Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by some "zzz..zz.zzzzz..zz" folders


  • This topic is locked This topic is locked
4 replies to this topic

#1 kaarolcia.k

kaarolcia.k

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 05 October 2015 - 06:51 AM

Hello, I have recently found some weird folders on my System partition and I have no idea what they are. I deleted them but they showed up again so I guess it is a virus. I had one about a month ago, but I thought I cleared the computer. Now I run combofix and microsoft safety scanner and avant too, but they did not find anything. The folders did not disapear after scanning.

 

 

I need someone who knows anyting about such folders and what to do with them. Here are conbofix and microsoft safety scanner logs (sorry for the language, if any help needed, let me know):

 

combofix log:

ComboFix 15-09-21.01 - Karolinka 2015-10-05  12:59:21.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3835.2451 [GMT 2:00]
Uruchomiony z: e:\temporary download files\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-09-05 do 2015-10-05  )))))))))))))))))))))))))))))))
.
.
2015-10-05 11:07 . 2015-10-05 11:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-10-05 08:23 . 2015-10-05 08:23    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.2272.dll
2015-09-24 17:25 . 2015-09-24 17:25    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.2644.dll
2015-09-24 16:51 . 2015-09-24 16:51    --------    d-----w-    c:\users\Karolinka\AppData\Local\Secunia PSI
2015-09-24 16:50 . 2015-09-24 16:50    --------    d-----w-    c:\program files (x86)\Secunia
2015-09-24 16:44 . 2015-09-24 16:44    378880    ----a-w-    c:\windows\system32\aswBoot.exe
2015-09-24 16:43 . 2015-09-24 16:43    43112    ----a-w-    c:\windows\avastSS.scr
2015-09-23 21:13 . 2015-09-23 21:14    302592    ----a-w-    c:\windows\SysWow64\cmd.execf
2015-09-17 16:45 . 2015-09-17 16:45    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.3312.dll
2015-09-11 15:05 . 2015-09-11 15:05    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.3104.dll
2015-09-10 19:37 . 2015-09-10 19:37    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.3400.dll
2015-09-09 06:52 . 2015-09-10 17:02    113880    ----a-w-    c:\windows\system32\drivers\6E4F3902.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-24 16:44 . 2014-08-19 09:12    153744    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-09-24 16:44 . 2014-08-19 09:12    448968    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-09-24 16:44 . 2014-08-19 09:12    274808    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-09-24 16:44 . 2014-08-19 09:12    65224    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-09-24 16:44 . 2014-08-19 09:12    90968    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-09-24 16:44 . 2014-08-19 09:12    28656    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-09-24 16:44 . 2014-08-19 09:12    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-09-24 16:43 . 2014-08-19 09:12    1049880    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-09-23 15:22 . 2015-08-05 12:50    780488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-23 15:22 . 2015-08-05 12:50    142536    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-28 07:57 . 2015-08-28 07:57    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.3740.dll
2015-08-27 10:21 . 2015-08-27 10:21    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\offreg.3088.dll
2015-08-20 16:47 . 2015-07-01 16:46    132483416    ----a-w-    c:\windows\system32\MRT.exe
2015-07-29 18:08 . 2015-07-29 18:08    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-07-29 18:08 . 2015-07-29 18:08    1810432    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-07-29 18:08 . 2015-07-29 18:08    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2015-07-29 18:08 . 2015-07-29 18:08    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-07-29 18:08 . 2015-07-29 18:08    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2015-07-29 18:08 . 2015-07-29 18:08    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2015-07-29 18:08 . 2015-07-29 18:08    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2015-07-29 18:08 . 2015-07-29 18:08    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2015-07-29 18:08 . 2015-07-29 18:08    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2015-07-29 18:08 . 2015-07-29 18:08    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2015-07-29 18:08 . 2015-07-29 18:08    367616    ----a-w-    c:\windows\SysWow64\html.iec
2015-07-29 18:08 . 2015-07-29 18:08    421888    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-07-29 18:08 . 2015-07-29 18:08    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2015-07-29 18:08 . 2015-07-29 18:08    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2015-07-29 18:08 . 2015-07-29 18:08    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2015-07-29 18:08 . 2015-07-29 18:08    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2015-07-29 18:08 . 2015-07-29 18:08    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2015-07-29 18:08 . 2015-07-29 18:08    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2015-07-29 18:08 . 2015-07-29 18:08    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2015-07-29 18:08 . 2015-07-29 18:08    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2015-07-29 18:08 . 2015-07-29 18:08    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2015-07-29 18:08 . 2015-07-29 18:08    1387520    ----a-w-    c:\windows\system32\urlmon.dll
2015-07-29 18:08 . 2015-07-29 18:08    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2015-07-29 18:08 . 2015-07-29 18:08    222208    ----a-w-    c:\windows\system32\msls31.dll
2015-07-29 18:08 . 2015-07-29 18:08    2158080    ----a-w-    c:\windows\system32\iertutil.dll
2015-07-29 18:08 . 2015-07-29 18:08    197120    ----a-w-    c:\windows\system32\msrating.dll
2015-07-29 18:08 . 2015-07-29 18:08    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-07-29 18:08 . 2015-07-29 18:08    1392128    ----a-w-    c:\windows\system32\wininet.dll
2015-07-29 18:08 . 2015-07-29 18:08    816640    ----a-w-    c:\windows\system32\jscript.dll
2015-07-29 18:08 . 2015-07-29 18:08    65024    ----a-w-    c:\windows\system32\pngfilt.dll
2015-07-29 18:08 . 2015-07-29 18:08    55296    ----a-w-    c:\windows\system32\msfeedsbs.dll
2015-07-29 18:08 . 2015-07-29 18:08    49664    ----a-w-    c:\windows\system32\imgutil.dll
2015-07-29 18:08 . 2015-07-29 18:08    267776    ----a-w-    c:\windows\system32\ieaksie.dll
2015-07-29 18:08 . 2015-07-29 18:08    2343936    ----a-w-    c:\windows\system32\jscript9.dll
2015-07-29 18:08 . 2015-07-29 18:08    163840    ----a-w-    c:\windows\system32\ieakui.dll
2015-07-29 18:08 . 2015-07-29 18:08    160256    ----a-w-    c:\windows\system32\ieakeng.dll
2015-07-29 18:08 . 2015-07-29 18:08    149504    ----a-w-    c:\windows\system32\occache.dll
2015-07-29 18:08 . 2015-07-29 18:08    145920    ----a-w-    c:\windows\system32\iepeers.dll
2015-07-29 18:08 . 2015-07-29 18:08    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2015-07-29 18:08 . 2015-07-29 18:08    12800    ----a-w-    c:\windows\system32\mshta.exe
2015-07-29 18:08 . 2015-07-29 18:08    114176    ----a-w-    c:\windows\system32\admparse.dll
2015-07-29 18:08 . 2015-07-29 18:08    11264    ----a-w-    c:\windows\system32\msfeedssync.exe
2015-07-29 18:08 . 2015-07-29 18:08    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2015-07-29 18:08 . 2015-07-29 18:08    76800    ----a-w-    c:\windows\system32\tdc.ocx
2015-07-29 18:08 . 2015-07-29 18:08    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2015-07-29 18:08 . 2015-07-29 18:08    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2015-07-29 18:08 . 2015-07-29 18:08    448512    ----a-w-    c:\windows\system32\html.iec
2015-07-29 18:08 . 2015-07-29 18:08    3695416    ----a-w-    c:\windows\system32\ieapfltr.dat
2015-07-29 18:08 . 2015-07-29 18:08    282112    ----a-w-    c:\windows\system32\dxtrans.dll
2015-07-29 18:08 . 2015-07-29 18:08    248320    ----a-w-    c:\windows\system32\ieui.dll
2015-07-29 18:08 . 2015-07-29 18:08    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2015-07-29 18:08 . 2015-07-29 18:08    10936320    ----a-w-    c:\windows\system32\ieframe.dll
2015-07-29 18:08 . 2015-07-29 18:08    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2015-07-29 18:08 . 2015-07-29 18:08    89088    ----a-w-    c:\windows\system32\ie4uinit.exe
2015-07-29 18:08 . 2015-07-29 18:08    85504    ----a-w-    c:\windows\system32\iesetup.dll
2015-07-29 18:08 . 2015-07-29 18:08    82432    ----a-w-    c:\windows\system32\icardie.dll
2015-07-29 18:08 . 2015-07-29 18:08    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2015-07-29 18:08 . 2015-07-29 18:08    599040    ----a-w-    c:\windows\system32\vbscript.dll
2015-07-29 18:08 . 2015-07-29 18:08    534528    ----a-w-    c:\windows\system32\ieapfltr.dll
2015-07-29 18:08 . 2015-07-29 18:08    403248    ----a-w-    c:\windows\system32\iedkcs32.dll
2015-07-29 18:08 . 2015-07-29 18:08    39936    ----a-w-    c:\windows\system32\iernonce.dll
2015-07-29 18:08 . 2015-07-29 18:08    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2015-07-29 18:08 . 2015-07-29 18:08    249344    ----a-w-    c:\windows\system32\webcheck.dll
2015-07-29 18:08 . 2015-07-29 18:08    237056    ----a-w-    c:\windows\system32\url.dll
2015-07-29 18:08 . 2015-07-29 18:08    165888    ----a-w-    c:\windows\system32\iexpress.exe
2015-07-29 18:08 . 2015-07-29 18:08    160256    ----a-w-    c:\windows\system32\wextract.exe
2015-07-29 18:08 . 2015-07-29 18:08    1494016    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-07-29 18:08 . 2015-07-29 18:08    103936    ----a-w-    c:\windows\system32\inseng.dll
2015-07-29 17:57 . 2015-05-18 15:42    110688    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-29 15:33 . 2011-03-28 16:36    24288    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-23 01:08 . 2015-07-30 08:07    127760    ----a-w-    c:\windows\system32\drivers\scdemu.sys
2015-07-15 01:12 . 2015-08-20 16:57    12222168    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{695F1683-D5D0-4827-98B5-80C276359E06}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:34    1730264    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:34    1730264    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:34    1730264    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-24 6134544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2015-07-23 408888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALCATELUSB;Alcatel HSPA Modem Service;c:\windows\system32\Drivers\AlcatelUsb.sys;c:\windows\SYSNATIVE\Drivers\AlcatelUsb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 qcusbser;ALCATEL USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-05 15:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-24 16:44    780616    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\amvnpp1b.default\
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2015-10-05  13:10:13
ComboFix-quarantined-files.txt  2015-10-05 11:10
ComboFix2.txt  2015-09-23 21:32
.
Przed: 71 433 768 960 bajtów wolnych
Po: 71 379 525 632 bajtów wolnych
.
- - End Of File - - 89147C6B3CA0140BCFDFD112670FC9D6
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

And MSS log:

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.207.757.0)
Started On Wed Sep 23 23:35:53 2015
->Scan ERROR: resource process://pid:3948,ProcessStart:130875172581107991 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Wed Sep 23 23:47:45 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.207.757.0)
Started On Thu Sep 24 20:06:49 2015

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:1096,ProcessStart:130875862875440541 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Program Files (x86)\Sony Corporation\VAIO Partners\VAIOPartners.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files (x86)\Sony Corporation\VAIO Partners\VAIOPartners_silentinstaller.exe->(AutoIT)->VAIOPartners.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\System Volume Information\{12dfbe07-5087-11e5-9c1c-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{561a2ce1-5af4-11e5-8e1b-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{91c8ab4f-62da-11e5-a926-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d64055af-6231-11e5-9e79-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\Program Files (x86)\Sony Corporation\VAIO Partners\VAIOPartners.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files (x86)\Sony Corporation\VAIO Partners\VAIOPartners.exe (code 0x0000000D (13))
->Scan ERROR: resource file://E:\System Volume Information\{12dfbe08-5087-11e5-9c1c-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://E:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://E:\System Volume Information\{561a2ce2-5af4-11e5-8e1b-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://E:\System Volume Information\{91c8ab50-62da-11e5-a926-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://E:\System Volume Information\{d4a223f7-4a8d-11e5-a98b-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://E:\System Volume Information\{d64055b0-6231-11e5-9e79-78843c2eb133}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.207.2025.0)
Started On Mon Oct 05 13:14:23 2015
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Mon Oct 05 13:30:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.207.2025.0)
Started On Mon Oct 05 13:46:58 2015
Microsoft Safety Scanner Finished On Mon Oct 05 13:47:09 2015


Return code: 0 (0x0)
 


Edited by kaarolcia.k, 05 October 2015 - 06:54 AM.


BC AdBot (Login to Remove)

 


#2 kaarolcia.k

kaarolcia.k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 08 October 2015 - 06:06 AM

Hello, I have recently found some weird folders on my System partition and I have no idea what they are. They have weird names: "zzz..zzz...z.....zzzzz.." etc. I deleted them but they showed up again so I guess it is a virus. I had one about a month ago, but I thought I cleared the computer. Now I run combofix and microsoft safety scanner and avast too, but they did not find anything. The folders did not disapear after scanning.

 

 

I need someone who knows anyting about such folders and what to do with them.

 

Here's a log from FRST:

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:07-10-2015
Uruchomiony przez Karolinka (administrator)  KAROLINKA-VAIO (08-10-2015 12:57:37)
Uruchomiony z E:\Temporary Download Files
Załadowane profile: Karolinka (Dostępne profile: Karolinka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 9 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [221480 2010-05-17] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-24] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-843683370-1025533042-3172567160-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-24] (AVAST Software)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-843683370-1025533042-3172567160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-843683370-1025533042-3172567160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-843683370-1025533042-3172567160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-843683370-1025533042-3172567160-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-843683370-1025533042-3172567160-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  Brak pliku
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-06-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\ur41bnm4.default-1444071622062
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Extension: Adblock Plus - C:\Users\Karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\ur41bnm4.default-1444071622062\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-19]

Chrome:
=======
CHR Profile: C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-10]
CHR Extension: (Dysk Google) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (Google Search) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (AdBlock) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-19]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Gmail) - C:\Users\Karolinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-24] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-08-22] (Windows ® Codename Longhorn DDK provider)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2009-09-15] (Google Inc)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-24] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2013-01-15] (QUALCOMM Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-08 12:56 - 2015-10-08 12:57 - 00000000 ____D C:\FRST
2015-10-06 11:52 - 2015-10-06 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 13:10 - 2015-10-05 13:10 - 00024472 _____ C:\ComboFix.txt
2015-10-05 12:56 - 2015-10-05 13:10 - 00000000 ____D C:\ComboFix
2015-09-25 10:55 - 2015-09-25 16:12 - 00018694 _____ C:\Users\Karolinka\Desktop\test-demoroom.jmx
2015-09-25 09:57 - 2015-03-08 20:02 - 00000000 ____D C:\Users\Karolinka\Desktop\apache-jmeter-2.13
2015-09-24 18:51 - 2015-09-24 18:51 - 00000000 ____D C:\Users\Karolinka\AppData\Local\Secunia PSI
2015-09-24 18:50 - 2015-09-24 18:50 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-24 18:44 - 2015-09-24 18:44 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-24 18:43 - 2015-09-24 18:43 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-23 23:16 - 2015-10-05 13:10 - 00000000 ____D C:\Qoobox
2015-09-23 23:13 - 2015-09-23 23:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.execf
2015-09-23 17:22 - 2015-10-08 12:27 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-23 17:22 - 2015-09-23 17:22 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-09 08:52 - 2015-09-10 19:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6E4F3902.sys

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-10-08 12:11 - 2015-04-12 23:12 - 00005128 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Karolinka-VAIO-Karolinka Karolinka-VAIO
2015-10-08 11:55 - 2009-07-14 06:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-08 11:55 - 2009-07-14 06:45 - 00020032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-08 11:51 - 2015-01-03 01:02 - 02095344 _____ C:\Windows\WindowsUpdate.log
2015-10-08 11:48 - 2014-08-19 11:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-08 11:47 - 2015-08-26 08:28 - 00004280 _____ C:\Windows\setupact.log
2015-10-08 11:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-07 14:13 - 2014-08-09 00:19 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{740821B2-779B-4952-ADEA-BE23493F4413}
2015-10-06 22:28 - 2015-08-26 08:45 - 00013126 _____ C:\Windows\PFRO.log
2015-10-06 22:28 - 2015-08-25 20:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-05 20:14 - 2014-08-09 12:24 - 00806810 _____ C:\Windows\system32\perfh015.dat
2015-10-05 20:14 - 2014-08-09 12:24 - 00181442 _____ C:\Windows\system32\perfc015.dat
2015-10-05 20:14 - 2009-07-14 07:13 - 01857100 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-05 13:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-10-01 22:42 - 2014-08-18 13:09 - 00000000 ____D C:\Users\Karolinka\AppData\Roaming\uTorrent
2015-09-24 18:44 - 2014-08-19 11:12 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-24 18:44 - 2014-08-19 11:12 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-24 18:43 - 2014-08-19 11:12 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-23 17:22 - 2015-08-05 14:50 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 17:22 - 2015-08-05 14:50 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-10 21:38 - 2015-03-02 23:06 - 00000000 ____D C:\Program Files (x86)\The KMPlayer

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2015-10-02 15:46

==================== Koniec  FRST.txt ============================

 

And "Addition" from it:

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:07-10-2015
Uruchomiony przez Karolinka (2015-10-08 12:58:41)
Uruchomiony z E:\Temporary Download Files
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-08 22:17:04)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-843683370-1025533042-3172567160-500 - Administrator - Disabled)
Guest (S-1-5-21-843683370-1025533042-3172567160-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-843683370-1025533042-3172567160-1009 - Limited - Enabled)
Karolinka (S-1-5-21-843683370-1025533042-3172567160-1001 - Administrator - Enabled) => C:\Users\Karolinka

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKU\S-1-5-21-843683370-1025533042-3172567160-1001\...\uTorrent) (Version: 3.4.2.33023 - BitTorrent Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.9.2 - Bloodshed Software)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.0.0.0 - PandoraTV)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 pl)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.15250 - Sony Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{CF394926-359E-48E1-AA25-E56B32FCB335}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0415-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.13210 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.1.0.13120 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.15250 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Punkty Przywracania systemu =========================

01-09-2015 18:07:53 Zaplanowany punkt kontrolny
14-09-2015 21:19:08 Zaplanowany punkt kontrolny
23-09-2015 23:19:08 ComboFix created restore point
24-09-2015 18:42:37 avast! antivirus system restore point
02-10-2015 15:53:44 Zaplanowany punkt kontrolny
05-10-2015 12:56:37 ComboFix created restore point

==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:34 - 2015-03-05 23:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {022EB89E-4D8B-4518-866A-300B694551D3} - System32\Tasks\{89D23AE7-C1C1-424C-B05F-D6748133B560} => pcalua.exe -a "E:\Temporary Download Files\INDOTH-00207661-0042.EXE" -d "E:\Temporary Download Files"
Task: {23B4197C-DE92-47DC-8B20-EBD55EB86AA9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {30B5851B-9D22-4166-ABC9-04CCF1D7DD17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {688607C7-9387-494E-B898-469A3E4CA1DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {73D657B6-EDDF-4A84-BBF9-9FEA2FF9ECD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {8C3A8793-0943-4BBD-8231-838BA760EFF9} - System32\Tasks\{0F0C6A03-15B3-4C30-8876-018A6F3C3C48} => pcalua.exe -a "C:\Program Files (x86)\CADAS\QET\unins000.exe"
Task: {AC44FB90-5057-450E-8C8F-C8E26B9CDC3D} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {BC1AB7C7-20BF-4273-A0FD-AD56E6F578AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BE1B959C-DC17-41F4-98E7-5CA77A9875CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-24] (AVAST Software)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku <==== UWAGA
Task: {FDB26191-8EB9-4437-86D6-1EF6CC3785C6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Karolinka-VAIO-Karolinka Karolinka-VAIO => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Załadowane moduły (filtrowane) ==============

2013-04-29 23:25 - 2013-04-29 23:25 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-09 23:12 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-08-24 20:28 - 2015-08-24 20:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-09-24 18:43 - 2015-09-24 18:43 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-24 18:43 - 2015-09-24 18:43 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-07 11:06 - 2015-10-07 11:06 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100701\algo.dll
2015-10-08 11:49 - 2015-10-08 11:49 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100702\algo.dll
2014-08-09 01:00 - 2010-03-02 17:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-08-09 01:00 - 2010-03-02 17:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-09-24 18:44 - 2015-09-24 18:44 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZ.Z..ZZZZ..ZZ:1
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.Z.Z.ZZZ.Z...Z:1
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.Z...ZZZZ:1

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-843683370-1025533042-3172567160-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karolinka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows - funkcja wyłączona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{97A71600-CB3A-4F41-911F-5C54D24B58F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FAFB0E7E-A393-49C1-AAB1-014BBA8BF102}] => (Allow) LPort=54925
FirewallRules: [{57FB1E61-856C-4DA7-910F-EEB5997C763F}] => (Allow) C:\Users\Karolinka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E63B12A2-B4BD-4E03-8B20-F811E8E41BB0}] => (Allow) C:\Users\Karolinka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56FC020E-AEF6-4B2F-B999-B6143E048842}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{580C507A-BECF-4D2B-8B8E-719FE47B15A1}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{981ED2A2-C650-4E97-BE80-3EBC21DDAE49}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5F738FA7-26CB-44C2-9ADF-6A8EBDEDA3A0}] => (Allow) LPort=2869
FirewallRules: [{95A92D17-4435-4BA7-B3A5-61BFB2DCDB9D}] => (Allow) LPort=1900
FirewallRules: [{7777045E-7DC8-417E-8AEF-2E0F6B7E3FF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03F0B9E1-C169-4680-A54B-C3B525DA0DC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (10/08/2015 11:58:06 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (10/08/2015 11:48:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (10/07/2015 11:16:02 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (10/07/2015 11:06:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (10/06/2015 10:29:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (10/06/2015 11:38:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (10/06/2015 11:30:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (10/05/2015 08:09:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (10/05/2015 10:18:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (10/05/2015 10:09:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224"1".
Nie można odnaleźć zestawu zależnego Sony.Sensing.VMLib,processorArchitecture="x86",publicKeyToken="2f1e96647bb3e5f0",type="win32",version="2.4.0.1224".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.


Dziennik System:
=============
Error: (10/08/2015 11:50:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Roxio Upnp Server 10.

Error: (10/08/2015 11:47:54 AM) (Source: amdsata) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\RaidPort0.

Error: (10/07/2015 11:09:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Roxio Upnp Server 10.

Error: (10/07/2015 11:05:54 AM) (Source: amdsata) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\RaidPort0.

Error: (10/06/2015 10:31:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Roxio Upnp Server 10.

Error: (10/06/2015 10:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi SQL Server (SQLEXPRESS) z powodu następującego błędu:
%%1053

Error: (10/06/2015 10:29:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą SQL Server (SQLEXPRESS).

Error: (10/06/2015 10:28:22 PM) (Source: amdsata) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\RaidPort0.

Error: (10/06/2015 11:31:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Roxio Upnp Server 10.

Error: (10/06/2015 11:29:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi SQL Server (SQLEXPRESS) z powodu następującego błędu:
%%1053


CodeIntegrity:
===================================
  Date: 2014-08-19 14:47:53.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-19 14:47:53.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Statystyki pamięci ===========================

Procesor: AMD Athlon™ II P340 Dual-Core Processor
Procent pamięci w użyciu: 47%
Całkowita pamięć fizyczna: 3834.9 MB
Dostępna pamięć fizyczna: 2022.4 MB
Całkowita pamięć wirtualna: 7667.98 MB
Dostępna pamięć wirtualna: 5399.18 MB

==================== Dyski ================================

Drive c: (System) (Fixed) (Total:115.76 GB) (Free:65.14 GB) NTFS
Drive e: (Dokumenty) (Fixed) (Total:172.3 GB) (Free:98.21 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 706FD89F)
Partition 1: (Not Active) - (Size=9.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.3 GB) - (Type=OF Extended)

==================== Koniec  Addition.txt ============================

 

Both are attached.

Attached Files


Edited by Orange Blossom, 08 October 2015 - 01:20 PM.
Merged topics. ~ OB


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 11 October 2015 - 05:11 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello kaarolcia.k,

My name is mAL_rEm018, but feel free to call me mAL :)  I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 PM

Posted 12 October 2015 - 10:51 AM

Hello kaarolcia.k,
 

Uruchomiony z E:\Temporary Download Files

Please move FRST64.exe to your desktop.  It would be best if you save all the tools I ask you to run to your desktop.


Please answer the following question..

  • Did you set your Internet Explorer page to "about:blank"

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\S-1-5-21-843683370-1025533042-3172567160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank



Backup your registry using TCRB


  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


Removing a program in Windows 7


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    µTorrent

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.


Adwcleaner


  • Please download AdwCleaner to your Desktop from here.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point


I need you to run an online scan..

Please download Malwarebytes' Anti-Malware and save to your desktop.



  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of dateClick the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Answer to my question.
  • AdwCleaner log
  • MBAM log
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 15 October 2015 - 11:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users