Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow browsers, incomplete web displaying, Paypal's security raise flags


  • Please log in to reply
39 replies to this topic

#1 lukasbck

lukasbck

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 02 November 2015 - 07:34 PM

Hi, 

Some time ago my chrome (and firefox) got much slower and often web sites doesn't load properly (missing graphics) or displaying black artifacts (which disappear when mouse hoover on them). 

 

The worst is that whenever I try to make payment with Paypal it's security system raise flags and block my payments. They say that it might be problem with me using proxies, VPN - which I don't use. 

My antivirus (kaspersky) scans find nothing.

CCleaner has found lots of junk and removed it. 

AdwCleaner, as the only one has found something that might be potentially root of the problem. It's a Chrome extensions: elicpjhcidhpjomhibiffojpinpmmpil and aoiidodopnnhiflaflbfeblnojefhigh.

 

AdwCleaner is able to remove it but after reboot it's there again. 

Free version of SpyHunter is finding Snap.do - I'm not sure if it might be causing such problems. I can't remove it with any other free software. 

 

 

Please help as I use this computer for business and I relay on PayPal. 

I hope you would be able to help as my Windows XP is in Polish language and many logs might be generated in this language. 

Nevertheless I'm devoted to help with translations to the person who would be willing to look at my case.

 

 

 

This is my FRST and Addition.txt in attachments:

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:31-10-2015
Uruchomiony przez Lucas (administrator)  WORKSTATION (03-11-2015 00:07:08)
Uruchomiony z C:\Documents and Settings\Lucas\Pulpit
Załadowane profile: Lucas (Dostępne profile: Lucas & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski
Internet Explorer Wersja 6 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
 
==================== Procesy (filtrowane) =================
 
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
 
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
 
 
==================== Rejestr (filtrowane) ===========================
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2013-06-17] (Kaspersky Lab ZAO)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-21-1292428093-796845957-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1292428093-796845957-725345543-1003\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [460048 2009-10-07] ()
 
==================== Internet (filtrowane) ====================
 
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
 
Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{292A1DCB-A1F5-4526-8962-5D877E271581}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D0D1BFB-D713-4DEF-9D24-4191EAFE91A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AC6A41FB-BFCC-4C58-B5DB-720204A73019}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1292428093-796845957-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1292428093-796845957-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM -> Domyślne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-1292428093-796845957-725345543-1003 -> Domyślne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-1292428093-796845957-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-02] (Kaspersky Lab ZAO)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349916473760
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2013-01-04] (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll [2014-03-05] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1292428093-796845957-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Citrix\Plugins\104\npappdetector.dll [2014-07-22] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Lucas\Dane aplikacji\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: LastPass - C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031\Extensions\support@lastpass.com [2015-10-26]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-11] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-25]
CHR Extension: (Ebates Cash Back) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-10-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-11-03]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-25]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-25]
CHR Extension: (Safe Money) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-10-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-26]
CHR Extension: (Dangerous Websites Blocker) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-10-25]
CHR Extension: (DS Amazon Quick View) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2015-10-25]
CHR Extension: (Wave Accounting) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2015-10-25]
CHR Extension: (InvisibleHand) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2015-10-25]
CHR Extension: (AnyAudience) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ljhjbipjkapbddjldchfddlahembbobc [2015-10-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-10-25]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-12-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]
CHR HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Usługi (filtrowane) ========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-06-02] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$INFLOWSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-10-19] (Enigma Software Group USA, LLC.)
 
===================== Sterowniki (filtrowane) ==========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3786944 2005-10-26] (Realtek Semiconductor Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-10-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-10-19] ()
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-06-02] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-06-02] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-06-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2014-06-02] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2014-06-02] (Kaspersky Lab ZAO)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [689176 2008-02-05] (Logitech Inc.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2008-02-05] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Dane aplikacji\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-10-17] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.)
S3 RapportIaso; c:\documents and settings\all users\dane aplikacji\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [162584 2015-10-17] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [485248 2007-04-25] (Ralink Technology, Corp.)
S3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
S3 catchme; \??\C:\DOCUME~1\Lucas\USTAWI~1\Temp\catchme.sys [X]
S4 hpt3xx; Brak ImagePath
S4 IntelIde; Brak ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [93792 2014-06-02] (Kaspersky Lab ZAO)
S3 LVUSBSta; Brak ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; Brak ImagePath
 
==================== NetSvcs (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Jeden miesiąc - utworzone pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2015-11-03 00:07 - 2015-11-03 00:07 - 00020344 _____ C:\Documents and Settings\Lucas\Pulpit\FRST.txt
2015-11-03 00:05 - 2015-11-03 00:07 - 00000000 ____D C:\FRST
2015-11-03 00:04 - 2015-11-03 00:04 - 01701888 _____ (Farbar) C:\Documents and Settings\Lucas\Pulpit\FRST.exe
2015-11-03 00:01 - 2015-11-03 00:01 - 00001438 _____ C:\Documents and Settings\Lucas\Pulpit\AdwCleaner[C17].txt
2015-11-02 23:52 - 2015-11-02 23:52 - 00077304 _____ C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2015-11-02 23:05 - 2015-11-02 23:05 - 00000827 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Spy Protector.lnk
2015-11-02 23:05 - 2015-11-02 23:05 - 00000816 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Security Task Manager.lnk
2015-11-02 23:04 - 2015-11-02 23:05 - 00000000 ____D C:\Program Files\Security Task Manager
2015-11-02 19:44 - 2015-11-03 00:02 - 00001209 _____ C:\WINDOWS\setupapi.log
2015-11-02 18:55 - 2015-11-02 18:55 - 02170712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-02 03:15 - 2015-11-02 03:15 - 00000000 ____D C:\Program Files\ESET
2015-11-02 03:08 - 2015-11-03 00:01 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-11-02 03:08 - 2015-11-03 00:01 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-02 03:08 - 2015-11-02 23:59 - 00014148 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-02 03:08 - 2015-11-02 03:08 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-11-02 03:07 - 2015-11-03 00:02 - 00043095 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-02 03:06 - 2015-11-02 03:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-11-02 02:18 - 2015-11-02 05:46 - 00000179 _____ C:\Documents and Settings\Lucas\Pulpit\wirusiki.txt
2015-10-31 01:36 - 2015-11-03 00:07 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\temp
2015-10-31 01:36 - 2015-11-03 00:01 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2015-10-31 01:36 - 2015-11-02 12:18 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne\temp
2015-10-31 01:36 - 2015-10-31 01:36 - 00009942 _____ C:\ComboFix.txt
2015-10-31 01:36 - 2015-10-31 01:36 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\temp
2015-10-31 01:36 - 2015-10-31 01:36 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2015-10-31 01:36 - 2015-10-31 01:36 - 00000000 ____D C:\Documents and Settings\Default User\Ustawienia lokalne\temp
2015-10-29 15:27 - 2015-11-02 23:59 - 00000000 ____D C:\AdwCleaner
2015-10-25 22:24 - 2015-10-25 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2015-10-25 22:23 - 2015-11-03 00:01 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 22:23 - 2015-11-02 22:28 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-24 17:55 - 2015-10-24 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
2015-10-24 17:54 - 2015-11-02 02:43 - 00000000 ____D C:\Program Files\CCleaner
2015-10-21 10:47 - 2015-10-21 10:47 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-20 12:00 - 2015-10-20 12:00 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-20 12:00 - 2015-10-20 12:00 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Enigma Software Group
2015-10-19 22:47 - 2015-11-02 01:22 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-10-19 22:39 - 2015-10-20 11:59 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro
2015-10-19 21:58 - 2015-10-19 21:58 - 00000000 ____D C:\sh4ldr
2015-10-19 21:57 - 2015-10-19 21:57 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-10-19 21:57 - 2015-10-19 21:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-10-17 23:28 - 2015-11-02 18:57 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Thunderbird
2015-10-17 15:35 - 2015-10-17 15:35 - 00000000 ____D C:\Program Files\Sophos
2015-10-17 15:35 - 2015-10-17 15:35 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Sophos
2015-10-17 12:11 - 2015-10-17 12:14 - 00000000 ____D C:\WINDOWS\pss
2015-10-16 21:47 - 2015-11-02 09:08 - 00005346 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\Rkill.txt
 
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2015-11-03 00:07 - 2012-10-10 23:53 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit
2015-11-03 00:01 - 2012-10-10 23:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-02 23:59 - 2014-06-02 23:05 - 00371878 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
2015-11-02 23:59 - 2012-10-10 23:53 - 00000188 ___SH C:\Documents and Settings\Lucas\ntuser.ini
2015-11-02 23:54 - 2012-10-10 23:37 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2015-11-02 23:52 - 2012-10-10 23:53 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji
2015-11-02 23:51 - 2014-06-02 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2015-11-02 23:20 - 2015-07-25 10:13 - 00000188 ___SH C:\Documents and Settings\Administrator.WORKSTATION\ntuser.ini
2015-11-02 23:17 - 2012-10-11 02:36 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\uTorrent
2015-11-02 23:05 - 2012-10-10 23:37 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2015-11-02 23:05 - 2012-10-10 23:36 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2015-11-02 18:55 - 2014-06-03 21:09 - 02054300 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1292428093-796845957-725345543-1003-0.dat
2015-11-02 18:55 - 2012-10-16 22:16 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-02 18:55 - 2012-10-11 18:15 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-02 18:55 - 2012-10-10 23:53 - 00000000 ____D C:\Documents and Settings\Lucas
2015-11-02 04:28 - 2014-05-14 08:36 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\CuteRank
2015-11-02 04:27 - 2014-05-14 08:35 - 00000000 ____D C:\Program Files\CuteRank
2015-11-02 02:44 - 2015-07-25 10:13 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION
2015-11-02 01:31 - 2013-02-08 23:02 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy\Akcesoria
2015-11-02 00:31 - 2015-04-23 01:33 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-11-02 00:30 - 2012-10-10 23:43 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria
2015-11-02 00:26 - 2012-10-31 11:36 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-02 00:26 - 2012-10-11 02:26 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Skype
2015-11-01 21:28 - 2014-06-27 21:01 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\LastPass
2015-10-31 01:42 - 2012-10-10 23:52 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-10-31 01:36 - 2015-07-25 10:13 - 00000000 ___HD C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne
2015-10-31 01:36 - 2015-04-25 09:44 - 00000000 ____D C:\Qoobox
2015-10-31 01:36 - 2012-10-10 23:53 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne
2015-10-31 01:36 - 2012-10-10 23:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne
2015-10-31 01:36 - 2012-10-10 23:52 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne
2015-10-31 01:36 - 2012-10-10 23:37 - 00000000 __RHD C:\Documents and Settings\Default User\Ustawienia lokalne
2015-10-31 01:36 - 2002-12-31 23:01 - 00000000 ___HD C:\Documents and Settings\UpdatusUser\Ustawienia lokalne
2015-10-31 01:34 - 2001-07-21 22:15 - 00000435 _____ C:\WINDOWS\system.ini
2015-10-31 01:28 - 2012-10-10 23:53 - 00000000 __RHD C:\Documents and Settings\Lucas\Dane aplikacji
2015-10-28 11:36 - 2014-03-13 12:27 - 00000000 ____D C:\Documents and Settings\Lucas\Moje dokumenty\Notesy programu OneNote
2015-10-27 11:48 - 2001-07-21 22:17 - 00002284 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-26 01:29 - 2012-10-10 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-26 01:20 - 2015-07-25 10:13 - 00000000 __RHD C:\Documents and Settings\Administrator.WORKSTATION\Dane aplikacji
2015-10-25 23:26 - 2015-04-23 01:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-25 23:26 - 2015-04-23 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2015-10-25 22:24 - 2013-01-12 14:54 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google
2015-10-25 22:23 - 2013-01-28 17:32 - 00000000 ____D C:\Program Files\Google
2015-10-25 22:17 - 2013-02-04 23:26 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-25 22:11 - 2013-02-07 00:01 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy
2015-10-25 08:30 - 2012-10-10 23:37 - 01400540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 08:30 - 2001-10-26 16:15 - 00606754 _____ C:\WINDOWS\system32\perfh015.dat
2015-10-25 08:30 - 2001-10-26 16:15 - 00124692 _____ C:\WINDOWS\system32\perfc015.dat
2015-10-24 20:30 - 2012-12-25 12:44 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-10-24 20:29 - 2012-12-25 12:43 - 00000000 _____ C:\WINDOWS\system32\Drivers\logiflt.iad
2015-10-24 19:34 - 2015-03-17 20:00 - 00000000 ____D C:\temp
2015-10-24 19:03 - 2012-11-10 13:38 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Media Player Classic
2015-10-21 10:48 - 2015-07-19 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java
2015-10-21 10:47 - 2015-08-31 09:45 - 00000000 ____D C:\Documents and Settings\Lucas\.oracle_jre_usage
2015-10-21 10:46 - 2015-04-24 19:03 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-10-21 10:46 - 2015-04-24 19:03 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-10-21 10:46 - 2015-04-24 19:01 - 00000000 ____D C:\Program Files\Java
2015-10-20 22:01 - 2015-09-30 09:40 - 00000853 _____ C:\Documents and Settings\Lucas\Pulpit\III - After Delivery.lnk
2015-10-20 13:27 - 2015-09-30 09:40 - 00000871 _____ C:\Documents and Settings\Lucas\Pulpit\I - Thank You For Purchase.lnk
2015-10-20 13:25 - 2015-09-30 09:40 - 00000871 _____ C:\Documents and Settings\Lucas\Pulpit\II - Shipping Notification.lnk
2015-10-20 11:38 - 2012-10-12 18:17 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-10-20 11:29 - 2012-10-10 23:46 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-10-20 11:12 - 2012-10-11 00:35 - 00000332 __RSH C:\boot.ini
2015-10-20 11:12 - 2001-07-21 22:16 - 00000794 _____ C:\WINDOWS\win.ini
2015-10-17 15:36 - 2015-03-27 13:04 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Sophos
2015-10-17 13:18 - 2014-11-16 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Krańcowa Ochrona firmy Trusteer
2015-10-17 12:22 - 2013-09-05 09:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-16 21:47 - 2015-07-25 10:13 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION\Pulpit
2015-10-15 10:59 - 2015-08-28 10:57 - 00000457 _____ C:\Documents and Settings\Lucas\Pulpit\coupons.txt
2015-10-09 09:37 - 2015-06-20 19:56 - 00001971 _____ C:\Documents and Settings\Lucas\Pulpit\Safe Money.lnk
2015-10-05 15:19 - 2012-10-11 21:33 - 00000000 ____D C:\Program Files\FxPro - MetaTrader 4
2015-10-05 15:12 - 2014-09-26 09:37 - 04912160 _____ (MetaQuotes Software Corp.) C:\WINDOWS\system32\MetaViewer.dll
2015-10-05 09:50 - 2015-04-23 01:36 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-04-23 01:33 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-04 09:25 - 2012-10-13 09:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 
==================== Pliki w katalogu głównym wybranych folderów =======
 
2013-01-08 14:20 - 2013-01-08 14:20 - 0001009 _____ () C:\Documents and Settings\Lucas\Dane aplikacji\DVDSubEdit.ini
2010-01-27 23:37 - 2010-01-27 23:37 - 0000023 _____ () C:\Documents and Settings\Lucas\Dane aplikacji\tmp123.txt
 
Niektóre pliki w TEMP:
====================
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
 
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
 
==================== Koniec  FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 02 November 2015 - 08:44 PM

Hello lukasbck and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 03 November 2015 - 08:22 AM

Hello Yılmaz!
Thank you for responding to my post. 

I promise to follow your instructions strictly. If you need help with translating anything from my logs I will help. 

 

 

 

--

Lucas



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 03 November 2015 - 10:03 AM

Hello Yılmaz!
Thank you for responding to my post. 

I promise to follow your instructions strictly. If you need help with translating anything from my logs I will help. 

--

Lucas

Hi and Thank you Lucas.

----------------------------------------------

Please do the following,

 

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • SimilarSites
  • SpyHunter
  • AusLogics
  • Sophos Virus Removal Tool
  • Security Task Manager 2.1d
  • C:\Program Files\SimilarSites
  • C:\Program Files\Sophos
  • C:\Program Files\Enigma Software Group
  • C:\Program Files\HitmanPro

     

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

 

 

Step 1:
FRST Script:
Please download this attached  Attached File  Fixlist.txt   4.48KB   5 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 03 November 2015 - 11:56 AM

Hi, 

 

I have uninstalled requested application except SimilarSites. I don't see that application in uninstaller nor in C:\Program Files\SimilarSites.

 

Fixlog.txt

===

Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:31-10-2015
Uruchomiony przez Lucas (2015-11-03 16:04:36) Run:1
Uruchomiony z C:\Documents and Settings\Lucas\Pulpit
Załadowane profile: Lucas (Dostępne profile: Lucas & UpdatusUser & Administrator)
Tryb startu: Normal
 
==============================================
 
fixlist - zawartość:
*****************
CreateRestorePoint:
CloseProcesses:
Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1292428093-796845957-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM -> Domyslne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-1292428093-796845957-725345543-1003 -> Domyslne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
FF ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-25]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-12-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-10-19] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-10-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-10-19] ()
S3 catchme; \??\C:\DOCUME~1\Lucas\USTAWI~1\Temp\catchme.sys [X]
S4 hpt3xx; Brak ImagePath
S4 IntelIde; Brak ImagePath
S3 LVUSBSta; Brak ImagePath
S2 StarOpen; Brak ImagePath
2015-10-20 12:00 - 2015-10-20 12:00 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-20 12:00 - 2015-10-20 12:00 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Enigma Software Group
2015-10-19 22:39 - 2015-10-20 11:59 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro
2015-10-19 21:58 - 2015-10-19 21:58 - 00000000 ____D C:\sh4ldr
2015-10-19 21:57 - 2015-10-19 21:57 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-10-19 21:57 - 2015-10-19 21:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-10-19 22:47 - 2015-11-02 01:22 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-10-17 15:35 - 2015-10-17 15:35 - 00000000 ____D C:\Program Files\Sophos
2015-10-17 15:35 - 2015-10-17 15:35 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Sophos
2015-10-17 15:36 - 2015-03-27 13:04 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Sophos
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\sqlite3.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73909648.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76009654.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73909648.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76009654.sys => ""="Driver"
cmd: type C:\ComboFix.txt
cmd: netsh winsock reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
Reboot:
*****************
 
Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.
Policies\Explorer: [NoRecentDocsMenu] 1 => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia.
"HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-1292428093-796845957-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Wartość pomyślnie usunięto
HKU\S-1-5-21-1292428093-796845957-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Wartość pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Wartość pomyślnie przywrócono
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
FF ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031 => FRST posiada zabezpieczenie uniemożliwiające przesunięcie tego katalogu.
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => pomyślnie przeniesiono
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => klucz pomyślnie usunięto
"HKU\S-1-5-21-1292428093-796845957-725345543-1003\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Google\Chrome\Extensions\dchlnpcodkpfdpacogkljefecpegganj" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hakdifolhalapjijoafobooafbilfakh" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hghkgaeecgjhjkannahfamoehjmkjail" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx" => Zaplanowany do przeniesienia przy restarcie.
SpyHunter 4 Service => serwis nie znaleziono.
esgiguard => serwis nie znaleziono.
EsgScanner => serwis nie znaleziono.
catchme => serwis pomyślnie usunięto
hpt3xx => serwis pomyślnie usunięto
IntelIde => serwis pomyślnie usunięto
LVUSBSta => serwis pomyślnie usunięto
StarOpen => serwis pomyślnie usunięto
"C:\Program Files\HitmanPro" => nie znaleziono.
"C:\Documents and Settings\Lucas\Dane aplikacji\Enigma Software Group" => nie znaleziono.
C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro => pomyślnie przeniesiono
"C:\sh4ldr" => nie znaleziono.
"C:\WINDOWS\system32\Drivers\EsgScanner.sys" => nie znaleziono.
"C:\Program Files\Enigma Software Group" => nie znaleziono.
C:\WINDOWS\system32\bootdelete.exe => pomyślnie przeniesiono
"C:\Program Files\Sophos" => nie znaleziono.
"C:\Documents and Settings\All Users\Menu Start\Programy\Sophos" => nie znaleziono.
C:\Documents and Settings\All Users\Dane aplikacji\Sophos => pomyślnie przeniesiono
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\sqlite3.dll => pomyślnie przeniesiono
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\73909648.sys" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\76009654.sys" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\73909648.sys" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\76009654.sys" => klucz pomyślnie usunięto
 
=========  type C:\ComboFix.txt =========
 
ComboFix 15-10-28.01 - Lucas 2015-10-31   1:28.78.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2498 [GMT 0:00]
Uruchomiony z: f:\programy\bezpieczenstwo\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-09-28 do 2015-10-31  )))))))))))))))))))))))))))))))
.
.
2015-10-29 15:27 . 2015-10-29 15:41 -------- d-----w- C:\AdwCleaner
2015-10-24 17:54 . 2015-10-25 22:10 -------- d-----w- c:\program files\CCleaner
2015-10-21 10:47 . 2015-10-21 10:47 -------- d-----w- c:\program files\Common Files\Java
2015-10-20 12:00 . 2015-10-20 12:00 -------- d-----w- c:\program files\HitmanPro
2015-10-20 12:00 . 2015-10-20 12:00 -------- d-----w- c:\documents and settings\Lucas\Dane aplikacji\Enigma Software Group
2015-10-19 22:47 . 2015-10-19 22:47 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-10-19 22:39 . 2015-10-20 11:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HitmanPro
2015-10-19 21:58 . 2015-10-19 21:58 -------- d-----w- C:\sh4ldr
2015-10-19 21:57 . 2015-10-19 21:57 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-10-19 21:57 . 2015-10-19 21:57 -------- d-----w- c:\program files\Enigma Software Group
2015-10-17 23:28 . 2015-10-30 22:59 -------- d-----w- c:\documents and settings\Lucas\Dane aplikacji\Thunderbird
2015-10-17 15:35 . 2015-10-17 15:35 -------- d-----w- c:\program files\Sophos
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-25 23:27 . 2015-04-23 01:33 170200 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-10-21 10:46 . 2015-04-24 19:03 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-21 10:46 . 2015-04-24 19:03 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-10-05 15:12 . 2014-09-26 09:37 4912160 ----a-w- c:\windows\system32\MetaViewer.dll
2015-10-05 09:50 . 2015-04-23 01:36 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 09:50 . 2015-04-23 01:33 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 08:39 415744 --sh--w- c:\windows\system32\avisynth.dll
2004-02-22 09:11 764416 --sh--w- c:\windows\system32\devil.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-10-07 460048]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 21:51 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:02 15517472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Lucas\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VoipConnect.com\\VoipConnect\\VoipConnect.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-06-02 218264]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-06-06 144992]
R1 RapportCerberus_1412112;RapportCerberus_1412112;c:\documents and settings\All Users\Dane aplikacji\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [2015-10-17 531416]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-06-02 280088]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-06-02 337176]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2013-04-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-05-05 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-05-05 24672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-23 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-23 1135416]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-06-02 2222360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2014-03-20 23456]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2015-10-19 15920]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2015-10-19 19984]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\programy\zgrane\EverestHOME220\kerneld.wnt [2006-04-13 7168]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-23 1513784]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-10-19 771968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-25 22:23 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Zawarto folderu 'Zaplanowane zadania'
.
2015-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-25 22:22]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-25 22:22]
.
.
------- Skan uzupeniajcy -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031\
FF - prefs.js: browser.startup.homepage - google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-31 01:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesw ...  
.
skanowanie ukrytych wpisw autostartu ... 
.
skanowanie ukrytych plikw ...  
.
skanowanie pomylnie ukoczone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\f:\programy\zgrane\EverestHOME220\kerneld.wnt"
.
--------------------- Pliki DLL adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(4948)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukoczenia: 2015-10-31  01:36:02
ComboFix-quarantined-files.txt  2015-10-31 01:35
ComboFix2.txt  2015-10-26 01:27
.
Przed: 5235339264 bajtw wolnych
Po: 5221314560 bajtw wolnych
.
- - End Of File - - 60233503F89B0B04912A3F509D380231
32052574BF9F325AE309ABC7BFD04460
 
========= Koniec  CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Pomylnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi komputer, aby ukoczy resetowanie.
 
 
========= Koniec  CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
Nazwa 'bitsadmin' nie jest rozpoznawana jako polecenie wewntrzne lub zewntrzne,
program wykonywalny lub plik wsadowy.
 
========= Koniec  CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono
Hosts pomyślnie przywrócono.
EmptyTemp: => 262.9 MB danych tymczasowych Usunięto.
 
Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-11-03 16:06:59)
 
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx" => Nie można przenieść
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx" => Nie można przenieść
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx" => Nie można przenieść
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx" => Nie można przenieść
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx" => Nie można przenieść
 
==== Koniec  Fixlog 16:06:59 ====
 
 
 
AdwCleaner
==
 
# AdwCleaner v5.017 - Utworzono raport 03/11/2015 o 16:15:02
# Ostatnia aktualizacja 03/11/2015 przez Xplode
# Baza danych : 2015-11-01.2 [Serwer]
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (x86)
# Nazwa użytkownika : Lucas - WORKSTATION
# Lokalizacja programu : C:\Documents and Settings\Lucas\Pulpit\adwcleaner_5.017.exe
# Działanie : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Foldery ] *****
 
[-] Folder usunięto : C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ Pliki ] *****
 
[-] Plik usunięto : C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Zaplanowane zadania ] *****
 
 
***** [ Rejestr ] *****
 
[-] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
 
***** [ Przeglądarki internetowe ] *****
 
[-] [C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Secure Preferences] [Extension] usunięto : elicpjhcidhpjomhibiffojpinpmmpil
 
*************************
 
:: "Tracing" klucze usunięta
:: Zresetowano ustawienia Winsock
 
########## EOF - C:\AdwCleaner\AdwCleaner[C19].txt - [1416 bajty] ##########
 
 
 
 
Junkware Removal Tool
==
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by Lucas on 2015-11-03 at 16:19:36,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Lucas\Dane aplikacji\mozilla\firefox\profiles\xd7z3b21.default-1412003757031\minidumps [1 files]
 
 
 
~~~ Chrome
 
 
[C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Documents and Settings\Lucas\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-11-03 at 16:25:54,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Malware - didnt find anything and reboot was not prompted.
===
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data skanowania: 2015-11-03
Czas skanowania: 16:29:58
Raport: MBAM.txt
Administrator: Tak
 
Wersja: 2.2.0.1024
Baza szkodliwego oprogramowania: v2015.11.03.06
Baza danych rootkitów: v2015.10.28.01
Licencja: Premium
Ochrona przed złośliwym oprogramowaniem: Włączony
Ochrona przed szkodliwymi stronami: Włączony
Samoobrona: Wyłączony
 
System operacyjny: Windows XP Service Pack 3
Procesor: x86
System plików: NTFS
Użytkownik: Lucas
 
Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 423027
Czas, który upłynął: 17 min, 59 s
 
Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PUP: Ostrzegaj
PUM: Włączony
 
Procesy: 0
(Nie wykryto zagrożeń)
 
Moduły: 0
(Nie wykryto zagrożeń)
 
Klucze rejestru: 0
(Nie wykryto zagrożeń)
 
Wartości rejestru: 0
(Nie wykryto zagrożeń)
 
Dane rejestru: 0
(Nie wykryto zagrożeń)
 
Foldery: 0
(Nie wykryto zagrożeń)
 
Pliki: 0
(Nie wykryto zagrożeń)
 
Sektory fizyczne: 0
(Nie wykryto zagrożeń)
 
 
(end)
 
 
 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 03 November 2015 - 01:51 PM

Hi lukasbck,

How is your PC running now ? Is there any a recuperation ?
-------------------------------------------------------------------------------
 
Please do the following,

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/
Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html
On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear
Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
iedefaults;
FFdefaults;
CHRdefaults;

resetIEproxy;

resethosts;
ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.
When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

------------------------------------------------------------------------------------------------------------------------------------------------------

  • Please re-run AdwCleaner
  • Click on Uninstall button.

Edited by olgun52, 03 November 2015 - 01:58 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 03 November 2015 - 03:18 PM

After running zoek browser seems to be running faster. There are still some errors (missing graphics)  when loading websites though.

I have information form PayPal that might give you a hint what is going on. It seems every time I attempt to make payment using PayPal some sneaky software/or just error is attempting to process another payment at the same time. In result PayPal's security system raise flags and block all payments. 

 

 

 

 
Zoek.exe v5.0.0.1 Updated 01-November-2015
Tool run by Lucas on 2015-11-03 at 19:12:44,73.
Microsoft Windows XP Professional 5.1.2600 Dodatek Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Lucas\Pulpit\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2015-11-03 19:17:49 Zoek.exe System Restore Point Created Successfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
 
==== Empty Folders Check ======================
 
C:\Documents and Settings\Lucas\Menu Start\Programy\Adobe Master Collection CS4 deleted successfully
C:\Documents and Settings\Lucas\Menu Start\Programy\Autostart deleted successfully
C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles deleted successfully
C:\Documents and Settings\Lucas\Dane aplikacji\Malwarebytes deleted successfully
C:\Documents and Settings\Lucas\Dane aplikacji\MatthewWoodward.co.uk deleted successfully
C:\Documents and Settings\Lucas\Dane aplikacji\Media Player Classic deleted successfully
C:\Documents and Settings\Lucas\Dane aplikacji\Tofa deleted successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\GHISLER deleted successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\LogiShrd deleted successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\MediaServer deleted successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\ms-drivers deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031\prefs.js:
user_pref("browser.startup.homepage", "google.com");
 
Added to C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Documents and Settings\Lucas\Dane aplikacji\SteelBytes deleted
C:\Documents and Settings\Lucas\Dane aplikacji\DVDSubEdit.ini deleted
C:\Documents and Settings\Lucas\Dane aplikacji\tmp123.txt deleted
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4} deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"C:\Documents and Settings\Lucas\Dane aplikacji\Goso\daku.uhk" deleted
"C:\Documents and Settings\Lucas\Dane aplikacji\Goso" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com" [2014-12-17 14:13]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031
- LastPass - %ProfilePath%\extensions\support@lastpass.com
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031
7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
707BD8847C224D2FC54116BFBED8B504 - C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll - Java™ Platform SE 8 U65
163CE3EDEA7701198D1931B3084F29B8 - C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.650.17
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
99F97C9FE748C37528C338A423577FCB - C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
7E90EAF7A60086E42240BECA3F825B2C - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
4BDD23910B5A3ED085D865D06B92D8F1 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
4ED9C02D6916DD1DBD3EFB338E36F312 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
 
Ebates Cash Back - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
LastPass - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
DS Amazon Quick View - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg
Wave Accounting - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa
InvisibleHand - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko
AnyAudience - Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ljhjbipjkapbddjldchfddlahembbobc
 
==== Chromium Fix ======================
 
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0I86I45B will be deleted at reboot
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1III7JIV will be deleted at reboot
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\C3SDKVIV will be deleted at reboot
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G3IB6JON will be deleted at reboot
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Lucas\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=17 folders=8 13662196 bytes)
 
==== Empty Temp Folders ======================
 
C:\Documents and Settings\Administrator\Ustawienia lokalne\temp emptied successfully
C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne\temp emptied successfully
C:\Documents and Settings\Default User\Ustawienia lokalne\temp emptied successfully
C:\Documents and Settings\LocalService\Ustawienia lokalne\temp emptied successfully
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp will be emptied at reboot
C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp emptied successfully
C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Lucas\USTAWI~1\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\RECYCLER successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Lucas\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0I86I45B" not deleted
"C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1III7JIV" not deleted
"C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\C3SDKVIV" not deleted
"C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G3IB6JON" not deleted
 
==== EOF on 2015-11-03 at 19:46:29,54 ======================
 
 
RogueKiller V10.11.4.0 [Nov  2 2015] (Free) od Adlice Software
 
System operacyjny : Windows XP (5.1.2600 Dodatek Service Pack 3) 32 bits version
Tryb rozruchu : Tryb normalny
Użytkownik : Lucas [Administrator]
Lokalizacja programu : C:\Program Files\RogueKiller\RogueKiller.exe
Tryb : Skanowanie -- Data : 11/03/2015 20:04:03
 
¤¤¤ Procesy : 0 ¤¤¤
 
¤¤¤ Rejestr : 2 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Lucas\USTAWI~1\Temp\catchme.sys) -> Znaleziono
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1  -> Znaleziono
 
¤¤¤ Zaplanowane zadania : 0 ¤¤¤
 
¤¤¤ Pliki : 0 ¤¤¤
 
¤¤¤ Plik hosts : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost 
 
¤¤¤ Rootkity : 0 (Driver: załadowano) ¤¤¤
 
¤¤¤ Przeglądarki : 0 ¤¤¤
 
¤¤¤ Weryfikacja MBR : ¤¤¤
+++++ PhysicalDrive0: HDT722520DLA380 +++++
--- User ---
[MBR] 198457da55788bf5c02b74f79b482a29
[BSP] 53041d7b3620d7b2904033f26ba24ec7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 160783 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Maxtor 6V200E0 +++++
--- User ---
[MBR] f2ef321271a640b14164b6144dedb424
[BSP] 2aa615cbff17e9a37900006c4fe81fd8 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 94468 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 193470795 | Size: 99998 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] f00618901d5c4d505b4e79023fa987ca
[BSP] 68315b15fda24002d2c50319b3102753 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 1 | Size: 3795 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )
 
 
# AdwCleaner v5.017 - Utworzono raport 03/11/2015 o 20:11:35
# Ostatnia aktualizacja 03/11/2015 przez Xplode
# Baza danych : 2015-11-03.2 [Serwer]
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (x86)
# Nazwa użytkownika : Lucas - WORKSTATION
# Lokalizacja programu : C:\Documents and Settings\Lucas\Pulpit\adwcleaner_5.017.exe
# Działanie : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Foldery ] *****
 
 
***** [ Pliki ] *****
 
[-] Plik usunięto : C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Zaplanowane zadania ] *****
 
 
***** [ Rejestr ] *****
 
 
***** [ Przeglądarki internetowe ] *****
 
 
*************************
 
:: "Tracing" klucze usunięta
:: Zresetowano ustawienia Winsock
 
########## EOF - C:\AdwCleaner\AdwCleaner[C20].txt - [939 bajty] ##########
 
 

Edited by lukasbck, 03 November 2015 - 03:21 PM.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 03 November 2015 - 05:19 PM

 

After running zoek browser seems to be running faster. There are still some errors (missing graphics)  when loading websites though.

I have information form PayPal that might give you a hint what is going on. It seems every time I attempt to make payment using PayPal some sneaky software/or just error is attempting to process another payment at the same time. In result PayPal's security system raise flags and block all payments. 

There are many harmful to your system. However all, we are delete successfully. We delete important files.

There is no need to worry. You must be patient

 

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 03 November 2015 - 07:10 PM

I don't do scans in safe mode because my windows profile is 'administrator' type. It's OK, right?

 

 

 

ComboFix 15-10-28.01 - Lucas 2015-11-03  23:52:04.79.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2503 [GMT 0:00]
Uruchomiony z: c:\documents and settings\Lucas\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-10-03 do 2015-11-03  )))))))))))))))))))))))))))))))
.
.
2015-11-03 21:45 . 2015-11-03 21:45 12062208 ----a-w- c:\program files\Common Files\lpuninstall.exe
2015-11-03 19:50 . 2015-11-03 19:50 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-03 19:50 . 2015-11-03 20:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\RogueKiller
2015-11-03 19:49 . 2015-11-03 19:49 -------- d-----w- c:\program files\RogueKiller
2015-11-03 19:44 . 2015-11-03 19:12 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-03 19:12 . 2015-11-03 19:40 -------- d-----w- C:\zoek_backup
2015-11-03 00:05 . 2015-11-03 16:06 -------- d-----w- C:\FRST
2015-11-02 03:15 . 2015-11-02 03:15 -------- d-----w- c:\program files\ESET
2015-11-02 03:06 . 2015-11-02 03:06 -------- d-----w- C:\TDSSKiller_Quarantine
2015-10-29 15:27 . 2015-11-03 20:11 -------- d-----w- C:\AdwCleaner
2015-10-24 17:54 . 2015-11-02 02:43 -------- d-----w- c:\program files\CCleaner
2015-10-21 10:47 . 2015-10-21 10:47 -------- d-----w- c:\program files\Common Files\Java
2015-10-17 23:28 . 2015-11-03 23:48 -------- d-----w- c:\documents and settings\Lucas\Dane aplikacji\Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-03 20:22 . 2015-04-23 01:33 170200 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-10-21 10:46 . 2015-04-24 19:03 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-21 10:46 . 2015-04-24 19:03 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-10-05 15:12 . 2014-09-26 09:37 4912160 ----a-w- c:\windows\system32\MetaViewer.dll
2015-10-05 09:50 . 2015-04-23 01:36 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 09:50 . 2015-04-23 01:33 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 08:39 415744 --sh--w- c:\windows\system32\avisynth.dll
2004-02-22 09:11 764416 --sh--w- c:\windows\system32\devil.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-10-07 460048]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2015-11-3 12062208]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-09-16 20:32 6495144 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 21:51 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:02 15517472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Lucas\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VoipConnect.com\\VoipConnect\\VoipConnect.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-06-02 218264]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-06-06 144992]
R1 RapportCerberus_1412112;RapportCerberus_1412112;c:\documents and settings\All Users\Dane aplikacji\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [2015-10-17 531416]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2015-06-02 280088]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2015-06-02 337176]
R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2013-04-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-05-05 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-05-05 24672]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-23 1135416]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-06-02 2222360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-23 23256]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Dane aplikacji\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [2014-11-16 162584]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-23 1513784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-25 22:23 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-25 22:22]
.
2015-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-25 22:22]
.
.
------- Skan uzupełniający -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\xd7z3b21.default-1412003757031\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-03 23:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2015-11-03  23:59:25
ComboFix-quarantined-files.txt  2015-11-03 23:59
ComboFix2.txt  2015-10-26 01:27
.
Przed: 4 908 015 616 bajtów wolnych
Po: 4 935 991 296 bajtów wolnych
.
- - End Of File - - D37F6169D22EB1C6FE62178BD3752177
32052574BF9F325AE309ABC7BFD04460

Edited by lukasbck, 03 November 2015 - 07:11 PM.


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 07 November 2015 - 02:40 PM

Hi lukasbck,
 
Registry Fix
-------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How is the PC running now ? Any issues ?

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • Eset online scanner log
  • Did the Registry key import properly?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 November 2015 - 06:16 PM

Hi, 

I have stuck with registry fix. 
When I launch the fix.reg I have an error (this is translation)

 

"Can not import C:\documents and Settings\...\fix.reg: This file is not registry script. Importing is possible only to binary registry files from inside of Registry Editor"

 

My registry editor version is 5.1, if that makes any difference. 

 

 

When I try to import the file from Registry Editor it gives me an error:
"Can not import C:\documents and Settings\...\fix.reg. Selected key is not valid". 

Please advice. 


Edited by lukasbck, 08 November 2015 - 08:37 AM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 08 November 2015 - 10:42 AM

Not important. please run Eset Online scanner now.

 

How is the machine running now ?

 

next >>>

 

Please post a fresh FRST logfile for my check. ( FRST.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 November 2015 - 05:12 PM

Browser seems to be running the same - very fast but sometimes some pictures are missing from websites or other artifacts are showing up.

Most importantly PayPal is still blocking my payments (I have tried to pay before running Eset Online which has just found something suspicious and deleted it.) Paypal has found out that whenever I try to pay for something another hidden transaction is trying to be processed along with mine. PayPal is blocking both transactions in result as this is highly suspicious. It could be some malware trying to hijack my paypal payments or just browser errors - I have the same on chrome and firefox). I will be trying to make payments soon - hopefully this what ESET has found and deleted was the cause of all this problems. 

I'm waiting for further instructions anyways. 

 

ESET Scan results

C:\System Volume Information\_restore{0EF5F4F5-7615-4D58-A2E1-AF95A13EF5E2}\RP765\A0349220.msi a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined

 

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:31-10-2015
Uruchomiony przez Administrator (administrator)  WORKSTATION (08-11-2015 21:51:47)
Uruchomiony z C:\Documents and Settings\Administrator.WORKSTATION\Pulpit
Załadowane profile: Administrator (Dostępne profile: Lucas & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski
Internet Explorer Wersja 6 (Domyślna przeglądarka: IE)
Tryb startu: Safe Mode (minimal)
 
==================== Procesy (filtrowane) =================
 
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
 
(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
 
 
==================== Rejestr (filtrowane) ===========================
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
 
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2013-06-17] (Kaspersky Lab ZAO)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-21-1292428093-796845957-725345543-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1292428093-796845957-725345543-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [460048 2009-10-07] ()
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Install LastPass FF RunOnce.lnk [2015-11-06]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
 
==================== Internet (filtrowane) ====================
 
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{292A1DCB-A1F5-4526-8962-5D877E271581}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D0D1BFB-D713-4DEF-9D24-4191EAFE91A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AC6A41FB-BFCC-4C58-B5DB-720204A73019}: [DhcpNameServer] 192.168.178.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1292428093-796845957-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1292428093-796845957-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1292428093-796845957-725345543-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= UWAGA
SearchScopes: HKU\S-1-5-21-1292428093-796845957-725345543-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-02] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-02] (Kaspersky Lab ZAO)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349916473760
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2013-01-04] (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll [2014-03-05] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-11] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-17] [Brak podpisu cyfrowego]
 
==================== Usługi (filtrowane) ========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-06-02] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MSSQL$INFLOWSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
 
===================== Sterowniki (filtrowane) ==========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3786944 2005-10-26] (Realtek Semiconductor Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 eapihdrv; C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\ehdrv.sys [135760 2015-11-08] (ESET)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-06-02] (Kaspersky Lab ZAO)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-06-02] (Kaspersky Lab ZAO)
S3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-06-02] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2014-06-02] (Kaspersky Lab ZAO)
S1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2014-06-02] (Kaspersky Lab ZAO)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [689176 2008-02-05] (Logitech Inc.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2008-02-05] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 RapportCerberus_1412112; C:\Documents and Settings\All Users\Dane aplikacji\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-10-17] (IBM Corp.) [Brak podpisu cyfrowego]
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.) [Brak podpisu cyfrowego]
S3 RapportIaso; c:\documents and settings\all users\dane aplikacji\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [162584 2015-10-17] (IBM Corp.) [Brak podpisu cyfrowego]
S0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.) [Brak podpisu cyfrowego]
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.) [Brak podpisu cyfrowego]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [485248 2007-04-25] (Ralink Technology, Corp.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-11-05] ()
S3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1.WO~\USTAWI~1\Temp\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [93792 2014-06-02] (Kaspersky Lab ZAO)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Jeden miesiąc - utworzone pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2015-11-08 21:51 - 2015-11-08 21:52 - 00013319 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\FRST.txt
2015-11-08 20:34 - 2015-11-08 21:47 - 00000376 _____ C:\Documents and Settings\Lucas\Pulpit\ESETScan.txt
2015-11-07 23:05 - 2015-11-07 23:01 - 00000726 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\fix.reg
2015-11-07 23:01 - 2015-11-07 23:01 - 00000726 _____ C:\Documents and Settings\Lucas\Pulpit\fix.reg
2015-11-07 20:36 - 2015-11-07 20:36 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\GHISLER
2015-11-05 23:39 - 2015-11-05 23:39 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-05 23:39 - 2015-11-05 23:39 - 00000000 _____ C:\WINDOWS\setupact.log
2015-11-05 23:33 - 2015-11-05 23:33 - 00077304 _____ C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2015-11-05 23:29 - 2015-11-08 21:52 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne\temp
2015-11-05 23:29 - 2015-11-08 21:50 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2015-11-05 23:29 - 2015-11-05 23:29 - 00009444 _____ C:\ComboFix.txt
2015-11-05 23:29 - 2015-11-05 23:29 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\temp
2015-11-05 23:29 - 2015-11-05 23:29 - 00000000 ____D C:\Documents and Settings\Default User\Ustawienia lokalne\temp
2015-11-05 22:52 - 2015-11-08 21:43 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\temp
2015-11-05 22:52 - 2015-11-05 22:52 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2015-11-05 22:52 - 2015-11-05 22:52 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\temp
2015-11-05 22:52 - 2015-11-05 22:39 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-11-05 22:39 - 2015-11-03 19:46 - 00013874 _____ C:\zoek-results2015-11-03-194629.log
2015-11-05 21:58 - 2015-11-05 21:52 - 00000170 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\zoek script - skasuj.txt
2015-11-05 21:57 - 2015-11-03 23:47 - 05637361 ____R (Swearware) C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\ComboFix.exe
2015-11-05 21:57 - 2015-11-03 19:16 - 24937288 _____ (Adlice Software ) C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\setup.exe
2015-11-05 21:57 - 2015-11-03 19:10 - 01309184 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\zoek.exe
2015-11-05 21:57 - 2015-11-03 16:18 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\JRT.exe
2015-11-05 21:57 - 2015-11-03 16:09 - 01708032 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\adwcleaner_5.017.exe
2015-11-05 21:57 - 2015-11-03 00:04 - 01701888 _____ (Farbar) C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\FRST.exe
2015-11-05 21:52 - 2015-11-05 21:52 - 00000170 _____ C:\zoek script - skasuj.txt
2015-11-05 21:49 - 2015-11-05 21:49 - 00004586 _____ C:\Documents and Settings\Lucas\Pulpit\Fixlist.txt
2015-11-04 19:12 - 2015-11-04 19:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini110415-01.dmp
2015-11-03 23:47 - 2015-11-03 23:47 - 05637361 ____R (Swearware) C:\Documents and Settings\Lucas\Pulpit\ComboFix.exe
2015-11-03 21:45 - 2015-11-06 00:27 - 12062208 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-11-03 21:42 - 2015-11-05 23:44 - 00007285 _____ C:\WINDOWS\setupapi.log
2015-11-03 20:06 - 2015-11-03 20:06 - 00004550 _____ C:\Documents and Settings\Lucas\Pulpit\rk_3F.tmp.txt
2015-11-03 19:50 - 2015-11-05 23:09 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-03 19:50 - 2015-11-03 20:07 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\RogueKiller
2015-11-03 19:49 - 2015-11-03 19:49 - 00000000 ____D C:\Program Files\RogueKiller
2015-11-03 19:49 - 2015-11-03 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\RogueKiller
2015-11-03 19:47 - 2015-11-03 19:47 - 00013874 _____ C:\Documents and Settings\Lucas\Pulpit\zoek-results.txt
2015-11-03 19:46 - 2015-11-03 19:46 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy\Autostart
2015-11-03 19:38 - 2015-11-03 19:38 - 00000008 __RSH C:\Documents and Settings\Lucas\ntuser.pol
2015-11-03 19:17 - 2015-11-05 23:07 - 00008590 _____ C:\zoek-results.log
2015-11-03 19:16 - 2015-11-03 19:16 - 24937288 _____ (Adlice Software ) C:\Documents and Settings\Lucas\Pulpit\setup.exe
2015-11-03 19:12 - 2015-11-05 22:49 - 00000000 ____D C:\zoek_backup
2015-11-03 19:10 - 2015-11-03 19:10 - 01309184 _____ C:\Documents and Settings\Lucas\Pulpit\zoek.exe
2015-11-03 16:51 - 2015-11-03 16:51 - 00001123 _____ C:\Documents and Settings\Lucas\Pulpit\MBAM.txt
2015-11-03 16:26 - 2015-11-03 16:26 - 00001480 _____ C:\Documents and Settings\Lucas\Pulpit\JRT.txt
2015-11-03 16:18 - 2015-11-03 16:18 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\Lucas\Pulpit\JRT.exe
2015-11-03 16:17 - 2015-11-03 16:17 - 00001496 _____ C:\Documents and Settings\Lucas\Pulpit\AdwCleaner.txt
2015-11-03 16:09 - 2015-11-03 16:09 - 01708032 _____ C:\Documents and Settings\Lucas\Pulpit\adwcleaner_5.017.exe
2015-11-03 15:48 - 2015-11-03 15:48 - 02170712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-03 00:05 - 2015-11-08 21:51 - 00000000 ____D C:\FRST
2015-11-03 00:04 - 2015-11-03 00:04 - 01701888 _____ (Farbar) C:\Documents and Settings\Lucas\Pulpit\FRST.exe
2015-11-02 03:15 - 2015-11-02 03:15 - 02870984 _____ (ESET) C:\Documents and Settings\Lucas\Pulpit\esetsmartinstaller_enu.exe
2015-11-02 03:08 - 2015-11-08 21:50 - 00032552 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-02 03:08 - 2015-11-08 21:50 - 00000216 _____ C:\WINDOWS\wiadebug.log
2015-11-02 03:08 - 2015-11-08 21:50 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-02 03:08 - 2015-11-02 03:08 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-11-02 03:07 - 2015-11-08 21:50 - 00205728 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-02 03:06 - 2015-11-02 03:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-11-02 02:18 - 2015-11-02 05:46 - 00000179 _____ C:\Documents and Settings\Lucas\Pulpit\wirusiki.txt
2015-10-29 15:27 - 2015-11-05 22:04 - 00000000 ____D C:\AdwCleaner
2015-10-25 22:24 - 2015-10-25 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2015-10-25 22:23 - 2015-11-08 21:28 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 22:23 - 2015-11-08 16:15 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-24 17:55 - 2015-10-24 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
2015-10-24 17:54 - 2015-11-02 02:43 - 00000000 ____D C:\Program Files\CCleaner
2015-10-21 10:47 - 2015-10-21 10:47 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-17 23:28 - 2015-11-08 21:41 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Thunderbird
2015-10-17 12:11 - 2015-10-17 12:14 - 00000000 ____D C:\WINDOWS\pss
2015-10-16 21:47 - 2015-11-02 09:08 - 00005346 _____ C:\Documents and Settings\Administrator.WORKSTATION\Pulpit\Rkill.txt
 
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2015-11-08 21:51 - 2015-07-25 10:13 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION\Pulpit
2015-11-08 21:50 - 2012-10-10 23:53 - 00000188 ___SH C:\Documents and Settings\Lucas\ntuser.ini
2015-11-08 21:50 - 2012-10-10 23:53 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit
2015-11-08 21:50 - 2012-10-10 23:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-08 16:03 - 2015-04-23 01:33 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-11-07 23:08 - 2015-07-25 10:13 - 00000188 ___SH C:\Documents and Settings\Administrator.WORKSTATION\ntuser.ini
2015-11-07 20:36 - 2012-10-10 23:53 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji
2015-11-07 16:14 - 2014-06-27 21:01 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\LastPass
2015-11-07 10:58 - 2001-07-21 22:17 - 00002284 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-06 13:25 - 2012-10-10 23:37 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2015-11-06 00:27 - 2014-06-27 21:01 - 00000000 ____D C:\LastPass_549548657
2015-11-06 00:27 - 2012-10-10 23:37 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2015-11-06 00:26 - 2014-06-27 21:01 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy\LastPass
2015-11-06 00:26 - 2014-06-27 21:01 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\LastPass
2015-11-05 23:44 - 2015-03-17 19:50 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-11-05 23:44 - 2015-03-17 19:50 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-11-05 23:43 - 2015-03-17 19:50 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-11-05 23:43 - 2012-10-12 18:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-05 23:43 - 2012-10-11 00:19 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-11-05 23:35 - 2013-02-08 23:02 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy\Akcesoria
2015-11-05 23:35 - 2012-10-10 23:43 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria
2015-11-05 23:34 - 2012-10-10 23:53 - 00000000 ___SD C:\Documents and Settings\Lucas\Ustawienia lokalne\Historia
2015-11-05 23:33 - 2012-10-10 23:52 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-11-05 23:33 - 2012-10-10 23:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia
2015-11-05 23:31 - 2012-10-10 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-05 23:31 - 2012-10-10 23:52 - 00000000 ___SD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia
2015-11-05 23:29 - 2015-07-25 10:13 - 00000000 ___HD C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne
2015-11-05 23:29 - 2015-04-25 09:44 - 00000000 ____D C:\Qoobox
2015-11-05 23:29 - 2012-10-10 23:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne
2015-11-05 23:29 - 2012-10-10 23:37 - 00000000 __RHD C:\Documents and Settings\Default User\Ustawienia lokalne
2015-11-05 23:29 - 2002-12-31 23:01 - 00000000 ___HD C:\Documents and Settings\UpdatusUser\Ustawienia lokalne
2015-11-05 23:28 - 2001-07-21 22:15 - 00000435 _____ C:\WINDOWS\system.ini
2015-11-05 23:22 - 2015-07-25 10:13 - 00000000 __RHD C:\Documents and Settings\Administrator.WORKSTATION\Dane aplikacji
2015-11-05 22:52 - 2013-02-09 00:45 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne
2015-11-05 22:52 - 2012-10-10 23:53 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne
2015-11-05 22:52 - 2012-10-10 23:52 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne
2015-11-05 22:03 - 2015-07-25 10:13 - 00000000 ___SD C:\Documents and Settings\Administrator.WORKSTATION\Ustawienia lokalne\Historia
2015-11-04 19:12 - 2012-10-31 11:36 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-03 23:51 - 2012-10-10 23:53 - 00000000 __RHD C:\Documents and Settings\Lucas\Dane aplikacji
2015-11-03 19:50 - 2012-10-10 23:36 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2015-11-03 19:49 - 2012-10-10 23:37 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2015-11-03 19:46 - 2013-02-07 00:01 - 00000000 ____D C:\Documents and Settings\Lucas\Menu Start\Programy
2015-11-03 19:38 - 2012-10-10 23:53 - 00000000 ____D C:\Documents and Settings\Lucas
2015-11-03 19:37 - 2012-10-11 01:19 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-03 16:04 - 2012-10-10 23:37 - 00000000 ___SD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia
2015-11-03 16:04 - 2002-12-31 23:01 - 00000000 ___HD C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Historia
2015-11-03 15:47 - 2012-10-16 22:16 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-11-03 15:47 - 2012-10-11 18:15 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-03 02:16 - 2012-10-11 02:36 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\uTorrent
2015-11-02 23:59 - 2014-06-02 23:05 - 00371878 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
2015-11-02 23:51 - 2014-06-02 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2015-11-02 18:55 - 2014-06-03 21:09 - 02054300 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1292428093-796845957-725345543-1003-0.dat
2015-11-02 04:28 - 2014-05-14 08:36 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\CuteRank
2015-11-02 04:27 - 2014-05-14 08:35 - 00000000 ____D C:\Program Files\CuteRank
2015-11-02 02:44 - 2015-07-25 10:13 - 00000000 ____D C:\Documents and Settings\Administrator.WORKSTATION
2015-11-02 00:26 - 2012-10-11 02:26 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Skype
2015-10-28 11:36 - 2014-03-13 12:27 - 00000000 ____D C:\Documents and Settings\Lucas\Moje dokumenty\Notesy programu OneNote
2015-10-25 23:26 - 2015-04-23 01:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-25 23:26 - 2015-04-23 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2015-10-25 22:24 - 2013-01-12 14:54 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Google
2015-10-25 22:23 - 2013-01-28 17:32 - 00000000 ____D C:\Program Files\Google
2015-10-25 22:17 - 2013-02-04 23:26 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-10-25 08:30 - 2012-10-10 23:37 - 01400540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 08:30 - 2001-10-26 16:15 - 00606754 _____ C:\WINDOWS\system32\perfh015.dat
2015-10-25 08:30 - 2001-10-26 16:15 - 00124692 _____ C:\WINDOWS\system32\perfc015.dat
2015-10-24 20:30 - 2012-12-25 12:44 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-10-24 20:29 - 2012-12-25 12:43 - 00000000 _____ C:\WINDOWS\system32\Drivers\logiflt.iad
2015-10-24 19:34 - 2015-03-17 20:00 - 00000000 ____D C:\temp
2015-10-21 10:48 - 2015-07-19 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java
2015-10-21 10:47 - 2015-08-31 09:45 - 00000000 ____D C:\Documents and Settings\Lucas\.oracle_jre_usage
2015-10-21 10:46 - 2015-04-24 19:03 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-10-21 10:46 - 2015-04-24 19:03 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-10-21 10:46 - 2015-04-24 19:01 - 00000000 ____D C:\Program Files\Java
2015-10-20 22:01 - 2015-09-30 09:40 - 00000853 _____ C:\Documents and Settings\Lucas\Pulpit\III - After Delivery.lnk
2015-10-20 13:27 - 2015-09-30 09:40 - 00000871 _____ C:\Documents and Settings\Lucas\Pulpit\I - Thank You For Purchase.lnk
2015-10-20 13:25 - 2015-09-30 09:40 - 00000871 _____ C:\Documents and Settings\Lucas\Pulpit\II - Shipping Notification.lnk
2015-10-20 11:38 - 2012-10-12 18:17 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-10-20 11:29 - 2012-10-10 23:46 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-10-20 11:12 - 2012-10-11 00:35 - 00000332 __RSH C:\boot.ini
2015-10-20 11:12 - 2001-07-21 22:16 - 00000794 _____ C:\WINDOWS\win.ini
2015-10-17 13:18 - 2014-11-16 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Krańcowa Ochrona firmy Trusteer
2015-10-17 12:22 - 2013-09-05 09:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-15 10:59 - 2015-08-28 10:57 - 00000457 _____ C:\Documents and Settings\Lucas\Pulpit\coupons.txt
2015-10-09 09:37 - 2015-06-20 19:56 - 00001971 _____ C:\Documents and Settings\Lucas\Pulpit\Safe Money.lnk
 
==================== Pliki w katalogu głównym wybranych folderów =======
 
2015-11-03 21:45 - 2015-11-06 00:27 - 12062208 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
 
==================== Bamital & volsnap =================
 
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
 
C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
 
==================== Koniec  FRST.txt ============================
 
 
Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:31-10-2015
Uruchomiony przez Administrator (2015-11-08 21:53:01)
Uruchomiony z C:\Documents and Settings\Administrator.WORKSTATION\Pulpit
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) (2005-05-07 15:24:05)
Tryb startu: Safe Mode (minimal)
==========================================================
 
 
==================== Konta użytkowników: =============================
 
Administrator (S-1-5-21-1292428093-796845957-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.WORKSTATION
ASPNET (S-1-5-21-1292428093-796845957-725345543-1009 - Limited - Enabled)
Gość (S-1-5-21-1292428093-796845957-725345543-501 - Limited - Disabled)
Lucas (S-1-5-21-1292428093-796845957-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Lucas
Pomocnik (S-1-5-21-1292428093-796845957-725345543-1000 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-1292428093-796845957-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1292428093-796845957-725345543-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
 
==================== Centrum zabezpieczeń ========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 
==================== Zainstalowane programy ======================
 
(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
ChomikBox (HKLM\...\{C7B52FAF-58D8-438C-B810-F78C3C927504}) (Version: 2.0.8.0 - Chomikuj.pl)
Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CuteRank 3.5.9 (HKLM\...\CuteRank) (Version: 3.5.9 - CuteRank.Net)
FxPro - MetaTrader 4 (HKLM\...\FxPro - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hot Item Finder (HKLM\...\Hot Item Finder2.1.1.3) (Version: 2.1.1.3 - InnAnTech Industries Inc.)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.4.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Krańcowa Ochrona firmy Trusteer (HKLM\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LastPass (tylko odinstaluj) (HKLM\...\LastPass) (Version:  - LastPass)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.54.11 - Logitech, Inc.)
Logitech QuickCam (HKLM\...\{6444D9D9-CD6C-4464-B970-55C606C944DC}) (Version: 11.70.1200 - Logitech Inc.)
Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
Pakiet sterowników: Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Panel sterowania NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.2.7 (HKLM\...\PhotomatixPro42x32_is1) (Version: 4.2.7 - HDRsoft Ltd)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PowerDVD (Version: 13.0 - Nazwa firmy) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
QuickTime Alternative 1.95 (HKLM\...\QuicktimeAlt_is1) (Version: 1.9.5 - )
Rapport (Version: 3.5.1412.176 - Trusteer) Hidden
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.106 - Skype Technologies S.A.)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Topaz DeNoise 5 (HKLM\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
Trapcode Particular v2 (HKLM\...\Trapcode Particular v2) (Version:  - )
Trapcode Starglow (HKLM\...\Trapcode Starglow) (Version:  - )
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.175805 - Microsoft Corporation)
 
==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Punkty Przywracania systemu =========================
 
25-10-2015 14:16:53 Punkt kontrolny systemu
26-10-2015 01:56:12 JRT Pre-Junkware Removal
27-10-2015 14:27:30 Punkt kontrolny systemu
28-10-2015 14:41:23 Punkt kontrolny systemu
29-10-2015 15:19:59 JRT Pre-Junkware Removal
31-10-2015 01:17:34 JRT Pre-Junkware Removal
01-11-2015 14:23:31 Punkt kontrolny systemu
02-11-2015 01:22:13 Punkt przywracania stworzony przez HitmanPro
03-11-2015 13:39:43 Punkt kontrolny systemu
03-11-2015 15:50:28 Removed Sophos Virus Removal Tool.
03-11-2015 16:04:40 Restore Point Created by FRST
03-11-2015 16:19:42 JRT Pre-Junkware Removal
03-11-2015 19:17:49 zoek.exe restore point
05-11-2015 11:56:17 Punkt kontrolny systemu
06-11-2015 13:32:53 Zaraz po czyszczeniu z bleepingcomputer
07-11-2015 14:27:32 Punkt kontrolny systemu
 
==================== Hosts - zawartość: ===============================
 
(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)
 
2001-10-26 15:45 - 2015-11-05 22:40 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
127.0.0.1       localhost 
 
==================== Zaplanowane zadania (filtrowane) =============
 
(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Załadowane moduły (filtrowane) ==============
 
 
==================== Alternate Data Streams (filtrowane) =========
 
(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)
 
 
==================== Tryb awaryjny (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE - Powiązania (filtrowane) ===============
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)
 
 
==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)
 
 
==================== Inne obszary ============================
 
(Obecnie brak automatycznej naprawy dla tej sekcji.)
 
HKU\S-1-5-21-1292428093-796845957-725345543-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Urządzenie nie jest podłączone do internetu.
 
==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==
 
(Obecnie brak automatycznej naprawy dla tej sekcji.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
 
==================== Reguły Zapory systemu Windows (filtrowane) ===============
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Lucas\Dane aplikacji\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe] => Enabled:Adobe CSI CS4
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe] => Enabled:VoipConnect
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [5353:TCP] => Enabled:Adobe CSI CS4
 
==================== Wadliwe urządzenia w Menedżerze urządzeń =============
 
Name: Kontroler magistrali zarządzania systemem
Description: Kontroler magistrali zarządzania systemem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Inne urządzenia typu mostek PCI
Description: Inne urządzenia typu mostek PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Błędy w Dzienniku zdarzeń: =========================
 
Dziennik Aplikacja:
==================
Error: (11/08/2015 09:52:27 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:26 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:22 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:20 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:20 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje.
 
Error: (11/08/2015 09:52:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Nie można określić nazwy serwera lub adresu
 
 
Dziennik System:
=============
Error: (11/08/2015 09:52:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: 
AFD
Fips
IPSec
KLIF
klpd
kltdi
kneps
MRxSmb
NetBIOS
NetBT
Processor
RapportKELL
RasAcd
Rdbss
Tcpip
WS2IFSL
 
Error: (11/08/2015 09:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa IPSEC Services zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: 
%%31
 
Error: (11/08/2015 09:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Pomoc TCP/IP NetBIOS zależy od usługi Środowisko obsługi sieci AFD, której nie można uruchomić z powodu następującego błędu: 
%%31
 
Error: (11/08/2015 09:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: 
%%31
 
Error: (11/08/2015 09:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: 
%%31
 
Error: (11/08/2015 09:51:32 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT)
Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „”
w celu uruchomienia serwera:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/08/2015 09:51:25 PM) (Source: DCOM) (EventID: 10005) (User: WORKSTATION)
Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi netman z argumentami „”
w celu uruchomienia serwera:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (11/08/2015 04:16:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego błędu: 
%%1069
 
Error: (11/08/2015 04:16:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usługa nvUpdatusService nie mogła zalogować się jako .\UpdatusUser z aktualnie skonfigurowanym 
hasłem z powodu następującego błędu: 
%%1330
 
Aby upewnić się, że usługa 
jest skonfigurowana właściwie, użyj przystawki Usługi w programie
Microsoft Management Console (MMC).
 
Error: (11/08/2015 09:09:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi NVIDIA Update Service Daemon z powodu następującego błędu: 
%%1069
 
 
==================== Statystyki pamięci =========================== 
 
Procesor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Procent pamięci w użyciu: 8%
Całkowita pamięć fizyczna: 3071.48 MB
Dostępna pamięć fizyczna: 2808.43 MB
Całkowita pamięć wirtualna: 4989.3 MB
Dostępna pamięć wirtualna: 4906.33 MB
 
==================== Dyski ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:4.77 GB) NTFS ==>[dysk z komponentami startowymi (Windows XP)]
Drive d: (Work3) (Fixed) (Total:92.25 GB) (Free:2.85 GB) NTFS
Drive e: (Work1) (Fixed) (Total:157.01 GB) (Free:21.16 GB) NTFS
Drive f: (Work2) (Fixed) (Total:97.65 GB) (Free:2.27 GB) NTFS
Drive i: () (Removable) (Total:3.7 GB) (Free:0.46 GB) FAT32
 
==================== MBR & Tablica partycji ==================
 
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=157 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 189.9 GB) (Disk ID: 9A749A74)
Partition 1: (Active) - (Size=92.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 0001B4E5)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== Koniec  Addition.txt ============================


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 08 November 2015 - 05:50 PM

Browser seems to be running the same - very fast but sometimes some pictures are missing from websites or other artifacts are showing up.

For this the problem:

 

Flash Player Update:
Your Flash Player is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

İnstall For İE >> Adobe Flash Player 19 ActiveX ==>Download the Flash Player content debugger for Internet Explorer - ActiveX

İnstall For FF >> Adobe Flash Player 19 NPAPI ==>Download the Flash Player content debugger for Firefox - NPAPI
İnstall For Opera and Chrome >> Adobe Flash player applications PPAPI ==>Download the Flash Player content

 

Browsers restart and please do the following

 

Home page:https://www.adobe.com/support/flashplayer/debug_downloads.html

__________________________________________________________________________________________________________

 

I do not fully understand,  paypal topic and please write again,short and with different words

 

EDİT:

Most importantly PayPal is still blocking my payments
(I have tried to pay before running Eset Online which has just found something suspicious and deleted it.)

 what found there, Eset ?


Edited by olgun52, 08 November 2015 - 06:04 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 November 2015 - 06:37 PM

Browsers restart and please do the following

 

Home page:https://www.adobe.com/support/flashplayer/debug_downloads.html

 

I have installed flashplayer debugger.
Unfortunately I don't understand what I'm supposed to do based on information on this website. Can you explain?

 

Ir regards to paypal issue. 

When I want to checkout on some online store with paypal (it's on every online store I have tried so it's not a problem with the store) I have an error that payment cant be processed. When I call paypal customer service, they say that they can see my payment being blocked. But they also see that there is another payment attempt, in the same time I have tried to pay. So it's like every time I want to buy something online with paypal some malware is trying to make another payment in the same time. Fortunately paypal is blocking all transactions like that. 

It must be some malware or browser error (maybe it was because of outdated flash?) as Papal says everything is OK with my account. 
 

 

ESET scan has found:
 
C:\System Volume Information\_restore{0EF5F4F5-7615-4D58-A2E1-AF95A13EF5E2}\RP765\A0349220.msi a variant of MSIL/Toolbar.Linkury.G potentially unwanted application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users