Problema ciudata

Salut, am o problema foarte ciudata. Prima data cand s-a manifestat m-am speriat putin, dar acum m-am obisnuit.Stau pur si simplu la PC si dintr-o data se deschide chrome cu aceasta pagina:
https://www.dropbox....15 15.31.14.png

Nici nu stiu ce inseamna scrisul de pe acolo, dar cert e ca m-am infectat calumea de tot.
Ce sa fac?

Nu e ciudata, esti virusat cu brontok, un virus "legendar" de browser. N-am mai auzit de el de cativa ani   A reinviat ?? Il scoti usor daca rulezi malware byte sau alt antivirus

1. Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe AdwCleaner.exe pentru al rula.
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Click pe Scan.
Asteapta sa termine de cautat.
Dupa click pe Clean.
Un fisier log se va deschide dupa ce va termina de curatat.
Posteaza continutul lui aici.
Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar).

[ http://s16.postimg.org/rjimctqrp/Screenshot_08212013_08_09_26_PM.png - Pentru incarcare in pagina (embed) Click aici ]

2. Descarca si salveaza pe Desktop Junkware Removal Tool.
Inchide toate programele care ruleaza.
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Scaneaza cu el.
Ai rabdare cu el, dureaza putin mai mult.
Posteaza logul aici.
[ http://s7.postimage.org/z2rwy800r/JRT.jpg - Pentru incarcare in pagina (embed) Click aici ]

MhG_40, on 15 aprilie 2014 - 16:02, said:

Deci am descarcat  AdwCleaner, am intrat in el, trebuia sa accept ceva si imediat PC-ul si-a dat restart singur.

Descarca si scaneaza cu Kaspersky Virus Removal Tool.

https://www.dropbox....15 23.18.19.png

Banuiesc ca e din cauza ca eu nu am spatiu destul in C...

Hai sa vedem, pare o eroare de sistem.
Descarca si salveaza pe Desktop,
GetSystemInfo.
Dublu click pe GetSystemInfo.exe pentru al rula.[ http://s24.postimg.org/4b0emvg7l/Screenshot_from_2014_04_16_05_34_34.png - Pentru incarcare in pagina (embed) Click aici ]
Pentru Windows Vista sau Windows7,
click dreapta, selecteaza Run as administrator.
Alege unde sa salveze raportul, pe Desktop e cel mai bine.
Ataseaza GetSystemInfo_utilizator_2014_04_16_07_48_25.zip, in urmatorul mesaj.

Asta e raportul

Buna.

Descarca: ComboFix si salveaza-l pe Desktop.
Nu-l folosi inca.
Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in imaginea de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

Incearca sa scanezi cu Kaspersky Virus Removal Tool.

PC-ul meu e un fenomen. Am facut exact cum ai zis tu, am pus fisierul .txt peste Combo, am dat I Agree si au inceput sa se incarce acele chestii si si-a dat reset singur, din nou.

Bun atunci facem asa.

Descarca si ruleaza OTL.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.
Bifezi ca in imagine.
[ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ]
La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt.
Copiaza pe rand continutul acestor ferestre si posteazale aici.

In OTL:
OTL logfile created on: 4/17/2014 6:43:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Chorme
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 172.82 Mb Available Physical Memory | 16.89% Memory free
2.86 Gb Paging File | 2.02 Gb Available in Paging File | 70.71% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2775 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.78 Gb Total Space | 0.09 Gb Free Space | 0.79% Space Free | Partition Type: FAT32
Drive D: | 100.00 Gb Total Space | 36.94 Gb Free Space | 36.94% Space Free | Partition Type: NTFS
Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 685.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.21 Gb Total Space | 1.34 Gb Free Space | 18.57% Space Free | Partition Type: FAT32

Computer Name: SILVIU-A01B4744 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/17 18:42:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Chorme\OTL.exe
PRC - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe
PRC - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
PRC - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
PRC - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
PRC - [2014/04/02 04:58:06 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/02/26 10:30:22 | 000,501,904 | ---- | M] (Cherished Technololgy LIMITED) -- C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe
PRC - [2014/02/17 15:09:50 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/01/25 18:52:04 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
PRC - [2014/01/03 02:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/18 21:05:44 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/12/17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
PRC - [2008/04/14 12:00:00 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- D:\Microsoft Office 2007 2\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe
MOD - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
MOD - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
MOD - [2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
MOD - [2014/04/02 04:58:04 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/02 04:58:00 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/02 04:57:54 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/02 04:57:50 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/01/25 12:21:34 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/01/03 02:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/20 06:56:50 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2013/10/30 20:01:02 | 011,808,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d6586dea3c1b3a4daa93a3564daf8398\System.Web.ni.dll
MOD - [2013/10/30 20:00:16 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\68593e1da31db647a7ee2476abb78561\System.Configuration.ni.dll
MOD - [2013/10/30 19:59:46 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\47dec3433236a24cbb414d64b2da55cc\Accessibility.ni.dll
MOD - [2013/10/29 19:08:38 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\bdfe6aeb95451444854578e1c8df112e\System.Xml.ni.dll
MOD - [2013/10/29 19:08:16 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\499ca44ef3da6a41bf962655ebd86a32\System.Windows.Forms.ni.dll
MOD - [2013/10/29 19:07:20 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\4b06227e68ae854aa42f33d0427aa934\System.Drawing.ni.dll
MOD - [2013/10/29 19:07:00 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ea64b9623444864bbe33bb8fe086b82f\System.ni.dll
MOD - [2013/10/29 19:06:02 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8f4e5034b3fc3f4ca1ae2df2e11ca027\mscorlib.ni.dll
MOD - [2013/10/19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/06/18 15:49:28 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2013/01/02 09:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/25 14:25:18 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\ssj1mlm.dll
MOD - [2010/12/17 18:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
MOD - [2010/12/17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [Auto | Stopped] -- D:\JOCURI\MOHA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- (PnkBstrA)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/02/26 10:30:22 | 000,501,904 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2014/02/17 15:09:50 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/18 21:05:44 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office 2007 2\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/20 15:35:10 | 007,378,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2013/12/04 19:45:48 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/07/09 19:38:40 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/03/14 09:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/02/11 15:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/14 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/04/13 15:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...0026AS_5JT3QZVG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...0026AS_5JT3QZVG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.delta-...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.delta-...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...0026AS_5JT3QZVG
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...0026AS_5JT3QZVG
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-...q={searchTerms}
IE - HKU\S-1-5-21-2000478354-507921405-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== Firefox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: ***** Plus = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Into The Mist = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office 2007 2\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2000478354-507921405-1177238915-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\RakyatKelaparan.exe ()
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office 2007 2\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKU\.DEFAULT..\Run: [Tok-Cirrhatus]  File not found
O4 - HKU\.DEFAULT..\Run: [Tok-Cirrhatus-1860] C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe ()
O4 - HKU\S-1-5-18..\Run: [Tok-Cirrhatus]  File not found
O4 - HKU\S-1-5-18..\Run: [Tok-Cirrhatus-1860] C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe ()
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [DAEMON Tools Lite] D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [Tok-Cirrhatus]  File not found
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [Tok-Cirrhatus-3444] C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe ()
O4 - HKU\S-1-5-21-2000478354-507921405-1177238915-500..\Run: [uTorrent] C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2007 2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office 2007 2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office 2007 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A221E30-03C0-4250-B7D6-EF6591009FEA}: DhcpNameServer = 192.168.0.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office 2007 2\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\KesenjanganSosial.exe") - C:\WINDOWS\KesenjanganSosial.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office 2007 2\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/17 18:34:56 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/09/07 01:35:28 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006/09/07 01:15:27 | 000,741,376 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006/08/23 20:58:17 | 000,593,920 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2006/09/07 01:28:53 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/04/14 14:00:00 | 000,000,110 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2b3d02ba-5d0c-11e3-b8d9-00508deddb62}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b3d02ba-5d0c-11e3-b8d9-00508deddb62}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006/09/07 01:15:27 | 000,741,376 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{3302c20a-2864-11e3-9916-00508deddb62}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3302c20a-2864-11e3-9916-00508deddb62}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006/09/07 01:15:27 | 000,741,376 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/17 18:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/04/17 18:14:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/04/17 18:11:39 | 005,194,807 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/04/17 11:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-17
[2014/04/17 10:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-17
[2014/04/16 10:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-16
[2014/04/15 23:48:30 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2014/04/15 21:23:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/15 11:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-15
[2014/04/15 09:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-15
[2014/04/14 17:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-14
[2014/04/14 09:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-14
[2014/04/12 15:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-12
[2014/04/12 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-12
[2014/04/11 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-11
[2014/04/11 12:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-11
[2014/04/10 17:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\EA Games
[2014/04/10 16:33:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2014/04/10 16:33:15 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2014/04/10 16:33:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2014/04/10 16:33:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2014/04/10 16:33:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2014/04/10 16:33:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2014/04/10 16:33:12 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2014/04/10 16:33:10 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2014/04/10 16:33:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2014/04/10 11:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-10
[2014/04/10 10:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-10
[2014/04/09 18:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-9
[2014/04/07 17:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-7
[2014/04/07 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-7
[2014/04/06 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-6
[2014/04/05 11:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-5
[2014/04/05 10:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-5
[2014/04/04 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-4
[2014/04/04 08:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-4
[2014/04/03 11:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-3
[2014/04/03 08:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-3
[2014/04/02 08:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-2
[2014/04/01 08:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-1
[2014/03/31 11:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-31
[2014/03/31 08:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-31
[2014/03/30 17:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-30
[2014/03/30 11:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-30
[2014/03/29 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-29
[2014/03/29 13:12:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/03/29 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-29
[2014/03/28 11:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-28
[2014/03/28 08:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-28
[2014/03/27 08:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-27
[2014/03/26 11:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-26
[2014/03/26 08:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-26
[2014/03/25 08:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-25
[2014/03/24 08:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-24
[2014/03/23 11:16:37 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/03/23 11:16:37 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/03/23 11:16:19 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/03/23 11:16:19 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/03/23 11:16:19 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/03/23 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/03/23 11:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Ok-SendMail-Bron-tok
[2014/03/23 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2014/03/23 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2014/03/23 11:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Loc.Mail.Bron.Tok
[2014/03/23 11:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2014/03/23 11:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2014/03/23 11:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2014/03/23 11:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Bron.tok-17-23
[2014/03/23 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-23
[2014/03/22 18:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ok-SendMail-Bron-tok
[2014/03/22 18:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Loc.Mail.Bron.Tok
[2014/03/22 18:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok-17-22
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/17 18:43:38 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok.A17.em.bin
[2014/04/17 18:43:24 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Update.17.Bron.Tok.bin
[2014/04/17 18:43:10 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JunkAtx.bin
[2014/04/17 18:35:06 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/04/17 18:35:04 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/04/17 18:34:56 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2014/04/17 18:34:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 18:34:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/17 18:11:52 | 005,194,807 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2014/04/17 17:51:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/17 15:28:26 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/17 15:27:56 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2014/04/17 11:08:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/17 10:52:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/15 23:09:36 | 000,111,104 | -H-- | M] () -- C:\WINDOWS\KesenjanganSosial.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\WINDOWS\System32\System's Setting.scr
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\svchost.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Empty.pif
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\csrss.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\WINDOWS\System32\cmd-brontok.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\br4743on.exe
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\WINDOWS\System32\Administrator's Setting.scr
[2014/04/15 23:09:36 | 000,111,104 | ---- | M] () -- C:\7668-NendangBro.com
[2014/04/11 13:03:10 | 000,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/10 17:01:06 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dead Space™ 2.lnk
[2014/03/30 11:10:36 | 003,564,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/17 18:43:36 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bron.tok.A17.em.bin
[2014/04/17 18:43:23 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Update.17.Bron.Tok.bin
[2014/04/17 18:29:35 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JunkAtx.bin
[2014/04/17 18:12:38 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\JunkAtx.bin
[2014/04/10 17:01:04 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dead Space™ 2.lnk
[2014/03/22 18:09:51 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/03/22 18:09:50 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/01/28 23:16:21 | 000,000,294 | ---- | C] () -- C:\WINDOWS\game.ini
[2014/01/26 15:22:22 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2013/12/20 13:06:57 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013/12/20 13:06:56 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2013/12/20 13:06:42 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013/12/20 13:06:38 | 002,793,768 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2013/12/20 13:06:38 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2013/12/08 14:32:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2013/11/17 18:30:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2013/10/29 19:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/29 19:11:41 | 000,662,787 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013/10/12 19:17:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/10/06 17:48:00 | 000,111,104 | -H-- | C] () -- C:\WINDOWS\KesenjanganSosial.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\winlogon.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\svchost.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\svchost.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\services.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lsass.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\inetinfo.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\inetinfo.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\csrss.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\csrss.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\cmd-brontok.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\br7911on.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe
[2013/10/06 17:48:00 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\br4743on.exe
[2013/10/05 13:24:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/09/29 19:12:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/29 10:40:28 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/29 10:25:54 | 000,055,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/28 21:25:01 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssj1mlm.dll
[2013/09/28 20:07:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2013/09/28 19:45:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/09/28 19:30:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/28 19:11:35 | 000,761,344 | ---- | C] () -- C:\WINDOWS\System32\autorun.exe
[2013/09/28 18:54:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/09/28 18:47:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/09/28 18:40:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/28 18:37:57 | 003,564,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2013/10/29 19:04:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/08/01 07:17:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/09/08 22:22:12 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/28 20:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/09/28 20:38:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/28 20:38:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/09/28 20:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/09/28 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSafe
[2013/09/28 21:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/11/19 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4shared Desktop
[2013/12/08 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2014/01/02 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WPM
[2014/01/09 22:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2014/02/26 19:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IePluginService
[2014/02/27 19:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/09/30 09:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2013/09/28 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverFinder
[2013/09/28 20:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2014/02/27 20:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\rmi
[2013/09/28 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
[2013/09/28 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2013/09/28 20:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/09/28 20:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2013/09/28 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SimilarSites
[2013/10/20 16:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2013/11/15 10:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameRanger
[2013/09/28 21:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2014/02/26 19:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SupTab
[2014/02/27 20:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2013/10/11 10:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

In Extras :
OTL Extras logfile created on: 4/17/2014 6:43:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Chorme
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 172.82 Mb Available Physical Memory | 16.89% Memory free
2.86 Gb Paging File | 2.02 Gb Available in Paging File | 70.71% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2775 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.78 Gb Total Space | 0.09 Gb Free Space | 0.79% Space Free | Partition Type: FAT32
Drive D: | 100.00 Gb Total Space | 36.94 Gb Free Space | 36.94% Space Free | Partition Type: NTFS
Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 685.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.21 Gb Total Space | 1.34 Gb Free Space | 18.57% Space Free | Partition Type: FAT32

Computer Name: SILVIU-A01B4744 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office 2007 2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office 2007 2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Photoshop CS5\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\JOCURI\Medal of Honor Allied Assault\Medal Of Honor Russian Version\Mohaa.exe" = D:\JOCURI\Medal of Honor Allied Assault\Medal Of Honor Russian Version\Mohaa.exe:*:Enabled:Medal of Honor Allied Assault
"D:\JOCURI\Medal Of Honor - Allied Assault - 2CD ISO - For Windows PC -= theRock7 =-\MOHAA.exe" = D:\JOCURI\Medal Of Honor - Allied Assault - 2CD ISO - For Windows PC -= theRock7 =-\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault
"D:\Microsoft Office 2007 2\Office12\OUTLOOK.EXE" = D:\Microsoft Office 2007 2\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Microsoft Office 2007 2\Office12\GROOVE.EXE" = D:\Microsoft Office 2007 2\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Microsoft Office 2007 2\Office12\ONENOTE.EXE" = D:\Microsoft Office 2007 2\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\JOCURI\Age of Empire 3\The Game\Age of Empires III\age3.exe" = D:\JOCURI\Age of Empire 3\The Game\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\WINDOWS\System32\PnkBstrA.exe" = C:\WINDOWS\System32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\System32\PnkBstrB.exe" = C:\WINDOWS\System32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\JOCURI\Call_Of_Duty_4-Razor1911\iw3mp.exe" = D:\JOCURI\Call_Of_Duty_4-Razor1911\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™  -- ()
"D:\JOCURI\NFS MW\speed.exe" = D:\JOCURI\NFS MW\speed.exe:*:Enabled:speed
"D:\JOCURI\[REQ] FIFA.07-RELOADED\fifa07.exe" = D:\JOCURI\[REQ] FIFA.07-RELOADED\fifa07.exe:*:Enabled:fifa07 -- ()
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"D:\JOCURI\MOHA\UnrealEngine3\Binaries\MOHA.exe" = D:\JOCURI\MOHA\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"D:\JOCURI\Dead Space 2\deadspace2.exe" = D:\JOCURI\Dead Space 2\deadspace2.exe:*:Enabled:Dead Space™ 2 -- (Electronic Arts Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03763000-9DF4-6F01-3694-2B1F358ACE18}" = CCC Help Turkish
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7B0997-8A8A-9FC4-71E6-F824609AD0EA}" = CCC Help Chinese Standard
"{14226D66-AF58-4E3D-8F6A-3CFB7F0B955C}_is1" = Drevitalize 2.42 demo
"{155B35FC-ACEE-B126-523C-165E53346B9A}" = AMD Catalyst Install Manager
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212CF2AD-DE6F-8695-9366-D39EC56741B6}" = CCC Help Korean
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{27DC65BD-CB8D-B725-71E7-592E561C624F}" = Catalyst Control Center Graphics Previews Common
"{28417A06-12D4-0478-522F-B8139FB879AD}" = CCC Help Dutch
"{2FF83085-6AE2-ED33-958A-386D79C1208E}" = CCC Help Czech
"{30C13595-74A8-E782-2B7D-FC3252363CEA}" = CCC Help Japanese
"{32A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DAAA8F-F793-A34C-44E4-32FB5514D74F}" = ccc-utility
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{46F9A015-A90F-A916-DDA4-FCE5EBD39D18}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335A4A6-24A7-BF72-A643-70E5D5402083}" = CCC Help Swedish
"{5458FB3A-EA09-F480-A967-D546E1BA5A94}" = Catalyst Control Center Localization All
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A438E06-0BB3-4C5F-0085-B14F1F4077E6}" = FIFA 07
"{5CB9A99E-6AE9-4EEA-B192-3798B390857B}" = LogMeIn Hamachi
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{67B50590-C508-DE75-DB87-69BADEF07314}" = CCC Help Danish
"{6A19D517-822D-B97C-15C3-2C36FEF63486}" = CCC Help Greek
"{6B4979A0-EA1C-74EF-5D4D-9647B147856A}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{780A4D94-B006-AF16-EAC6-29568AB4BD18}" = CCC Help Portuguese
"{7A532010-5D21-CA9E-6FDC-D26989970E1A}" = Catalyst Control Center
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{84EE38CA-199D-3BCC-8649-3464469BB54C}" = Google Chrome
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8DC543D7-095F-2475-4D65-C7F860008A34}" = CCC Help English
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92CA7184-3DE7-C2CF-6934-166360DB12C5}" = CCC Help Italian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{967BA427-F792-9072-04B1-8417FA6ED7FF}" = CCC Help Finnish
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A4A86EE7-3C6F-C1D9-054B-6B123EB017C7}" = CCC Help Polish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB861AAB-7E8B-2AC5-0243-F9E124721546}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{B3F838ED-A085-9B88-1A93-0D8E8ABAD6DA}" = Catalyst Control Center InstallProxy
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{CC7EA7EE-626C-9A56-896C-E713B5C8291D}" = CCC Help Chinese Traditional
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1CA6C05-D970-75F5-FE80-C135D6BB7F2E}" = CCC Help Spanish
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"{EFC886C1-5985-3723-7116-61069316164F}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA94CB5C-18A9-A9C1-20A3-314B03E27459}" = CCC Help Thai
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE379A04-7E2E-22CF-42D4-3B7DC7B66FB4}" = CCC Help German
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BSPlayerf" = BS.Player FREE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"DAEMON Tools Lite" = Daemon Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HD Tune_is1" = HD Tune 2.55
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-2160 Series" = Samsung ML-2160 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Seven Remix XP" = Seven Remix XP 2.41
"TeamViewer 9" = TeamViewer 9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-507921405-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2014 3:06:06 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/9/2014 3:06:09 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID.  The Win32 status returned by the call is the first DWORD in Data section.

Error - 1/9/2014 2:56:07 PM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/9/2014 2:56:10 PM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID.  The Win32 status returned by the call is the first DWORD in Data section.

Error - 1/10/2014 4:37:28 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/10/2014 4:37:31 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID.  The Win32 status returned by the call is the first DWORD in Data section.

Error - 1/10/2014 1:52:11 PM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/10/2014 1:52:14 PM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID.  The Win32 status returned by the call is the first DWORD in Data section.

Error - 1/11/2014 5:19:44 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/11/2014 5:19:47 AM | Computer Name = SILVIU-A01B4744 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID.  The Win32 status returned by the call is the first DWORD in Data section.

[ OSession Events ]
Error - 3/30/2014 9:24:22 AM | Computer Name = SILVIU-A01B4744 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2720
seconds with 1620 seconds of active time.  This session ended with a crash.

Error - 3/30/2014 9:27:18 AM | Computer Name = SILVIU-A01B4744 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29
seconds with 0 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 4/16/2014 3:25:29 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The PunkBuster service failed to start due to the following error:
   %%3

Error - 4/16/2014 3:25:29 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%3

Error - 4/17/2014 3:53:02 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The PunkBuster service failed to start due to the following error:
   %%3

Error - 4/17/2014 3:53:02 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%3

Error - 4/17/2014 11:17:07 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The PunkBuster service failed to start due to the following error:
   %%3

Error - 4/17/2014 11:17:07 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%3

Error - 4/17/2014 11:21:28 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The PunkBuster service failed to start due to the following error:
   %%3

Error - 4/17/2014 11:21:28 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%3

Error - 4/17/2014 11:35:22 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The PunkBuster service failed to start due to the following error:
   %%3

Error - 4/17/2014 11:35:22 AM | Computer Name = SILVIU-A01B4744 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%3


< End of report >

Ruleaza din nou OTL.
Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.

[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

Am facut ce ai zis tu si mi-a disparut desktop-ul si mi-a aparut o casuta pe care scrie ca are nevoie de un reset, si eu am dat ok. Dupa care a ramas asa, ce sa-i fac?

jegmihai, on 17 aprilie 2014 - 19:02, said:

Devirusare nereusita, chix!
Totul se putea rezolva simplu daca rulai Kaspersky Rescue Disk (imagine bootabila ce putea fi scrisa pe un CD Blank) sau Spyhunter.
Acum nu-ti mai ramane decat sa reinstalezi sistemul de operare,sa-ti pui si un antivirus cu licenta si ai calculatorul ca nou.
Cine se face vinovat ca nu mai poti intra in Windows?... se poate concluziona.
Datele de pe "C" ,nu sunt pierdute.
Pentru a le recupera in integralitate si a le trece pe "D" sau pe un HDD extern/stick,descarca Linux Mint Cinnamon de pe pagina lor oficiala,versiunea pe 32 B,folosind server Romania,scrie imaginea pe un DVD si booteaza de pe el.Accesezi HDD-ul la fel ca in windows (acest linux este excelent,reactioneaza la dublu-click,are comenzi ca in windows),treci informatiile de pe "C" in alta partitie si apoi treci la reinstalarea sistemului de operare.Linix mint bootable,recunoaste fara probleme,driverele calculatorului si ale oricarui stick sau HDD extern.
Nu uita sa "multumesti" cuiva pentru acest deranj neasteptat!

Edited by Tehnicul1970, 18 April 2014 - 01:12.

Dar eu i-am dat aseara reset de la buton si mi-a pornit windows-ul si am primit un mesaj cum ca ar lipsi un fisier din windows, i-am dat ok si s-a resetat singur, a pornit iar si eu vad ca functioneaza ca inainte.
Legat de datele din partitia C, de ce as vrea eu sa le recuperez? (e partitia windows-ului)
A da,si multumiri lui MhG 40 ca si-a batut atata capul cu mine. Cel mai probabil voi reinstala win-ul.

N-am mai suportat si azi am reinstalat win-ul, macar asa am scapat de toti nenorocitii de virusi!Inca o data iti multumesc MhG pentru sprijinul acordat!
Postul se poate inchide.

jegmihai, on 18 aprilie 2014 - 08:22, said:

Da,este partitia windows-ului,nici eu nu tin date pe acea partitie.Asta dovedeste ca esti ordonat si iti pastrezi datele pe "D".Eu credeam ca mai ai date pe "C",sunt multi care au date acolo si le pierd la formatare,apoi se chinuie cu Recuva sa le restaureze.Nu este cazul la tine.
Nu am mai citat postarea cu reinstalarea windows-ului,este solutia cea mai buna. Pe viitor,foloseste un antivirus cu licenta,recomand Microsoft Essentials de la Microsoft - sper ca ai Windows licentiat,nu facut pe prispa casei.
Ca solutii de devirusare,recomand sa folosesti ceea ce ti-am enumerat mai sus,daca te confrunti cu probleme diverse. Ce este facut la nivel de mare corporatie,este sfant.Acolo lucreaza o armata de Ingineri care chiar stiu ce fac,in plus... sansele sa-ti crape sistemul dupa devirusare,sunt mult reduse.
Totusi,un sistem devirusat... este pe undeva afectat... chiar se recomanda o reinstalare pe curat. Daca acest lucru este mai greoi (in cazul firmelor ce tin programe de contabilitate gen SAGA si Revisal (evidenta angajati),se poate folosi sistemul devirusat dar pe viitor... tot la curatenie generala se ajunge!
Spor si un Paste Fericit iti urez!