Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast detectes URL:mal in Explorer.EXE


  • This topic is locked This topic is locked
5 replies to this topic

#1 Valiors

Valiors

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 16 July 2015 - 07:14 AM

Hi. Avast constantly detects URL:mal in C:\WINDOWS\EXPLORER.EXE

Please, could you help me?
FRST.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Komputer (administrator) on DOM-62B5EA55759 on 16-07-2015 14:05:59
Running from C:\Documents and Settings\Komputer\Moje dokumenty\Downloads
Loaded Profiles: Komputer (Available Profiles: Komputer)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
() C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [systray] => C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [331851 2009-04-24] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2014-01-06] (LG Electronics Inc.)
HKLM\...\Run: [iPlusManager] => C:\Program Files\iPlus\iPlusChecker.exe [454656 2009-12-01] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-16] (AVAST Software)
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [2995712 2013-04-14] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\...\Run: [ctfmon.exe] => C:\Documents and Settings\Komputer\Dane aplikacji\E8A51FDB\bin.exe [209897 2015-07-16] ()
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk [2012-12-18]
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2013-05-17]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-16] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140617
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140617
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ALLYouTubeDownloader -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files\ALLYouTubeDownloader\ALLYouTubeDownloader.dll [2012-12-16] (ALLCinema Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-16] (AVAST Software)
BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{AB7D6F97-10B3-405F-A609-C73DB51742EE}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\SXwxRQxd.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1409082233-1078081533-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-29] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\SXwxRQxd.default\Extensions\abs@avira.com [2014-10-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-16]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (YouTube) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-16] (AVAST Software)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-07-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-07-16] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-07-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-07-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-07-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-07-16] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-07-16] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-07-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-07-16] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
R2 BCMWLNPF; C:\WINDOWS\System32\drivers\bcmwlnpf.sys [33664 2008-11-26] (CACE Technologies) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R1 NvtSp50; C:\WINDOWS\System32\DRIVERS\NvtSp50.sys [22016 2008-06-10] (Printing Novatel Wireless Inc.)
R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [69168 2010-06-18] (Silicon Image, Inc.)
S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [211496 2010-06-18] (Silicon Image, Inc)
R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2010-06-18] (Silicon Image, Inc.) [File not signed]
R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [80424 2010-06-18] (Silicon Image, Inc)
R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [217128 2010-06-18] (Silicon Image, Inc)
R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [210736 2010-06-18] (Silicon Image, Inc)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2010-06-18] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Komputer\USTAWI~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 14:05 - 2015-07-16 14:06 - 00000000 ____D C:\FRST
2015-07-16 13:42 - 2015-07-16 13:42 - 00000000 ____D C:\Documents and Settings\Komputer\Dane aplikacji\Sun
2015-07-16 10:44 - 2015-07-16 10:44 - 00000000 ____D C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Temp
2015-07-16 10:41 - 2015-07-16 10:41 - 00001689 _____ C:\Documents and Settings\All Users\Pulpit\Avast Free Antivirus.lnk
2015-07-16 10:41 - 2015-07-16 10:41 - 00000000 ____D C:\Documents and Settings\Komputer\Dane aplikacji\AVAST Software
2015-07-16 10:41 - 2015-07-16 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVAST Software
2015-07-16 10:40 - 2015-07-16 13:50 - 00000368 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-07-16 10:40 - 2015-07-16 10:40 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-16 10:40 - 2015-07-16 10:40 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-16 10:40 - 2015-07-16 10:40 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-16 10:40 - 2015-07-16 10:40 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-16 10:30 - 2015-07-16 10:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-16 09:55 - 2015-07-16 14:06 - 00000000 ____D C:\Documents and Settings\Komputer\Ustawienia lokalne\temp
2015-07-16 09:55 - 2015-07-16 09:55 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2015-07-16 09:55 - 2015-07-16 09:55 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2015-07-15 22:12 - 2015-07-15 22:06 - 00064001 _____ C:\Documents and Settings\Komputer\Moje dokumenty\Kopia credit 02072015.js
2015-07-15 22:08 - 2015-07-15 22:08 - 00021359 _____ C:\Documents and Settings\Komputer\Moje dokumenty\las pierwsza naczepa (1).xlsx
2015-07-15 22:08 - 2015-07-15 22:08 - 00018853 _____ C:\Documents and Settings\Komputer\Moje dokumenty\las pierwsza naczepa.xlsx
2015-07-15 22:06 - 2015-07-15 22:06 - 00064001 _____ C:\Documents and Settings\Komputer\Moje dokumenty\credit 02072015.js
2015-07-15 17:29 - 2015-07-15 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\iPlus
2015-07-15 16:19 - 2015-07-15 16:19 - 00000000 _RSHD C:\cmdcons
2015-07-15 16:19 - 2012-12-17 21:40 - 00000211 _____ C:\Boot.bak
2015-07-15 16:19 - 2004-08-03 23:00 - 00262400 __RSH C:\cmldr
2015-07-15 16:16 - 2015-07-16 09:55 - 00000000 ____D C:\Qoobox
2015-07-15 16:16 - 2015-07-15 16:25 - 00000000 ____D C:\WINDOWS\erdnt
2015-07-15 16:16 - 2015-07-15 16:16 - 00000000 ___RD C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne
2015-07-15 16:16 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-07-15 16:16 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-07-15 16:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-07-15 16:16 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-07-15 16:12 - 2015-07-15 16:12 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-07-15 16:12 - 2015-07-15 16:12 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack
2015-07-15 16:12 - 2015-07-13 20:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-07-15 16:12 - 2015-06-22 15:25 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-07-15 16:12 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-07-15 16:12 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-07-15 16:12 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-07-15 16:12 - 2011-06-22 16:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-07-15 15:54 - 2015-07-15 15:54 - 00000000 ____D C:\Program Files\WinRAR
2015-07-15 15:54 - 2015-07-15 15:54 - 00000000 ____D C:\Documents and Settings\Komputer\Menu Start\Programy\WinRAR
2015-07-15 15:54 - 2015-07-15 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR
2015-07-15 15:40 - 2015-07-15 15:40 - 00000000 ____D C:\Documents and Settings\Komputer\Moje dokumenty\Odebrane pliki
2015-07-15 15:35 - 2015-07-15 15:35 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-06-22 08:11 - 2015-06-22 08:36 - 00000000 ____D C:\Documents and Settings\Komputer\Pulpit\zdj z te lo
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-16 13:53 - 2012-12-17 21:44 - 00503937 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-16 13:45 - 2014-06-17 18:22 - 00000446 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403022145.job
2015-07-16 13:45 - 2012-12-17 23:28 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 13:45 - 2012-12-17 21:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 13:44 - 2014-10-15 22:29 - 00269046 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
2015-07-16 13:44 - 2012-12-17 21:50 - 00032172 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-16 13:44 - 2012-12-17 21:50 - 00000188 ___SH C:\Documents and Settings\Komputer\ntuser.ini
2015-07-16 13:44 - 2012-12-17 21:50 - 00000000 ____D C:\Documents and Settings\Komputer
2015-07-16 13:42 - 2012-12-17 21:50 - 00000000 __RHD C:\Documents and Settings\Komputer\Dane aplikacji
2015-07-16 13:32 - 2012-12-18 00:05 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-16 13:23 - 2012-12-17 23:28 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 13:11 - 2014-06-17 18:22 - 00000000 ____D C:\Program Files\Opera
2015-07-16 13:06 - 2012-12-18 00:05 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-16 13:06 - 2012-12-18 00:05 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-16 11:07 - 2014-10-17 21:51 - 01562372 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1409082233-1078081533-1417001333-1003-0.dat
2015-07-16 10:44 - 2012-12-17 21:50 - 00000000 ___HD C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji
2015-07-16 10:41 - 2013-07-16 11:39 - 00014126 _____ C:\WINDOWS\Wdf01009Inst.log
2015-07-16 10:41 - 2012-12-17 22:32 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2015-07-16 10:41 - 2012-12-17 22:32 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2015-07-16 10:41 - 2012-12-17 22:31 - 00088027 _____ C:\WINDOWS\setupapi.log
2015-07-16 10:29 - 2012-12-17 22:32 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2015-07-16 10:28 - 2014-11-25 17:17 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
2015-07-16 10:04 - 2012-12-17 22:25 - 00000000 ____D C:\WINDOWS\Help
2015-07-16 09:59 - 2012-12-17 21:45 - 00001507 _____ C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk
2015-07-16 09:55 - 2012-12-17 21:50 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne
2015-07-16 09:55 - 2012-12-17 21:50 - 00000000 ___HD C:\Documents and Settings\Komputer\Ustawienia lokalne
2015-07-16 09:55 - 2012-12-17 21:49 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne
2015-07-16 09:54 - 2008-04-15 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-07-15 22:12 - 2012-12-17 21:50 - 00000000 ___RD C:\Documents and Settings\Komputer\Moje dokumenty
2015-07-15 18:11 - 2014-06-17 18:42 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-15 17:59 - 2013-03-01 17:17 - 00000000 ____D C:\TEMP
2015-07-15 17:31 - 2012-12-17 22:32 - 01197692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-15 17:31 - 2008-04-15 14:00 - 00535814 _____ C:\WINDOWS\system32\perfh015.dat
2015-07-15 17:31 - 2008-04-15 14:00 - 00094988 _____ C:\WINDOWS\system32\perfc015.dat
2015-07-15 17:29 - 2012-12-21 10:43 - 00000000 ____D C:\Program Files\iPlus
2015-07-15 16:19 - 2012-12-17 22:30 - 00000327 __RSH C:\boot.ini
2015-07-15 16:16 - 2012-12-17 21:50 - 00000000 ___RD C:\Documents and Settings\Komputer\Menu Start\Programy
2015-07-15 15:48 - 2012-12-17 23:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2015-07-15 15:48 - 2012-12-17 22:31 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2015-07-15 15:48 - 2012-12-17 21:51 - 00000751 _____ C:\Documents and Settings\Komputer\Menu Start\Programy\Internet Explorer.lnk
2015-07-15 15:38 - 2014-12-11 12:55 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2015-07-15 15:28 - 2014-12-11 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
2015-07-15 15:27 - 2012-12-17 22:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Avira
2015-07-15 15:24 - 2012-12-21 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Informator
2015-07-15 15:12 - 2008-04-15 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-13 20:56 - 2012-12-17 21:50 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji
2015-07-09 18:19 - 2015-05-01 08:56 - 00001739 _____ C:\Documents and Settings\All Users\Pulpit\Sony PC Companion 2.1.lnk
2015-07-09 18:19 - 2013-01-30 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Sony
2015-07-09 18:18 - 2012-12-17 22:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-09 10:45 - 2014-10-15 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Package Cache
2015-07-03 13:09 - 2012-12-17 21:50 - 00000000 ____D C:\Documents and Settings\Komputer\Pulpit
2015-06-22 15:24 - 2012-12-28 21:49 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-06-22 11:00 - 2015-06-12 10:49 - 00000000 ____D C:\Documents and Settings\Komputer\Pulpit\motyl
 
==================== Files in the root of some directories =======
 
2012-12-17 23:28 - 2012-12-17 23:28 - 0000000 _____ () C:\Program Files\GUM6F.tmp
 
Some files in TEMP:
====================
C:\Documents and Settings\Komputer\Ustawienia lokalne\temp\Quarantine.exe
C:\Documents and Settings\Komputer\Ustawienia lokalne\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================



Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Komputer at 2015-07-16 14:06:55
Running from C:\Documents and Settings\Komputer\Moje dokumenty\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1409082233-1078081533-1417001333-500 - Administrator - Enabled)
Gość (S-1-5-21-1409082233-1078081533-1417001333-501 - Limited - Disabled)
Komputer (S-1-5-21-1409082233-1078081533-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Komputer
Pomocnik (S-1-5-21-1409082233-1078081533-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1409082233-1078081533-1417001333-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aktualizacja dla systemu Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB955704) (HKLM\...\KB955704) (Version: 1 - Microsoft Corporation)
Aktualizacja systemu Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195) (HKLM\...\KB980195) (Version: 1 - Microsoft Corporation)
ALL YouTube Downloader (HKLM\...\ALL YouTube Downloader_is1) (Version: 2.3 - ALLPlayer Ltd.)
ALLPlayer V5.X (HKLM\...\ALLPlayer_is1) (Version:  - ALLCinema Ltd.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Mobile Broadband Card Utility (HKLM\...\{0EF62E36-F4DB-416E-A4B0-3980E08B0C50}) (Version: 2.09.01.024 - Novatel Wireless)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
ELISOFT Faktury 2014 wersja 9.6.2.0 (HKLM\...\ELISOFT Faktury 2014_is1) (Version: 9.6.2.0 - ELISOFT)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iPlus manager 2.2 (HKLM\...\iPlus manager_is1) (Version:  - )
K-Lite Mega Codec Pack 11.2.8 (HKLM\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK (HKLM\...\{036FD544-AED6-3F33-856D-A2292D0CF471}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK (HKLM\...\{7C77393F-8237-3825-A88A-AFAF3C69C072}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NapiProjekt 2.0.0 (build 2151) (HKLM\...\NapiProjekt_is1) (Version:  - )
Narzędzie bezprzewodowej karty sieciowej Dell WLAN (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - plk) (Version:  - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB981793) (HKLM\...\KB981793) (Version: 1 - Microsoft Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartShare (HKLM\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.2.1405.1601 - LG Electronics Inc.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.8.201307041200 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.275 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
Unity Web Player (HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3400 - Dell)
WinRAR 5.21 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1409082233-1078081533-1417001333-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
 
==================== Restore Points =========================
 
21-06-2015 10:04:44 Punkt kontrolny systemu
22-06-2015 10:24:04 Punkt kontrolny systemu
23-06-2015 16:50:55 Punkt kontrolny systemu
25-06-2015 14:59:48 Punkt kontrolny systemu
27-06-2015 08:28:37 Punkt kontrolny systemu
28-06-2015 18:41:51 Punkt kontrolny systemu
29-06-2015 18:51:41 Punkt kontrolny systemu
01-07-2015 08:29:15 Punkt kontrolny systemu
02-07-2015 11:37:25 Punkt kontrolny systemu
03-07-2015 13:49:58 Punkt kontrolny systemu
04-07-2015 14:01:00 Punkt kontrolny systemu
05-07-2015 17:34:09 Punkt kontrolny systemu
07-07-2015 21:35:40 Punkt kontrolny systemu
09-07-2015 10:05:20 Punkt kontrolny systemu
10-07-2015 18:27:14 Punkt kontrolny systemu
11-07-2015 20:17:41 Punkt kontrolny systemu
12-07-2015 20:22:19 Punkt kontrolny systemu
13-07-2015 21:52:22 Punkt kontrolny systemu
15-07-2015 15:18:16 avast! antivirus system restore point
15-07-2015 15:34:28 Removed Plex Media Server
15-07-2015 17:14:47 Removed Microsoft SQL Server VSS Writer
15-07-2015 18:01:05 Installed Microsoft SQL Server VSS Writer
15-07-2015 18:11:35 Removed Microsoft SQL Server VSS Writer
16-07-2015 10:30:15 avast! antivirus system restore point
16-07-2015 10:41:17 Installed Windows XP Wdf01009.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-01-22 00:46 - 2015-07-15 16:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403022145.job => C:\Program Files\Opera\launcher.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-12-17 22:59 - 2008-11-26 12:39 - 00024576 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2012-12-17 22:59 - 2008-11-26 12:39 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2015-07-16 10:40 - 2015-07-16 10:40 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-16 10:40 - 2015-07-16 10:40 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-16 10:40 - 2015-07-16 10:40 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071501\algo.dll
2007-05-17 15:31 - 2007-05-17 15:31 - 00040960 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-12-17 22:59 - 2008-11-26 12:39 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2009-04-24 11:37 - 2009-04-24 11:37 - 00331851 _____ () C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
2015-07-16 10:40 - 2015-07-16 10:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-30 12:17 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2013-01-30 12:17 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2015-07-09 18:18 - 2015-06-18 10:42 - 00911360 _____ () C:\Program Files\Sony\Sony PC Companion\deviceupdate_dll.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-07-16 11:07 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2007-05-17 15:52 - 2007-05-17 15:52 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2013-01-30 12:17 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2008-04-15 14:00 - 2008-04-15 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1409082233-1078081533-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/16/2015 01:46:01 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 1000) (User: )
Description: Faulting application smartsharestart.exe, version 2014.3.12.1, stamp 531fb559, faulting module clr.dll, version 4.0.30319.1, stamp 4ba1d9ef, debug? 0, fault address 0x000ed067.
 
Error: (07/16/2015 01:45:50 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Aplikacja: SmartShareStart.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu błędu wewnętrznego w środowisku wykonawczym .NET pod adresem IP 7922D067 (79140000), kod wyjścia: 80131506.
 
Error: (07/16/2015 09:55:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:54:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:52:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:51:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
Error: (07/16/2015 09:51:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.exe, wersja 0.0.0.0, moduł powodujący błąd sed.exe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.exe!ws!]
 
Error: (07/16/2015 09:49:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd sed.3xe, wersja 0.0.0.0, moduł powodujący błąd sed.3xe, wersja 0.0.0.0, adres błędu 0x00012e5c.
Przetwarzanie zdarzenia określonego nośnika dla [sed.3xe!ws!]
 
 
System errors:
=============
Error: (07/16/2015 10:11:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Presentation Foundation Font Cache 4.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (07/16/2015 10:11:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Presentation Foundation Font Cache 4.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (07/16/2015 10:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Usługa bramy warstwy aplikacji niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (07/16/2015 10:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa SigmaTel Audio Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (07/16/2015 10:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Usługa Bonjour niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (07/16/2015 10:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (07/16/2015 10:11:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Bluetooth Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
 
Error: (07/16/2015 09:47:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Dell Wireless WLAN Tray Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (07/15/2015 06:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Windows Presentation Foundation Font Cache 4.0.0.0 z powodu następującego błędu: 
%%1069
 
Error: (07/15/2015 06:15:12 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usługa WPFFontCache_v0400 nie mogła zalogować się jako NT AUTHORITY\LocalService z aktualnie skonfigurowanym 
hasłem z powodu następującego błędu: 
%%1363
 
Aby upewnić się, że usługa 
jest skonfigurowana właściwie, użyj przystawki Usługi w programie
Microsoft Management Console (MMC).
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5270 @ 1.40GHz
Percentage of memory in use: 47%
Total physical RAM: 2038.11 MB
Available physical RAM: 1073.73 MB
Total Virtual: 3929.2 MB
Available Virtual: 2936.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.59 GB) (Free:12.54 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:90.45 GB) (Free:49.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 10000000)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90.4 GB) - (Type=OF Extended)
 
==================== End of log ============================

Edited by Valiors, 16 July 2015 - 07:51 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:30 AM

Posted 17 July 2015 - 11:38 AM

Hello Valiors and welcome to BleepingComputer!             :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.              :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

I've submitted my reports to my instructor and will reply to you as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Valiors

Valiors
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 July 2015 - 10:12 AM

Hello Sirawit. Thank you for your response.


Edited by Valiors, 18 July 2015 - 10:12 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:30 AM

Posted 18 July 2015 - 11:31 AM

Hi Valiors.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=167554:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

After the fix was finished, please enable Avast, does the warning pops up again?

 

Also, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:30 AM

Posted 22 July 2015 - 01:38 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 27 July 2015 - 12:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users