Wojak
-
Postów
14 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez Wojak
-
-
Witam, mam problem z ransomware Nozelens. Zakodował wszystkie moje zdjęcia, dokumenty itd. Sam wirus prawdopodobnie udało mi się usunąć za pomocą programów: Malwarebytes Anti-Malware oraz Adwcleaner. Lecz pliki na których mi zależy dalej są zakodowane. Każdy zakodowany plik ma dodaną końcówkę .nozelens . Usunięcie tej końcówki nic nie daje, ponieważ pliku dalej nie można otworzyć w żadnym programie. Nie mam już pomysłu jak sobie poradzić z tym problemem. Planowałem też zrobić format, ale mimo wszystko najpierw chcę mieć pewność, że uda mi się uzyskać dostęp do moich plików.
-
-
Tutaj link do prefs: http://chomikuj.pl/KokiX/Prywatne
hasło: _b5a278
-
GMER wrzucę za momencik, bo coś mi się zawiesza...
EDIT: z GMERem mam taki błąd:
Podpis problemu:
Nazwa zdarzenia problemu: BEX
Nazwa aplikacji: gmer.exe
Wersja aplikacji: 2.1.19357.0
Sygnatura czasowa aplikacji: 52e7ea83
Nazwa modułu z błędem: gmer.exe
Wersja modułu z błędem: 2.1.19357.0
Sygnatura czasowa modułu z błędem: 52e7ea83
Przesunięcie wyjątku: 0007eed4
Kod wyjątku: c0000409
Dane wyjątku: 00000000
Wersja systemu operacyjnego: 6.3.9600.2.0.0.256.48
Identyfikator ustawień regionalnych: 1045
Dodatkowe informacje 1: 2d0d
Dodatkowe informacje 2: 2d0daa8dde491a49e727037a0922c0fc
Dodatkowe informacje 3: f09d
Dodatkowe informacje 4: f09d8d96c97d2702fb2a5238d77e5683
-
Witam! Od pewnego czasu zapora Comodo wyświetla powiadomienia o programie czy pliku pakietu instalacyjnego o różnych nazwach, który próbuje się połączyć z Internetem. Blokuję dostęp do sieci i zamykam proces przez Comodo. Plik ten znajduję we folderze "\Temp". Zawsze ma inną nazwę, nazwa ostatniego "c47f7103-918c-4a7d-8343-92a7e69a0065". Zauważyłem też, że rozmiary plików są różne i tak samo jest z wersją - 1.0.0.1 do 1.0.0.8. We właściwościach czytam nazwę plików:
FSSUpdaterCleaner.exe
FSSUpdaterSilence.exe
-
Witam, pisze w imieniu kolegi ponieważ on nawet nie może wejść na forum bo mu wyłącza przeglądarke. Skanowaliśmy malwarebytes anti malware i nic to nie dało szczególnego. Nie wiemy co jest grane. Prosimy o pomoc.
-
Witam, nie jestem pewien czy się zaraziłem wirusem przez skyp'a ponieważ, kumpel rozesłał linki i kliknąłem w ten link, nic nie pobierało się. Od razu wywaliłem Skype dokładnie, następnie skanowałem:
Malwarebytes Anti-Malware - nic nie wykryło
AVG 2013 FREE - Wykryło 5 wirusów. 4 złe ciasteczka, a inni plik to jakaś infekcja związana z gadu-gadu, znajdowało się w głównym folderze gg i nazywało się gg.exe(3888) i było napisane: plik jest użyty przy użyciu naruszonego podpisu cyfrowego.
TDSS KILLER - nic nie wykryło
Jestem nieco trochę spokojniejszy lecz nadal pewności 100% nie mam. W jaki sposób mógłbym się dowiedzieć czy ten wirus jest nadal na komputerze? Poza tym posiadam Avg 2013 free oraz darmową zaporę Comodo i nic nie krzyczało gdy wszedłem w niebezpieczny link.
-
Ok dziękuję, można zamknąć temat.
-
Dzięki za odpowiedź, jednak już wywaliłem te pliki, nie mam tylko pojęcia skąd one się wzięły, ale mniejsza z tym
-
Dziękuje za szybką odpowiedź. Zrobiłem wszystko tak jak Pan napisał. Załączam logi po zrobieniu powyższych kroków i restarcie kompa. http://wklej.org/hash/0745082a65d/ Czy teraz jest wszystko ok? Czy już nic mi nie grozi? Przy okazji chciałbym się zapytać jaki Firewall darmowy byłby odpowiedni do darmowego AVG? Pozdrawiam.
-
Witam, na jednym forum kolega przez przypadek znalazł niepokojące mnie aktualnie pliki mmfs.dll oraz mmf.sys - czytałem trochę na necie i nie wyglądają mi to na lekkie wirusy, aczkolwiek nie stwierdziłem wielkich objawów w moim komputerze, poza tym AVG darmowy wykrył tylko 10 zarażonych ciasteczek, a Malwarebytes Anti-Malware nic nie wykryło. Jednak czy jest się czego bać? Wstawiam tutaj logi, zrobione przed chwilą w OTL:
http://wklej.org/id/905387/ - OTL.Txt
http://wklej.org/id/905389/ - Extras.Txt
Proszę o pomoc! Wesołych Świąt!
-
Udało mi się usunąć tego wirusa w malwarebytes w trybie awaryjnym i póki co mogę siedzieć już normalnie na systemie. Wklepałem ten skrypt, żeby usunąć "resztki" po tym wirusie. Za te problemy z logami i funkcją załączniki najmocniej przepraszam. Wrzucam tutaj na nowo logi z OTL po tym skrypcie.
-
Witam! Widzę, że wiele osób ma ten sam problem, co ja. Niecałą godzinę temu komputer został zablokowany.
Wstawiam log z OTL'a:
OTL logfile created on: 2012-07-06 16:08:28 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wojak\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 74,67% Memory free
7,99 Gb Paging File | 7,12 Gb Available in Paging File | 89,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,89 Gb Total Space | 35,02 Gb Free Space | 39,84% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 159,61 Gb Free Space | 79,80% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 37,03 Gb Free Space | 74,06% Space Free | Partition Type: NTFS
Drive F: | 106,64 Gb Total Space | 28,86 Gb Free Space | 27,07% Space Free | Partition Type: NTFS
Drive G: | 151,64 Gb Total Space | 55,86 Gb Free Space | 36,83% Space Free | Partition Type: NTFS
Computer Name: WOJAK-COOL | User Name: Wojak | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012-07-06 15:57:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Wojak\Desktop\OTL.exe
PRC - [2012-07-01 11:35:58 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012-06-17 09:08:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
========== Modules (No Company Name) ==========
MOD - [2012-07-01 11:35:58 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012-06-17 09:08:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012-04-06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-04-05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-07-05 18:51:00 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-07-01 11:35:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-06-08 15:21:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-31 14:30:17 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2011-11-06 14:31:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-10-30 16:39:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-06-29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010-06-25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012-04-06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-04-06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-03-14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012-03-14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012-03-14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012-03-05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012-03-05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-12-13 19:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011-12-12 22:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011-12-12 22:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011-11-11 17:05:10 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2011-10-31 10:16:46 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-06-25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010-06-17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010-03-22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-03-15 12:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010-03-15 12:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010-03-15 12:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010-03-15 12:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010-03-15 12:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010-03-15 12:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010-03-15 12:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-04-06 09:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009-04-06 09:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009-03-25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009-03-25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009-03-25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009-03-25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009-03-25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009-03-25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009-03-25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008-10-21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008-10-21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008-10-21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008-10-21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008-10-21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008-10-21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008-10-21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008-05-16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008-05-16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008-05-16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008-05-16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008-05-16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008-05-16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008-05-16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2012-01-08 14:01:01 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3-1C6F65ADD4CD}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-1C6F65ADD4CD}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3-1C6F65ADD4CD}
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-1C6F65ADD4CD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012-06-02 10:24:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-17 09:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-06-02 10:24:23 | 000,000,000 | ---D | M]
[2011-10-13 12:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wojak\AppData\Roaming\mozilla\Extensions
[2012-07-04 18:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wojak\AppData\Roaming\mozilla\Firefox\Profiles\oov1elmk.default\extensions
[2012-01-04 20:33:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wojak\AppData\Roaming\mozilla\Firefox\Profiles\oov1elmk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-05-03 21:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-06-17 09:08:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-06-08 15:21:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-06-08 15:21:09 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-06-08 15:21:09 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-06-08 15:21:09 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-06-08 15:21:09 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-06-08 15:21:09 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Wojak\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [systemcpl] C:\Users\Wojak\AppData\Local\Microsoft\Windows\766\systemcpl.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wojak\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wojak\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FBB43D7-FA73-4DF6-8959-E2113B821EFF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bd789ad4-f67f-11e0-9884-1c6f65add4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{bd789ad4-f67f-11e0-9884-1c6f65add4cd}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012-07-06 15:57:43 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Wojak\Desktop\OTL.exe
[2012-07-06 15:36:11 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Roaming\hellomoto
[2012-07-06 14:52:36 | 010,855,280 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Wojak\Desktop\LGUnitedMobileDriver S4981MAN36AP22 ML WHQL Ver 3.6.exe
[2012-07-06 14:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012-07-06 14:45:53 | 000,708,168 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2012-07-06 14:45:52 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Desktop\MicroAndroidPack
[2012-07-06 14:45:51 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Desktop\CWM-Installer-E400
[2012-07-06 12:55:24 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2012-07-06 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2012-07-06 09:57:53 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Roaming\Wireshark
[2012-07-06 09:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012-07-06 09:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012-07-02 18:32:07 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Desktop\Programy
[2012-07-02 18:03:28 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Documents\My Games
[2012-07-02 18:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012-07-02 14:12:50 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Documents\NFS ProStreet
[2012-07-02 14:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012-07-02 14:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012-07-01 11:53:18 | 000,000,000 | ---D | C] -- C:\Users\Wojak\Documents\Nowy folder
[2012-06-25 10:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012-06-24 22:06:22 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Omnius for SE
[2012-06-24 22:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnius for SE
[2012-06-16 15:04:49 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Local\Activision
[2012-06-16 15:01:39 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012-06-16 14:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012-06-10 09:17:38 | 000,000,000 | ---D | C] -- C:\Users\Wojak\AppData\Local\Macromedia
========== Files - Modified Within 30 Days ==========
[2012-07-06 15:57:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Wojak\Desktop\OTL.exe
[2012-07-06 15:45:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-06 15:45:15 | 3219,283,968 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-06 15:43:28 | 000,001,265 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012-07-06 15:16:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012-07-06 14:53:32 | 010,855,280 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Wojak\Desktop\LGUnitedMobileDriver S4981MAN36AP22 ML WHQL Ver 3.6.exe
[2012-07-06 14:51:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-06 12:42:50 | 151,581,522 | ---- | M] () -- C:\Users\Wojak\Desktop\update.zip
[2012-07-05 18:51:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-07-05 18:49:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-07-05 18:36:34 | 001,549,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-05 18:36:34 | 000,697,896 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-07-05 18:36:34 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-05 18:36:34 | 000,135,006 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-07-05 18:36:34 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-02 18:20:58 | 000,001,059 | ---- | M] () -- C:\Users\Wojak\Desktop\Company of Heroes.lnk
[2012-07-02 14:12:34 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-07-02 14:08:47 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed ProStreet.lnk
[2012-07-01 18:56:02 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-07-01 11:35:58 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-01 11:35:58 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-06-27 19:28:02 | 000,261,922 | ---- | M] () -- C:\Users\Wojak\Wideo005j.3gp
[2012-06-26 21:55:14 | 000,362,127 | ---- | M] () -- C:\Users\Wojak\Documents\Kvirus - Tech House2.mp3
[2012-06-26 21:39:13 | 000,339,662 | ---- | M] () -- C:\Users\Wojak\Documents\Kvirus - Tech House(1).mp3
[2012-06-26 21:37:22 | 000,000,000 | ---- | M] () -- C:\Users\Wojak\Documents\Kvirus - Tech House.mp3
[2012-06-26 14:59:33 | 000,403,923 | ---- | M] () -- C:\Users\Wojak\Documents\rmx.mp3
[2012-06-25 10:57:46 | 000,000,961 | ---- | M] () -- C:\Users\Wojak\Desktop\Indiana Jones and the Emperor's Tomb.lnk
[2012-06-16 09:20:56 | 000,000,215 | ---- | M] () -- C:\Users\Wojak\Desktop\Call of Duty Black Ops.url
[2012-06-16 09:20:56 | 000,000,215 | ---- | M] () -- C:\Users\Wojak\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012-06-14 21:56:04 | 002,291,506 | ---- | M] () -- C:\Users\Wojak\Documents\Kvirus - Counter Strike.mp3
[2012-06-13 22:02:55 | 000,674,004 | ---- | M] () -- C:\Users\Wojak\Documents\cs.mp3
[2012-06-12 22:08:24 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012-06-10 15:06:15 | 000,001,189 | ---- | M] () -- C:\Users\Wojak\Desktop\Counter-Strike.lnk
[2012-06-10 14:39:29 | 000,000,444 | RHS- | M] () -- C:\Users\Wojak\ntuser.pol
[2012-06-10 09:34:52 | 000,000,612 | ---- | M] () -- C:\Users\Public\Desktop\AIMP.lnk
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_2_c_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_2_b_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_2_a_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_1_c_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_1_b_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | M] () -- C:\800_1_a_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | M] () -- C:\800_3_c_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | M] () -- C:\800_3_b_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | M] () -- C:\800_3_a_loading.tga
[2012-06-09 15:08:21 | 000,024,594 | ---- | M] () -- C:\800_2_d_loading.tga
[2012-06-09 15:08:21 | 000,024,594 | ---- | M] () -- C:\800_1_d_loading.tga
[2012-06-09 15:08:21 | 000,008,466 | ---- | M] () -- C:\800_3_d_loading.tga
[2012-06-08 15:19:06 | 000,011,222 | ---- | M] () -- C:\Users\Wojak\Documents\Wojak.aimppl
========== Files Created - No Company Name ==========
[2012-07-06 15:19:14 | 151,581,522 | ---- | C] () -- C:\Users\Wojak\Desktop\update.zip
[2012-07-06 15:16:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012-07-03 22:42:42 | 734,019,584 | ---- | C] () -- C:\Users\Wojak\Desktop\Morderca zostawia Ślad (1967).avi
[2012-07-03 10:46:45 | 000,261,922 | ---- | C] () -- C:\Users\Wojak\Wideo005j.3gp
[2012-07-02 18:03:08 | 000,001,059 | ---- | C] () -- C:\Users\Wojak\Desktop\Company of Heroes.lnk
[2012-07-02 14:08:47 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed ProStreet.lnk
[2012-07-01 11:35:59 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-26 21:54:53 | 000,362,127 | ---- | C] () -- C:\Users\Wojak\Documents\Kvirus - Tech House2.mp3
[2012-06-26 21:38:54 | 000,339,662 | ---- | C] () -- C:\Users\Wojak\Documents\Kvirus - Tech House(1).mp3
[2012-06-26 21:37:22 | 000,000,000 | ---- | C] () -- C:\Users\Wojak\Documents\Kvirus - Tech House.mp3
[2012-06-26 14:59:05 | 000,403,923 | ---- | C] () -- C:\Users\Wojak\Documents\rmx.mp3
[2012-06-25 10:47:50 | 000,000,961 | ---- | C] () -- C:\Users\Wojak\Desktop\Indiana Jones and the Emperor's Tomb.lnk
[2012-06-16 09:20:56 | 000,000,215 | ---- | C] () -- C:\Users\Wojak\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012-06-16 09:20:55 | 000,000,215 | ---- | C] () -- C:\Users\Wojak\Desktop\Call of Duty Black Ops.url
[2012-06-14 21:55:15 | 002,291,506 | ---- | C] () -- C:\Users\Wojak\Documents\Kvirus - Counter Strike.mp3
[2012-06-13 22:02:27 | 000,674,004 | ---- | C] () -- C:\Users\Wojak\Documents\cs.mp3
[2012-06-10 14:39:29 | 000,000,444 | RHS- | C] () -- C:\Users\Wojak\ntuser.pol
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_2_c_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_2_b_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_2_a_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_1_c_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_1_b_loading.tga
[2012-06-09 15:08:21 | 000,196,626 | ---- | C] () -- C:\800_1_a_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | C] () -- C:\800_3_c_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | C] () -- C:\800_3_b_loading.tga
[2012-06-09 15:08:21 | 000,067,602 | ---- | C] () -- C:\800_3_a_loading.tga
[2012-06-09 15:08:21 | 000,024,594 | ---- | C] () -- C:\800_2_d_loading.tga
[2012-06-09 15:08:21 | 000,024,594 | ---- | C] () -- C:\800_1_d_loading.tga
[2012-06-09 15:08:21 | 000,008,466 | ---- | C] () -- C:\800_3_d_loading.tga
[2012-06-08 15:19:06 | 000,011,222 | ---- | C] () -- C:\Users\Wojak\Documents\Wojak.aimppl
[2012-05-09 22:46:20 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012-04-06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-04-06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-03-31 14:30:17 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2012-03-31 14:30:17 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2012-03-31 14:30:17 | 000,001,265 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2012-03-11 19:07:51 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-03-01 22:39:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012-02-27 22:32:54 | 000,000,325 | ---- | C] () -- C:\Windows\game.ini
[2012-01-25 15:04:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012-01-14 13:03:44 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011-12-17 10:39:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-11-12 10:30:41 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011-11-06 22:54:18 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-10-25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-10-23 21:06:07 | 000,025,600 | ---- | C] () -- C:\Users\Wojak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-10-14 13:53:33 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-10-14 13:53:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-10-13 11:53:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011-09-19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
< End of report >
Z góry dziękuje za pomoc.
Ransomware Nozelens
w Dział pomocy doraźnej
Opublikowano
Czyli nie ma szans, żeby odblokować te pliki?