CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM-x32\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\RakyatKelaparan.exe [109568 2011-05-15] () [Brak podpisu cyfrowego]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\KesenjanganSosial.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Run: [Tok-Cirrhatus] => [X]
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Run: [Tok-Cirrhatus-1530] => C:\Users\VIP\AppData\Local\smss.exe [109568 2011-05-15] () [Brak podpisu cyfrowego] <==== UWAGA
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\MountPoints2: {569ed230-e748-11e7-8556-ba190b071c78} - F:\AutoRun.exe
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\...\MountPoints2: {b9640512-16ba-11eb-ab26-d43d7e3445fc} - F:\HiSuiteDownLoader.exe
Startup: C:\Users\VIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2011-05-15] () [Brak podpisu cyfrowego]
AlternateShell: cmd-brontok.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {EFA4EC75-198C-44AD-9253-713B08B17A8C} - System32\Tasks\{6765C574-470F-4451-954C-AF82166C301A} => C:\Windows\system32\pcalua.exe -a C:\Users\VIP\AppData\Local\Temp\ns4BA5DC27\1144684B_stp\setUp.exe -d C:\Users\VIP\AppData\Local\Temp\ns4BA5DC27\1144684B_stp <==== UWAGA
Hosts: Kod HTML wykryty w pliku Hosts. Sprawdź sekcję Hosts w Addition.txt <==== UWAGA
Tcpip\..\Interfaces\{BF72F49B-2A68-4705-BBCC-B27B27EB0ECD}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [nie znaleziono]
FF Extension: (Brak nazwy) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [nie znaleziono]
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
U3 avgbdisk; Brak ImagePath
S3 Mexiezhtie; \??\C:\Windows\system32\Mexiezhtie.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
2021-02-01 03:13 - 2021-02-01 03:13 - 000000061 _____ C:\Users\VIP\AppData\Local\BronNetDomList.bat
2021-02-01 03:13 - 2021-02-01 03:13 - 000000000 _____ C:\Users\VIP\AppData\Local\BronFoldNetDomList.txt
2021-02-01 03:08 - 2021-02-01 03:08 - 000000247 _____ C:\Users\VIP\AppData\Local\Bron.tok.A15.em.bin
2021-02-01 00:00 - 2021-02-01 00:00 - 000000000 ____D C:\Users\VIP\AppData\Local\Bron.tok-15-1
2021-01-31 11:14 - 2021-01-31 11:14 - 000000000 ____D C:\Users\VIP\AppData\Local\Bron.tok-15-31
2011-04-01 10:57 - 2011-04-01 10:57 - 000247136 _____ () C:\ProgramData\DeleteFile.exe
2021-02-01 03:08 - 2021-02-01 03:08 - 000000247 _____ () C:\Users\VIP\AppData\Local\Bron.tok.A15.em.bin
2021-02-01 03:13 - 2021-02-01 03:13 - 000000000 _____ () C:\Users\VIP\AppData\Local\BronFoldNetDomList.txt
2021-02-01 03:13 - 2021-02-01 03:13 - 000000061 _____ () C:\Users\VIP\AppData\Local\BronNetDomList.bat
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ () C:\Users\VIP\AppData\Local\csrss.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ () C:\Users\VIP\AppData\Local\inetinfo.exe
2021-01-06 21:13 - 2021-01-06 21:13 - 000000051 _____ () C:\Users\VIP\AppData\Local\Kosong.Bron.Tok.txt
2021-01-06 21:07 - 2021-01-06 21:07 - 000000247 _____ () C:\Users\VIP\AppData\Local\ListHost15.txt
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ () C:\Users\VIP\AppData\Local\lsass.exe
2018-06-07 14:23 - 2018-06-07 14:23 - 000004174 _____ () C:\Users\VIP\AppData\Local\recently-used.xbel
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ () C:\Users\VIP\AppData\Local\services.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ () C:\Users\VIP\AppData\Local\smss.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 ____N () C:\Users\VIP\AppData\Local\winlogon.exe
2012-05-20 19:22 - 2012-06-12 20:00 - 000066048 _____ (Legolash2o) C:\Windows\system32\WinToolkitRunOnce.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 ____H C:\Windows\KesenjanganSosial.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Windows\SysWOW64\cmd-brontok.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\AppData\Local\csrss.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\AppData\Local\inetinfo.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\AppData\Local\lsass.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\AppData\Local\services.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\AppData\Local\smss.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 ____N C:\Users\VIP\AppData\Local\winlogon.exe
2011-05-15 17:47 - 2011-05-15 17:47 - 000109568 _____ C:\Users\VIP\Documents\Documents.exe

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
AlternateDataStreams: C:\Users\VIP\AppData\Local\Temp:$DATA​ [16]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="cmd-brontok.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3192960771-1967589540-443269132-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Brak pliku
MSCONFIG\startupreg: WinZip FAH => C:\Program Files\WinZip\FAHConsole.exe
MSCONFIG\startupreg: WinZip PreLoader => C:\Program Files\WinZip\WzPreloader.exe
MSCONFIG\startupreg: WinZip UN => C:\Program Files\WinZip\WZUpdateNotifier.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{81F094AD-70FC-480B-B0FE-5A0F3C2A6ACE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => Brak pliku
FirewallRules: [{EC304104-DFE4-4AD4-BCC9-8E9FB8D81A19}] => (Allow) C:\Users\VIP\AppData\Roaming\Zoom\bin\Zoom.exe => Brak pliku

Hosts:
RemoveProxy:

C:\Users\VIP\AppData\Local\Bron.tok*
CMD: dir /a "C:\Users\VIP\AppData\Local"
CMD: dir /a "C:\ProgramData"