą infekcją, a wtedy narzędzie zadziałało... muszę pomyśleć i poczytać, jak i jeszcze raz przejrzeć logi, podbiję temat jak coś wymyślę (1-2 dni najpewniej) Link do komentarza Udostępnij na innych stronach More sharing options...
LanceNDZ Napisano Czerwiec 26, 2012 Zgłoś Share Napisano Czerwiec 26, 2012 od siebie polecam trzy programy: Comodo Cleaning Essentialshttp://www.dobreprog...dows,29620.html HitmanProhttp://www.dobreprog...dows,30968.html Malwarebytes Anti-Malwarehttp://www.dobreprog...dows,13117.htmlwszystkie przeznaczone do walki z trudnymi infekcjami, skanowanie zacznij od Hitmana, a gdybyś miał problemy z uruchamianiem tych programów warto sprobować uruchomić je w trybie awaryjnym z dostępem do sieci Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 26, 2012 Autor Zgłoś Share Napisano Czerwiec 26, 2012 Dobra, odpaliłem HitmanaPro, dużo ciasteczek takich bajerów wykrywa, być może w tym Brontoka, zaczekam do końca skanowania i napiszę jakie rezultaty.EDIT1: Okazało się, że infekcje siedzą w savach, które natychmiast usunąłem, wykryto jednak Brontoka a konkretnie w takim pliku " winlogon.exe" dalej jest sporo tego typu Malware : lsass.exe, smss.exe. Wszystkie charakteryzują się tą samą końcówką " .exe" . Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 26, 2012 Zgłoś Share Napisano Czerwiec 26, 2012 brontok infekuje:%WINDIR%\eksplorasi.pif%UserProfile%\Local Settings\Application Data\smss.exe%UserProfile%\Local Settings\Application Data\services.exe%UserProfile%\Local Settings\Application Data\lsass.exe%UserProfile%\Local Settings\Application Data\csrss.exe%UserProfile%\Local Settings\Application Data\inetinfo.exe%UserProfile%\Local Settings\Application Data\winlogon.exe%UserProfile%\Start Menu\Programs\Startup\Empty.pif%UserProfile%\Templates\WowTumpeh.com%WINDIR%\%CURRENT_USER%'s Setting.scr%WINDIR%\ShellNew\bronstab.exe Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 26, 2012 Autor Zgłoś Share Napisano Czerwiec 26, 2012 HitmanPro nie pozbył się wszystkiego niektóre, co najciekawsze, te same nadal wykrywa ( smss.exe, crss.exe itp. ) ale jest już ich mniej wtedy było ponad 100 w tym momencie 10. Kiedy ręcznie próbuje je wyrzucić to potrzebuje uprawnień administratora, chociaż je posiadam, po chwili wyskakuje tabelka " uzyskaj uprawnienia od TrustInstaller aby wprowadzić zmiany w tym pliku" ? O co w tym chodzi, czemu nie mogę tego usunąć tak po prostu ?EDIT: Sam Brontok nadal siedzi, HitmanPro usunął tylko pliki, które potworzył wirus, zostało około 10, w tym " winlogon". Przed chwilą chciałem sprawdzić za co odpowiada ten plik w necie, to automatycznie zresetował się komputer. Co teraz powinienem zrobić, jakim programem się posłużyć by wyrzucić te pliki, zastąpić nowymi, czystymi, ewentualnie jakaś manualna operacja, z usunięciem ich ?EDIT2: Skanowanie Malwarebytes Anti-Malware wykrył również " TROJAN.DROPPER" . Co jest dziwne, gdyż żaden program wcześniej go nie wykrył, coraz bardziej wydaje mi się, że jedyną opcją będzie formatowanie, choć nie chciałbym skorzystać z tej opcji . Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 26, 2012 Zgłoś Share Napisano Czerwiec 26, 2012 Użyj tego: http://www.bitdefender.com/support/How-to-create-a-Bitdefender-Rescue-CD-627.html Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 26, 2012 Autor Zgłoś Share Napisano Czerwiec 26, 2012 Tak konkretnie to co tam jest opisane w tym poradniku ? Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Hakken Napisano Czerwiec 26, 2012 Zgłoś Share Napisano Czerwiec 26, 2012 Nagranie nitdefender w wersji livecd na płytę.Bitdefender ma w bazie brontok-a, a działając z płyty nie będzie miał problemów związanych z działaniem wirusa. Link do komentarza Udostępnij na innych stronach More sharing options...
LanceNDZ Napisano Czerwiec 28, 2012 Zgłoś Share Napisano Czerwiec 28, 2012 próbowałeś skanowania w trybie awaryjnym? - może on ograniczyć mechanizmy obronne infekcjitak jak radzi Hakken LiveCD to też niezłe rozwiązanie, równie dobrze może się tu też sprawdzić Avira AntiVir Rescue System http://www.dobreprogramy.pl/Avira-AntiVir-Rescue-System,Program,Windows,20514.htmlwcześniej nie podawałemEmsisoft Emergency Kit http://www.dobreprogramy.pl/Emsisoft-Emergency-Kit,Program,Windows,13269.html - doskonała wykrywalność dzięki dwóm silnikom jednak okupiona częstymi fp Link do komentarza Udostępnij na innych stronach More sharing options...
Hink Napisano Czerwiec 28, 2012 Autor Zgłoś Share Napisano Czerwiec 28, 2012 LiveCD nie pomogło, bez zmian, pliki o których wcześniej wspominałem nadal są, nie mam już pomysłów, chyba będę musiał po kolei każdym antywirem skanować może któryś usunie bo pomysłów brak Link do komentarza Udostępnij na innych stronach More sharing options...