Brontok - jak się pozbyć, zwykły antywirus nie pomaga.

Hink · Czerwiec 22, 2012

Witam.

Ostatnio zauważyłem, w moich obrazach "about.Brontok.HTML".

I co jakiś czas otwiera się dziwna strona, usunąć się tego nie da, ciągle od nowa się pojawia, Avast nie chce tego usunąć, a czasami kiedy dochodzi proces skanowania właśnie do tego folderu to

komputer się resetuje. Nie wiem jak się tego pozbyć, myślę, żeby użyć ComboFixa, ale czy to będzie bezpieczne i jak się nim obsługiwać, szczerze nigdy nie miałem do czynienia z poważniejszymi wirusami więc jestem totalnie zielony w tych sprawach. Piszcie, wyśle logi z programów jeśli dam radę.

RaZziaN · Czerwiec 22, 2012

Combofix powinien bardziej pomóc niż zaszkodzic.

W razie czego pliki usuniete mozna przywrocic, przy okazjii program doinstaluje konsole odzyskiwania wiec nie powinno byc problemu.

PRzed skanowaniem ale po instalacjii konsoli warto odlaczyc internet o ile to mozliwe, a w czasie skanowania nie dotykaj niczego i wszystko bedzie ok. Pamietaj by log po skanie zamiescic na jakims forum, aby sie upewnic co do all. Mozesz wczesniej sie pobawic w skan w Gmerze ale to wg mnie za dlugo by trwalo;

pozdro

[Ekspert] Hakken · Czerwiec 22, 2012

Nie używaj combofix-a o ile nie wiesz dobrze jak go używać, lub osoba która ci pomaga wyraźnie zaznaczy, że masz to zrobić (przyjmując, że osoba ta wie co mówi).

Teraz pisze z telefonu, wiec teraz nie napisze jak to usunac. wroce do domu to pomoge (w niedziele dopiero bede mogl pomoc)

Hink · Czerwiec 22, 2012

Skoro ComboFix ma możliwość odzyskania plików, które usunął to w sumie nie powinno być problemu.

W niedziele powiadasz, będę czekać jeśli infekcja się nie rozwinie w pokaźny sposób.

[Ekspert] Hakken · Czerwiec 22, 2012

Jesli zalezy ci na czasie (co nawet ma sens) to mozesz zalozyc temat na forum geekstogo.com, sam tam zajmuje sie usuwaniem wirusow, wiec wiem, ze jest pewnie i szybko

Hink · Czerwiec 22, 2012

Zagraniczne forum ? Z angielskiego dobry nie jestem, ale warto spróbować, jeśli tam nic nie wskóram , to zaczekam za Tobą do niedzieli

EDIT: Brontok nawet na użycie ComboFixa nie pozwala, przy próbie instalacji ponownie uruchamia komputer. Skoro nie mogę sprawdzić logów ani zainstalować żadnych innych antywirusów co pozostaje mi do zrobienia ?

[Ekspert] Hakken · Czerwiec 24, 2012

Jaki masz system operacyjny ?

Hink · Czerwiec 24, 2012

System operacyjny - Windows 7 Ultimate 64bit.

[Ekspert] Hakken · Czerwiec 24, 2012

Możesz uruchomić OTL i wygenerować log ?

Hink · Czerwiec 24, 2012

Nie wiem czy o to konkretnie Ci chodziło, ale log udało się wygenerować.


[log]OTL logfile created on: 2012-06-24 20:21:42 - Run 1
OTL by OldTimer - Version 3.2.53.0	 Folder = C:\Users\PePe\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,72% Memory free
5,98 Gb Paging File | 4,63 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 21,83 Gb Free Space | 22,36% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 27,56 Gb Free Space | 28,22% Space Free | Partition Type: NTFS
Drive E: | 102,77 Gb Total Space | 38,80 Gb Free Space | 37,75% Space Free | Partition Type: NTFS
Computer Name: PEPE-KOMPUTER | User Name: PePe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (All) ==========
PRC - [2012-06-24 20:07:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PePe\Downloads\OTL.exe
PRC - [2012-06-13 15:15:04 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012-06-13 15:15:03 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2012-05-24 09:45:39 | 002,686,976 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
PRC - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2011-10-29 07:54:14 | 001,294,336 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe
PRC - [2009-07-14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\winlogon.exe
PRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\services.exe
PRC - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\lsass.exe

========== Modules (All) ==========
MOD - [2012-06-24 20:07:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PePe\Downloads\OTL.exe
MOD - [2012-06-13 15:15:06 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012-06-13 15:15:03 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\chrome.exe
MOD - [2012-06-07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012-06-07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012-06-07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012-06-07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012-06-07 10:13:25 | 009,962,520 | ---- | M] (The ICU Project) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\icudt.dll
MOD - [2012-06-07 10:13:19 | 035,876,888 | ---- | M] (Google Inc.) -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\chrome.dll
MOD - [2012-06-07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012-06-07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012-06-07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Users\PePe\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll
MOD - [2012-05-24 09:45:39 | 002,686,976 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
MOD - [2012-01-30 17:13:10 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2012-01-18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MOD - [2011-11-17 07:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2011-11-17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2011-11-17 07:39:21 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2011-11-17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2011-11-17 07:35:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2011-11-05 06:35:50 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2011-11-05 06:35:47 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2011-11-05 06:34:00 | 002,072,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2011-10-29 07:54:14 | 001,294,336 | ---- | M] () -- C:\Users\PePe\Desktop\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011-09-07 16:48:42 | 000,118,784 | ---- | M] (Solid State Networks) -- C:\Users\PePe\Desktop\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\launcher.maestro.dll
MOD - [2011-08-27 06:43:07 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2011-08-27 06:43:06 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2011-07-16 06:32:14 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\acwow64.dll
MOD - [2011-07-16 06:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2011-07-16 06:30:27 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2011-05-24 12:34:20 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011-05-24 12:34:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2011-03-03 07:29:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2010-12-21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2010-12-21 07:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
MOD - [2010-08-21 07:33:24 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2010-06-29 07:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-06-19 08:23:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010-05-26 12:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_43.dll
MOD - [2010-05-26 12:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DX9_43.dll
MOD - [2010-05-23 12:11:48 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll
MOD - [2009-12-29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009-09-23 13:18:08 | 003,829,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dll
MOD - [2009-09-23 13:14:54 | 000,536,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumdx32.dll
MOD - [2009-08-29 08:57:31 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009-08-18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
MOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2009-07-14 03:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009-07-14 03:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2009-07-14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2009-07-14 03:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sqmapi.dll
MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009-07-14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009-07-14 03:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009-07-14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009-07-14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009-07-14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009-07-14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009-07-14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009-07-14 03:16:02 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2009-07-14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvbvm60.dll
MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009-07-14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009-07-14 03:15:46 | 002,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
MOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 03:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009-07-14 03:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll
MOD - [2009-07-14 03:15:36 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\logoncli.dll
MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009-07-14 03:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2009-07-14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2009-07-14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009-07-14 03:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2009-07-14 03:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2009-07-14 03:15:19 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\evr.dll
MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009-07-14 03:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll
MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 03:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll
MOD - [2009-07-14 03:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009-07-14 03:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009-07-14 03:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll
MOD - [2009-07-14 03:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll
MOD - [2009-07-14 03:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009-07-14 03:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll
MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 03:15:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
MOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009-07-14 03:14:52 | 000,260,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsnt.dll
MOD - [2009-07-14 03:14:52 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsldpc.dll
MOD - [2009-07-14 03:14:52 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\activeds.dll
MOD - [2009-07-14 03:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe
MOD - [2009-07-14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2009-07-14 03:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2009-06-10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009-06-10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2009-06-10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009-06-10 23:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
MOD - [2008-07-12 09:18:52 | 003,851,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DX9_39.dll
MOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\winlogon.exe
MOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\services.exe
MOD - [2008-01-04 15:44:48 | 000,042,667 | ---- | M] () -- C:\Users\PePe\AppData\Local\lsass.exe

========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-06-13 15:15:04 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012-05-03 09:49:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========
DRV:64bit: - [2012-04-09 20:01:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-10-24 09:50:28 | 000,052,936 | ---- | M] (TrustPort, a.s.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers    psec.sys -- (tpsec)
DRV:64bit: - [2010-03-25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010-03-24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010-03-20 12:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2010-03-20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009-09-23 13:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009-07-13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009-06-25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009-06-10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel?
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007-08-09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006-11-18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2011-10-24 09:48:18 | 000,020,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\TrustPort\bin\dsio.sys -- (dsio)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-04-17 20:05:13&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-17 20:05:13&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-06-13 15:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

========== Chrome  ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PePe\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java? Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PePe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\PePe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012-01-30 17:13:03 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Java? Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [4StoryPrePatch] D:\Program Files (x86)\Gameforge4D\4Story_PL\PrePatch.exe File not found
O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner File not found
O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001..\Run: [Tok-Cirrhatus] C:\Users\PePe\AppData\Local\smss.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30230CF4-0E9E-42C5-B36A-16FA6C59F939}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-2718601013-2663961341-4238597413-1001 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-25 13:13:35 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-04-15 12:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-15 18:53:19 | 000,000,089 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{0fb14e8f-9e83-11e1-9d7b-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{0fb14e8f-9e83-11e1-9d7b-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{229457a9-4a9f-11e1-89e8-001f3c635a76}\Shell - "" = AutoRun
O33 - MountPoints2\{229457a9-4a9f-11e1-89e8-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{229457e3-4a9f-11e1-89e8-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{229457e3-4a9f-11e1-89e8-002215367d29}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{68e2b609-9f47-11e1-9c34-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2b609-9f47-11e1-9c34-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{68e2b61c-9f47-11e1-9c34-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2b61c-9f47-11e1-9c34-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7700cfba-bb02-11e1-822f-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{7700cfba-bb02-11e1-822f-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell\AutoRun\command - "" = G:\Setup.Exe
O33 - MountPoints2\{8e09485e-8268-11e1-9ddc-001e101fe5e1}\Shell\menu01\command - "" = notepad.exe "readme.txt"
O33 - MountPoints2\{982eef6c-9e81-11e1-9dc5-001f3c635a76}\Shell - "" = AutoRun
O33 - MountPoints2\{982eef6c-9e81-11e1-9dc5-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{982eef7e-9e81-11e1-9dc5-001f3c635a76}\Shell - "" = AutoRun
O33 - MountPoints2\{982eef7e-9e81-11e1-9dc5-001f3c635a76}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c4884bc6-7d7d-11e1-9d67-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{c4884bc6-7d7d-11e1-9d67-002215367d29}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{c4abd37c-abca-11e1-b6aa-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{c4abd37c-abca-11e1-b6aa-002215367d29}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f59c2344-4ca9-11e1-8fa8-002215367d29}\Shell - "" = AutoRun
O33 - MountPoints2\{f59c2344-4ca9-11e1-8fa8-002215367d29}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^PePe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif - C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif - ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: avasdmft - Driver
SafeBootNet:64bit: avas_service - Service
SafeBootNet:64bit: avss_service - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: tpavdrw_service - Service
SafeBootNet:64bit: tpsec - C:\Windows\SysNative\drivers    psec.sys (TrustPort, a.s.)
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: avasdmft - Driver
SafeBootNet: avas_service - Service
SafeBootNet: avss_service - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tpavdrw_service - Service
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
========== Files/Folders - Created Within 60 Days ==========
[2012-06-24 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-24
[2012-06-23 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-23
[2012-06-22 23:02:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-06-22 23:02:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012-06-22 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Bron.tok-12-22
[2012-06-20 21:47:08 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2012-06-20 21:47:08 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012-06-20 21:47:08 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012-06-20 21:47:08 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012-06-20 21:47:08 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012-06-20 21:47:08 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2012-06-14 06:52:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\AVG Secure Search
[2012-06-13 12:10:22 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\PePe\Desktop\minecraftsp.exe
[2012-06-12 16:22:59 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\.minecraft
[2012-06-11 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012-06-11 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\InstallShield
[2012-06-10 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\Desktop\stalker-stcs
[2012-06-10 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\PePe\Desktop\STALKER-SHOC
[2012-06-10 11:30:30 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012-06-09 00:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2012-06-09 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\AIMP3
[2012-06-09 00:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3
[2012-06-05 18:18:37 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Tropico 3
[2012-06-05 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\XRay Engine
[2012-06-05 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-stcs
[2012-06-04 13:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSC Game World
[2012-06-04 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2012-05-23 20:40:50 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\LolClient2
[2012-05-22 18:14:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012-05-22 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012-05-19 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\RRR2
[2012-05-19 18:22:07 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Hydrophobia
[2012-05-16 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\gtk-2.0
[2012-05-16 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\PePe\.thumbnails
[2012-05-15 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\T-Mobile
[2012-05-15 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012-05-13 00:02:31 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\gegl-0.0
[2012-05-13 00:02:31 | 000,000,000 | ---D | C] -- C:\Users\PePe\.gimp-2.6
[2012-05-13 00:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012-05-13 00:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2012-05-13 00:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v9Soft
[2012-05-12 21:24:11 | 000,000,000 | ---D | C] -- C:\Users\PePe\Nowy folder
[2012-05-12 21:23:48 | 000,000,000 | ---D | C] -- C:\Users\PePe\Zdjecia
[2012-05-08 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\ZombieDriver
[2012-05-08 14:49:05 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-05-08 14:49:05 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-05-08 14:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012-05-08 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012-05-03 16:12:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2012-05-03 16:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012-05-03 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\EA Games
[2012-05-03 16:06:46 | 000,442,368 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2012-05-03 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012-05-02 12:15:17 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Tomb Raider - Legend
[2012-05-01 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fashion Tycoon
[2012-05-01 15:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012-05-01 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Legend - Hand of God
[2012-05-01 15:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Total Gameplay
[2012-05-01 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Ascaron Entertainment
[2012-04-30 15:51:50 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Local\Gas Powered Games
[2012-04-29 16:49:08 | 000,000,000 | -HSD | C] -- C:\Users\PePe\AppData\Roaming\.#
[2012-04-29 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\PePe\Documents\Ascaron Entertainment
[2012-04-29 16:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkstar One
[2012-04-26 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\PePe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kurka Wodna
[2012-04-26 21:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurka Wodna
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 60 Days ==========
[2012-06-24 20:26:27 | 000,000,062 | ---- | M] () -- C:\Users\PePe\AppData\Local\BronNetDomList.bat
[2012-06-24 20:21:15 | 000,012,393 | ---- | M] () -- C:\Users\PePe\AppData\Local\Update.12.Bron.Tok.bin
[2012-06-24 20:15:37 | 000,012,393 | ---- | M] () -- C:\Users\PePe\AppData\Local\Bron.tok.A12.em.bin
[2012-06-24 20:12:00 | 000,001,054 | ---- | M] () -- C:\Windows    asks\GoogleUpdateTaskUserS-1-5-21-2718601013-2663961341-4238597413-1001UA.job
[2012-06-24 20:09:06 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-24 20:09:06 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-24 20:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-24 20:03:45 | 2409,025,536 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-23 15:12:03 | 000,001,002 | ---- | M] () -- C:\Windows    asks\GoogleUpdateTaskUserS-1-5-21-2718601013-2663961341-4238597413-1001Core.job
[2012-06-22 19:22:16 | 000,008,955 | ---- | M] () -- C:\Users\PePe\.recently-used.xbel
[2012-06-20 21:49:23 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-20 21:49:23 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-06-20 21:49:23 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-20 21:49:23 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-06-20 21:49:23 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-11 19:34:26 | 000,001,168 | ---- | M] () -- C:\Users\PePe\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012-06-11 19:06:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\PePe\Desktop\minecraftsp.exe
[2012-06-10 17:20:06 | 000,015,136 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012-06-10 11:30:30 | 000,000,572 | ---- | M] () -- C:\Users\PePe\Desktop\Fraps.lnk
[2012-06-09 00:39:46 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012-06-04 13:14:48 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2012-05-22 20:54:08 | 000,005,880 | -HS- | M] () -- C:\Users\PePe\Documents\Folder.jpg
[2012-05-22 20:54:08 | 000,005,880 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Large.jpg
[2012-05-22 20:54:05 | 000,001,261 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArtSmall.jpg
[2012-05-22 20:54:05 | 000,001,261 | -HS- | M] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Small.jpg
[2012-05-17 07:07:53 | 000,277,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-15 13:38:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012-05-15 13:38:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012-05-15 13:37:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012-05-08 14:49:05 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-05-08 14:49:05 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-05-05 00:56:03 | 000,413,373 | RHS- | M] () -- C:\DTPHI
[2012-05-05 00:56:03 | 000,000,000 | RHS- | M] () -- C:\jmsh.ld
[2012-05-03 15:45:10 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012-06-24 20:21:15 | 000,012,393 | ---- | C] () -- C:\Users\PePe\AppData\Local\Update.12.Bron.Tok.bin
[2012-06-24 20:15:37 | 000,012,393 | ---- | C] () -- C:\Users\PePe\AppData\Local\Bron.tok.A12.em.bin
[2012-06-22 19:22:16 | 000,008,955 | ---- | C] () -- C:\Users\PePe\.recently-used.xbel
[2012-06-11 19:34:26 | 000,001,168 | ---- | C] () -- C:\Users\PePe\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012-06-10 11:30:30 | 000,000,572 | ---- | C] () -- C:\Users\PePe\Desktop\Fraps.lnk
[2012-06-09 00:39:46 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012-06-04 13:14:48 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2012-05-22 20:54:08 | 000,005,880 | -HS- | C] () -- C:\Users\PePe\Documents\Folder.jpg
[2012-05-22 20:54:08 | 000,005,880 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Large.jpg
[2012-05-22 20:54:08 | 000,001,261 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArtSmall.jpg
[2012-05-22 20:54:08 | 000,001,261 | -HS- | C] () -- C:\Users\PePe\Documents\AlbumArt_{AF0D3CD8-C623-43F8-8DFF-4800391B6652}_Small.jpg
[2012-05-21 20:08:58 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012-05-15 13:38:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012-05-15 13:38:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012-05-15 13:37:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012-05-05 00:56:03 | 000,413,373 | RHS- | C] () -- C:\DTPHI
[2012-05-05 00:56:03 | 000,000,000 | RHS- | C] () -- C:\jmsh.ld
[2012-04-26 21:26:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\fsgscom.dll
[2012-04-25 13:15:53 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012-04-08 17:27:54 | 000,007,602 | ---- | C] () -- C:\Users\PePe\AppData\Local\Resmon.ResmonCfg
[2012-04-02 09:02:38 | 000,042,667 | -H-- | C] () -- C:\Windows\eksplorasi.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\winlogon.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\smss.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\services.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\lsass.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\inetinfo.exe
[2012-04-02 09:02:38 | 000,042,667 | ---- | C] () -- C:\Users\PePe\AppData\Local\csrss.exe
[2012-02-02 15:59:15 | 000,892,361 | ---- | C] () -- C:\Users\PePe\DSC03384.JPG
[2012-02-02 15:58:55 | 001,085,417 | ---- | C] () -- C:\Users\PePe\DSC03389.JPG
[2012-02-02 15:58:55 | 000,650,847 | ---- | C] () -- C:\Users\PePe\DSC03386.JPG
[2012-01-30 17:13:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== LOP Check ==========
[2012-04-29 16:54:44 | 000,000,000 | -HSD | M] -- C:\Users\PePe\AppData\Roaming\.#
[2012-06-13 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\.minecraft
[2012-06-24 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\AIMP3
[2012-05-01 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Ascaron Entertainment
[2012-04-09 01:19:49 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\BitTorrent
[2012-04-09 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\DAEMON Tools Lite
[2012-02-27 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Foxit Software
[2012-01-30 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Gadu-Gadu 10
[2012-01-30 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\GG Tools
[2012-06-22 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\gtk-2.0
[2012-03-23 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\LolClient
[2012-05-23 20:40:50 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\LolClient2
[2012-03-14 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Mount&Blade Warband
[2012-03-14 21:49:12 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\OpenFM
[2012-05-15 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\T-Mobile
[2012-02-29 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\ToD
[2012-06-17 22:33:48 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Tropico 3
[2012-02-16 00:19:51 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\TS3Client
[2012-03-30 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\Ubisoft
[2012-06-05 14:56:09 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\XRay Engine
[2012-05-08 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\PePe\AppData\Roaming\ZombieDriver
[2012-06-17 09:07:19 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %systemdrive%\*.* >
[2012-05-03 15:45:10 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG
[2012-04-25 13:13:35 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2007-04-15 12:57:52 | 000,000,025 | -HS- | M] () -- C:\autorun.inf
[2011-08-04 09:38:34 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2012-01-29 19:12:43 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012-01-29 19:12:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-07-02 12:52:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012-05-05 00:56:03 | 000,413,373 | RHS- | M] () -- C:\DTPHI
[2011-03-26 16:25:18 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012-06-24 20:03:45 | 2409,025,536 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010-07-02 12:52:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-05-05 00:56:03 | 000,000,000 | RHS- | M] () -- C:\jmsh.ld
[2011-11-01 11:06:53 | 000,000,088 | ---- | M] () -- C:\lxbu.log
[2012-01-21 14:55:05 | 000,077,328 | ---- | M] () -- C:\lxbuscan.log
[2011-10-27 17:32:45 | 000,000,458 | ---- | M] () -- C:\memory.txt
[2010-07-02 12:52:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2012-06-24 20:03:50 | 3212,034,048 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2007-04-15 12:57:52 | 000,025,214 | -HS- | M] () -- C:\vista.ico
< MD5 for: AGP440.SYS  >
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS  >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: BEEP.SYS  >
[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
< MD5 for: CDROM.SYS  >
[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: NDIS.SYS  >
[2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: WINLOGON.EXE  >
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008-01-04 15:44:48 | 000,042,667 | ---- | M] () MD5=EF44B817DCEB4C3BFD21FD3D08B5D28D -- C:\Users\PePe\AppData\Local\winlogon.exe

[Ekspert] Hakken · Czerwiec 24, 2012

Użyj tego: http://www.bitdefender.com/site/Downloads/downloadFile/773/FreeRemovalTool

Hink · Czerwiec 25, 2012

Dobra, skan w toku, czy to wystarczy by pozbyć się Brontoka ?

EDIT: Skanowanie zakończone, nic nie wykrył i nic nie usunął.

[Ekspert] Hakken · Czerwiec 25, 2012

Ooook.... to dziwne. Przyznam szczerze, że miałem na razie tylko raz doczynienia z tą infekcją, a wtedy narzędzie zadziałało... muszę pomyśleć i poczytać, jak i jeszcze raz przejrzeć logi, podbiję temat jak coś wymyślę (1-2 dni najpewniej)

LanceNDZ · Czerwiec 26, 2012

od siebie polecam trzy programy:

Comodo Cleaning Essentials

http://www.dobreprog...dows,29620.html

HitmanPro

http://www.dobreprog...dows,30968.html

Malwarebytes Anti-Malware

http://www.dobreprog...dows,13117.html

wszystkie przeznaczone do walki z trudnymi infekcjami, skanowanie zacznij od Hitmana, a gdybyś miał problemy z uruchamianiem tych programów warto sprobować uruchomić je w trybie awaryjnym z dostępem do sieci

Hink · Czerwiec 26, 2012

Dobra, odpaliłem HitmanaPro, dużo ciasteczek takich bajerów wykrywa, być może w tym Brontoka, zaczekam do końca skanowania i napiszę jakie rezultaty.

EDIT1: Okazało się, że infekcje siedzą w savach, które natychmiast usunąłem, wykryto jednak Brontoka a konkretnie w takim pliku " winlogon.exe" dalej jest sporo tego typu Malware : lsass.exe, smss.exe. Wszystkie charakteryzują się tą samą końcówką " .exe" .

[Ekspert] Hakken · Czerwiec 26, 2012

brontok infekuje:

%WINDIR%\eksplorasi.pif
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
%UserProfile%\Start Menu\Programs\Startup\Empty.pif

%UserProfile%\Templates\WowTumpeh.com
%WINDIR%\%CURRENT_USER%'s Setting.scr
%WINDIR%\ShellNew\bronstab.exe

Hink · Czerwiec 26, 2012

HitmanPro nie pozbył się wszystkiego niektóre, co najciekawsze, te same nadal wykrywa ( smss.exe, crss.exe itp. ) ale jest już ich mniej wtedy było ponad 100 w tym momencie 10. Kiedy ręcznie próbuje je wyrzucić to potrzebuje uprawnień administratora, chociaż je posiadam, po chwili wyskakuje tabelka " uzyskaj uprawnienia od TrustInstaller aby wprowadzić zmiany w tym pliku" ? O co w tym chodzi, czemu nie mogę tego usunąć tak po prostu ?

EDIT: Sam Brontok nadal siedzi, HitmanPro usunął tylko pliki, które potworzył wirus, zostało około 10, w tym " winlogon". Przed chwilą chciałem sprawdzić za co odpowiada ten plik w necie, to automatycznie zresetował się komputer. Co teraz powinienem zrobić, jakim programem się posłużyć by wyrzucić te pliki, zastąpić nowymi, czystymi, ewentualnie jakaś manualna operacja, z usunięciem ich ?

EDIT2: Skanowanie Malwarebytes Anti-Malware wykrył również " TROJAN.DROPPER" . Co jest dziwne, gdyż żaden program wcześniej go nie wykrył, coraz bardziej wydaje mi się, że jedyną opcją będzie formatowanie, choć nie chciałbym skorzystać z tej opcji .

[Ekspert] Hakken · Czerwiec 26, 2012

Użyj tego: http://www.bitdefender.com/support/How-to-create-a-Bitdefender-Rescue-CD-627.html

Hink · Czerwiec 26, 2012

Tak konkretnie to co tam jest opisane w tym poradniku ?

[Ekspert] Hakken · Czerwiec 26, 2012

Nagranie nitdefender w wersji livecd na płytę.

Bitdefender ma w bazie brontok-a, a działając z płyty nie będzie miał problemów związanych z działaniem wirusa.

LanceNDZ · Czerwiec 28, 2012

próbowałeś skanowania w trybie awaryjnym? - może on ograniczyć mechanizmy obronne infekcji

tak jak radzi Hakken LiveCD to też niezłe rozwiązanie, równie dobrze może się tu też sprawdzić Avira AntiVir Rescue System http://www.dobreprogramy.pl/Avira-AntiVir-Rescue-System,Program,Windows,20514.html

wcześniej nie podawałemEmsisoft Emergency Kit http://www.dobreprogramy.pl/Emsisoft-Emergency-Kit,Program,Windows,13269.html - doskonała wykrywalność dzięki dwóm silnikom jednak okupiona częstymi fp

Hink · Czerwiec 28, 2012

LiveCD nie pomogło, bez zmian, pliki o których wcześniej wspominałem nadal są, nie mam już pomysłów, chyba będę musiał po kolei każdym antywirem skanować może któryś usunie bo pomysłów brak

Zaloguj się

Zarchiwizowany

Brontok - jak się pozbyć, zwykły antywirus nie pomaga.

Polecane posty

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników