Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow, browsing nearly impossible. Where to start cleaning it?


  • This topic is locked This topic is locked
13 replies to this topic

#1 lukasbck

lukasbck

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 05 December 2015 - 08:10 PM

Hi!

Please guide me to clean up my laptop. It is very slow.

Windows XP is in Polish but I would be happy to translate if anything in the logs is not understandable.

 

 

 

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-12-2015
Uruchomiony przez Administrator (administrator)  LAPTOP (06-12-2015 01:49:29)
Uruchomiony z C:\Documents and Settings\Administrator\Pulpit
Załadowane profile: Administrator (Dostępne profile: Lucas & Administrator)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski
Internet Explorer Wersja 6 (Domyślna przeglądarka: IE)
Tryb startu: Safe Mode (minimal)
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)



==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12] (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2012-08-17] (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13] (Logitech, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Brak pliku
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Brak pliku
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Brak pliku
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Brak pliku
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Install LastPass FF RunOnce.lnk [2015-02-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()
Startup: C:\Documents and Settings\Lucas\Menu Start\Programy\Autostart\Logitech . Rejestracja produktu.lnk [2015-10-20]
ShortcutTarget: Logitech . Rejestracja produktu.lnk -> C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5A10157A-3981-439B-A8D9-4777E51E2D33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9ED2DA61-5618-4856-B1DE-5E8903E18005}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B4BB6B91-6CE9-4AE0-8A19-00B31A592036}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F42B2104-99BE-48A4-8C48-EEAA7B34138A}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: [S-1-5-21-436374069-764733703-1343024091-500] UWAGA => Brak domyślnego URLSearchHook
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA
SearchScopes: HKLM -> DefaultScope - brak wartości
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2012-08-17] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-07-07] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-08] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2012-08-17] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-08] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-08-17] (Kaspersky Lab ZAO)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2013-01-04] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\LastPass\nplastpass.dll [2015-02-25] (LastPass)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-25] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-07-07]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-18] (Kaspersky Lab ZAO)
S2 FoxitCloudUpdateService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.) [Brak podpisu cyfrowego]
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-02-15] (Google Inc.) [Brak podpisu cyfrowego]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-02-15] (Google Inc.) [Brak podpisu cyfrowego]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2013-01-08] (Oracle Corporation)
S3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [293144 2014-03-24] (Logitech, Inc.) [Brak podpisu cyfrowego]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [147624 2015-10-20] (Mozilla Foundation) [Brak podpisu cyfrowego]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [160944 2012-11-09] (Skype Technologies) [Brak podpisu cyfrowego]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 aliadwdm; C:\WINDOWS\System32\drivers\ac97ali.sys [231552 2002-08-29] (Acer Laboratories Inc.)
S3 AR5523; C:\WINDOWS\System32\DRIVERS\ar5523.sys [285568 2005-02-24] (Atheros Communications, Inc.) [Brak podpisu cyfrowego]
S3 ATHFMWDL; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [43392 2005-02-24] (Windows ® 2000 DDK provider) [Brak podpisu cyfrowego]
R0 caboagp; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [23570 2002-08-30] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-02-06] (Logitech Inc.)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 HSFHWALI; C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys [160640 2003-03-06] (Conexant Systems, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [591968 2013-07-07] (Kaspersky Lab ZAO)
S3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24408 2013-02-18] (Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24920 2013-02-18] (Kaspersky Lab)
S1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-07-07] (Kaspersky Lab ZAO)
S1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-07-07] (Kaspersky Lab ZAO)
S2 LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [10136 2014-03-19] (Logitech, Inc.) [Brak podpisu cyfrowego]
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-02-06] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [Brak podpisu cyfrowego]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1195200 2011-12-23] (Ralink Technology, Corp.)
S1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [Brak podpisu cyfrowego]
S2 StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [22400 2003-03-06] (Conexant Systems, Inc.)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; Brak ImagePath
S4 IntelIde; Brak ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-07-07] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-06 01:49 - 2015-12-06 01:50 - 00013969 _____ C:\Documents and Settings\Administrator\Pulpit\FRST.txt
2015-12-06 01:49 - 2015-12-06 01:37 - 01719808 _____ (Farbar) C:\Documents and Settings\Administrator\Pulpit\FRST.exe
2015-12-06 01:44 - 2015-12-06 01:49 - 00000000 ____D C:\FRST
2015-12-06 01:37 - 2015-12-06 01:37 - 01719808 _____ (Farbar) C:\Documents and Settings\Lucas\Pulpit\FRST.exe
2015-12-06 01:25 - 2015-12-06 01:25 - 05639148 _____ (Swearware) C:\Documents and Settings\Lucas\Pulpit\ComboFix.exe
2015-12-06 01:23 - 2015-12-06 01:23 - 30221752 _____ (Adlice Software ) C:\Documents and Settings\Lucas\Pulpit\setup.exe
2015-12-06 01:18 - 2015-12-06 01:18 - 01309184 _____ C:\Documents and Settings\Lucas\Pulpit\zoek.exe
2015-12-06 01:15 - 2015-12-06 01:15 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Lucas\Pulpit\mbam-setup-2.2.0.1024.exe
2015-12-06 01:14 - 2015-12-06 01:14 - 01599336 _____ (Malwarebytes) C:\Documents and Settings\Lucas\Pulpit\JRT.exe
2015-12-06 01:12 - 2015-12-06 01:12 - 01736704 _____ C:\Documents and Settings\Lucas\Pulpit\adwcleaner_5.023.exe
2015-12-06 00:23 - 2015-12-06 00:23 - 00000385 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do moje hasla.txt.lnk
2015-12-06 00:23 - 2015-12-06 00:23 - 00000371 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do sklepy.txt.lnk

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-06 01:50 - 2015-07-16 15:46 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\temp
2015-12-06 01:49 - 2015-07-16 15:46 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit
2015-12-06 01:48 - 2015-07-16 15:46 - 00424050 _____ C:\WINDOWS\ntbtlog.txt
2015-12-06 01:46 - 2012-12-20 20:01 - 00000188 ___SH C:\Documents and Settings\Lucas\ntuser.ini
2015-12-06 01:46 - 2012-12-20 20:00 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-06 01:46 - 2012-12-20 19:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-06 01:46 - 2001-01-01 00:45 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\temp
2015-12-06 01:44 - 2012-12-20 19:32 - 00000000 ____D C:\WINDOWS
2015-12-06 01:37 - 2015-02-25 20:32 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\LastPass
2015-12-06 01:37 - 2012-12-20 20:01 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit
2015-12-06 01:28 - 2015-03-12 03:49 - 00000514 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-436374069-764733703-1343024091-1003.job
2015-12-06 01:28 - 2015-02-15 21:53 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 01:02 - 2013-06-16 11:45 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Thunderbird
2015-12-06 01:02 - 2012-12-20 20:01 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji
2015-12-06 00:28 - 2015-02-15 21:53 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 23:20 - 2012-12-20 18:40 - 01089416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-05 23:20 - 2001-10-26 17:15 - 00491314 _____ C:\WINDOWS\system32\perfh015.dat
2015-12-05 23:20 - 2001-10-26 17:15 - 00084526 _____ C:\WINDOWS\system32\perfc015.dat
2015-12-05 23:20 - 2001-07-21 23:17 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl

==================== Pliki w katalogu głównym wybranych folderów =======

2015-02-25 20:33 - 2015-02-25 20:33 - 10392120 _____ () C:\Program Files\Common Files\lpuninstall.exe

Niektóre pliki w TEMP:
====================
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\AtiCimUn.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\Checkupdate.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\Foxit Reader Updater.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\Foxit Updater.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\gcapi_dll.dll
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\gtapi_signed.dll
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\pc-cleaner-setup.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\SetupVoipConnect-FreeCall.exe
C:\Documents and Settings\Lucas\Ustawienia lokalne\temp\WdfCoInstaller01009.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

==================== Koniec  FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 08 December 2015 - 11:44 AM


:welcome:

Hello lukasbck,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 10 December 2015 - 06:32 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 12 December 2015 - 07:31 AM

Hi, Im sorry for the delay.

 

I have WindowsXP - should I run all your tools in safe mode?
Here is a log. Let me know if you need any translation.


 Results of screen317's Security Check version 1.009  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO jest wyłączone.
K
a
s
p
e
r
s
k
y
ECHO jest wyłączone.
I
n
t
e
r
n
e
t
ECHO jest wyłączone.
S
e
c
u
r
i
t
y
ECHO jest wyłączone.
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 10  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     10.3.183.7 Flash Player out of Date!  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 



#5 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 12 December 2015 - 08:15 AM


Hello lukasbck,

run / boot the pc in normal mode!

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 13 December 2015 - 10:16 AM

MBAR didn't find any malware.

AdwCleaner either.

 

# AdwCleaner v5.024 - Utworzono raport 13/12/2015 o 16:09:50
# Ostatnia aktualizacja 07/12/2015 przez Xplode
# Baza danych : 2015-12-12.1 [Serwer]
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (x86)
# Nazwa użytkownika : Lucas - LAPTOP
# Lokalizacja programu : C:\Documents and Settings\Lucas\Pulpit\AdwCleaner.exe
# Działanie : Skanuj
# Wsparcie : http://toolslib.net/forum

***** [ Usługi ] *****


***** [ Foldery ] *****


***** [ Pliki ] *****


***** [ DLL ] *****


***** [ Skróty ] *****


***** [ Zaplanowane zadania ] *****


***** [ Rejestr ] *****


***** [ Przeglądarki internetowe ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [661 bajty] ##########
 



#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 13 December 2015 - 10:27 AM


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

***


We need the pc to run in normal mode!

Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 16 December 2015 - 09:56 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 16 December 2015 - 01:03 PM

Hi!
I'm sorry for late reply.
 
JRT didn't find anything.
FSRT had an error during the scan:

"Line 17822 

Incorrect number of parameters in function call"
but managed to generate a log.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by Lucas (Administrator) on 2015-12-16 at 18:36:55,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-16 at 18:38:59,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:16-12-2015 01
Uruchomiony przez Lucas (administrator)  LAPTOP (16-12-2015 18:46:01)
Uruchomiony z C:\Documents and Settings\Lucas\Pulpit
Załadowane profile: Lucas (Dostępne profile: Lucas & Administrator)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski
Internet Explorer Wersja 6 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12] (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2012-08-17] (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13] (Logitech, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Lucas\Dane aplikacji\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Lucas\Dane aplikacji\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Lucas\Dane aplikacji\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Lucas\Dane aplikacji\Dropbox\bin\DropboxExt.19.dll [2013-05-25] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Install LastPass FF RunOnce.lnk [2015-02-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5A10157A-3981-439B-A8D9-4777E51E2D33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9ED2DA61-5618-4856-B1DE-5E8903E18005}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B4BB6B91-6CE9-4AE0-8A19-00B31A592036}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F42B2104-99BE-48A4-8C48-EEAA7B34138A}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-436374069-764733703-1343024091-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-436374069-764733703-1343024091-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-436374069-764733703-1343024091-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-436374069-764733703-1343024091-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA
SearchScopes: HKLM -> DefaultScope - brak wartości
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2012-08-17] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-07-07] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-08] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2012-08-17] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-08] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-08-17] (Kaspersky Lab ZAO)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\yb2i4bxv.default
FF NewTab: about:newtab
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2013-01-04] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-08] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\LastPass\nplastpass.dll [2015-02-25] (LastPass)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-436374069-764733703-1343024091-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\Citrix\Plugins\104\npappdetector.dll [2015-03-12] (Citrix Online)
FF Extension: LastPass - C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\yb2i4bxv.default\extensions\support@lastpass.com [2015-12-06]
FF Extension: British English Dictionary (Updated) - C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\yb2i4bxv.default\Extensions\en-gb@flyingtophat.co.uk [2015-01-06] [Brak podpisu cyfrowego]
FF Extension: Diccionario de Español/España - C:\Documents and Settings\Lucas\Dane aplikacji\Mozilla\Firefox\Profiles\yb2i4bxv.default\Extensions\es-es@dictionaries.addons.mozilla.org [2015-07-16] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-25] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-07-07] [Brak podpisu cyfrowego]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-07-07]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S3 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-18] (Kaspersky Lab ZAO)
S2 FoxitCloudUpdateService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.) [Brak podpisu cyfrowego]
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-02-15] (Google Inc.) [Brak podpisu cyfrowego]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-02-15] (Google Inc.) [Brak podpisu cyfrowego]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2013-01-08] (Oracle Corporation)
S3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [293144 2014-03-24] (Logitech, Inc.) [Brak podpisu cyfrowego]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [147624 2015-10-20] (Mozilla Foundation) [Brak podpisu cyfrowego]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [160944 2012-11-09] (Skype Technologies) [Brak podpisu cyfrowego]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 aliadwdm; C:\WINDOWS\System32\drivers\ac97ali.sys [231552 2002-08-29] (Acer Laboratories Inc.)
S3 AR5523; C:\WINDOWS\System32\DRIVERS\ar5523.sys [285568 2005-02-24] (Atheros Communications, Inc.) [Brak podpisu cyfrowego]
S3 ATHFMWDL; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [43392 2005-02-24] (Windows ® 2000 DDK provider) [Brak podpisu cyfrowego]
R0 caboagp; C:\WINDOWS\System32\DRIVERS\atisgkaf.sys [23570 2002-08-30] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-02-06] (Logitech Inc.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 HSFHWALI; C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys [160640 2003-03-06] (Conexant Systems, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [591968 2013-07-07] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24408 2013-02-18] (Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24920 2013-02-18] (Kaspersky Lab)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145040 2013-07-07] (Kaspersky Lab ZAO)
R2 LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [10136 2014-03-19] (Logitech, Inc.) [Brak podpisu cyfrowego]
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-02-06] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [Brak podpisu cyfrowego]
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1195200 2011-12-23] (Ralink Technology, Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [Brak podpisu cyfrowego]
R2 StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [22400 2003-03-06] (Conexant Systems, Inc.)
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 hpt3xx; Brak ImagePath
S4 IntelIde; Brak ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-07-07] (Kaspersky Lab ZAO)
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-16 18:40 - 2015-12-16 18:46 - 00015567 _____ C:\Documents and Settings\Lucas\Pulpit\FRST.txt
2015-12-16 18:39 - 2015-12-16 18:39 - 00000552 _____ C:\Documents and Settings\Lucas\Pulpit\JRT.txt
2015-12-16 18:39 - 2015-12-16 18:39 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit\FRST-OlderVersion
2015-12-13 16:08 - 2015-12-13 16:08 - 01738240 _____ C:\Documents and Settings\Lucas\Pulpit\AdwCleaner.exe
2015-12-13 15:28 - 2015-12-13 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable)
2015-12-13 15:28 - 2015-12-13 15:28 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-12-13 15:25 - 2015-12-13 16:03 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit\mbar
2015-12-13 15:25 - 2015-12-13 15:25 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-13 15:24 - 2015-12-13 15:24 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Lucas\Pulpit\mbar-1.09.3.1001.exe
2015-12-12 13:26 - 2015-12-12 13:26 - 00852720 _____ C:\Documents and Settings\Lucas\Pulpit\SecurityCheck.exe
2015-12-06 12:26 - 2015-12-06 12:26 - 00000034 _____ C:\Documents and Settings\Lucas\Pulpit\giftkarty.txt
2015-12-06 11:28 - 2015-12-06 11:28 - 00000000 ___SD C:\ComboFix
2015-12-06 11:27 - 2015-12-06 11:27 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Moje wideo
2015-12-06 11:27 - 2015-12-06 11:27 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy
2015-12-06 11:27 - 2015-12-06 11:27 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka
2015-12-06 11:27 - 2015-12-06 11:27 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Narzędzia administracyjne
2015-12-06 04:56 - 2015-12-06 04:56 - 00000718 _____ C:\Documents and Settings\All Users\Pulpit\RogueKiller.lnk
2015-12-06 04:56 - 2015-12-06 04:56 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-06 04:56 - 2015-12-06 04:56 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\RogueKiller
2015-12-06 04:54 - 2015-12-16 18:46 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\temp
2015-12-06 04:54 - 2015-12-06 11:28 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp
2015-12-06 04:54 - 2015-12-06 04:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2015-12-06 04:54 - 2015-12-06 04:54 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2015-12-06 04:54 - 2015-12-06 04:54 - 00000000 ____D C:\Documents and Settings\Default User\Ustawienia lokalne\temp
2015-12-06 04:54 - 2015-12-06 04:32 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-12-06 04:32 - 2015-12-06 04:30 - 00000222 _____ C:\Documents and Settings\Administrator\Pulpit\zoek script.txt
2015-12-06 04:30 - 2015-12-06 04:48 - 00000000 ____D C:\zoek_backup
2015-12-06 04:17 - 2015-12-06 01:18 - 01309184 _____ C:\Documents and Settings\Administrator\Pulpit\zoek.exe
2015-12-06 04:16 - 2015-12-06 01:14 - 01599336 _____ (Malwarebytes) C:\Documents and Settings\Administrator\Pulpit\JRT.exe
2015-12-06 03:50 - 2015-12-13 16:16 - 00000000 ____D C:\AdwCleaner
2015-12-06 03:48 - 2015-12-06 03:48 - 00000690 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do II - Shipping Notification.txt.lnk
2015-12-06 03:48 - 2015-12-06 03:48 - 00000690 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do I - Thank You For Purchase.txt.lnk
2015-12-06 03:48 - 2015-12-06 03:48 - 00000672 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do III - After Delivery.txt.lnk
2015-12-06 01:54 - 2015-12-06 01:12 - 01736704 _____ C:\Documents and Settings\Administrator\Pulpit\adwcleaner_5.023.exe
2015-12-06 01:51 - 2015-12-06 01:51 - 00032598 _____ C:\Documents and Settings\Administrator\Pulpit\Addition.txt
2015-12-06 01:49 - 2015-12-06 01:51 - 00019162 _____ C:\Documents and Settings\Administrator\Pulpit\FRST.txt
2015-12-06 01:49 - 2015-12-06 01:37 - 01719808 _____ (Farbar) C:\Documents and Settings\Administrator\Pulpit\FRST.exe
2015-12-06 01:44 - 2015-12-16 18:45 - 00000000 ____D C:\FRST
2015-12-06 01:37 - 2015-12-16 18:39 - 01721344 _____ (Farbar) C:\Documents and Settings\Lucas\Pulpit\FRST.exe
2015-12-06 01:25 - 2015-12-06 01:25 - 05639148 ____R (Swearware) C:\Documents and Settings\Lucas\Pulpit\ComboFix.exe
2015-12-06 01:18 - 2015-12-06 01:18 - 01309184 _____ C:\Documents and Settings\Lucas\Pulpit\zoek.exe
2015-12-06 01:14 - 2015-12-06 01:14 - 01599336 _____ (Malwarebytes) C:\Documents and Settings\Lucas\Pulpit\JRT.exe
2015-12-06 00:23 - 2015-12-06 00:23 - 00000385 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do moje hasla.txt.lnk
2015-12-06 00:23 - 2015-12-06 00:23 - 00000371 _____ C:\Documents and Settings\Lucas\Pulpit\Skrót do sklepy.txt.lnk

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-12-16 18:46 - 2012-12-20 20:01 - 00000000 ____D C:\Documents and Settings\Lucas\Pulpit
2015-12-16 18:42 - 2015-02-25 20:32 - 00000000 ____D C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji\LastPass
2015-12-16 18:31 - 2015-02-15 21:53 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-16 18:30 - 2015-03-12 03:49 - 00000514 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-436374069-764733703-1343024091-1003.job
2015-12-13 16:26 - 2012-12-20 20:01 - 00000188 ___SH C:\Documents and Settings\Lucas\ntuser.ini
2015-12-13 16:26 - 2012-12-20 20:00 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-13 16:18 - 2012-12-20 20:01 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne\Dane aplikacji
2015-12-13 16:18 - 2001-07-21 23:17 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-13 15:28 - 2012-12-20 18:39 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2015-12-13 15:23 - 2012-12-20 18:39 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2015-12-13 15:23 - 2012-12-20 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2015-12-06 12:47 - 2013-06-16 11:45 - 00000000 ____D C:\Documents and Settings\Lucas\Dane aplikacji\Thunderbird
2015-12-06 12:40 - 2015-07-16 15:46 - 01045042 _____ C:\WINDOWS\ntbtlog.txt
2015-12-06 11:46 - 2015-07-16 15:47 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-12-06 11:27 - 2015-07-16 15:46 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy
2015-12-06 11:27 - 2015-07-16 15:46 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty
2015-12-06 04:57 - 2015-07-16 15:46 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit
2015-12-06 04:55 - 2015-07-16 15:46 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne
2015-12-06 04:55 - 2012-12-20 19:32 - 00000000 ____D C:\WINDOWS
2015-12-06 04:54 - 2012-12-20 20:01 - 00000000 ___HD C:\Documents and Settings\Lucas\Ustawienia lokalne
2015-12-06 04:54 - 2012-12-20 20:00 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne
2015-12-06 04:54 - 2012-12-20 20:00 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne
2015-12-06 04:54 - 2012-12-20 18:39 - 00000000 __RHD C:\Documents and Settings\Default User\Ustawienia lokalne
2015-12-06 04:48 - 2012-12-20 20:01 - 00000000 __RHD C:\Documents and Settings\Lucas\Dane aplikacji
2015-12-06 04:03 - 2012-12-20 20:01 - 00000000 ___RD C:\Documents and Settings\Lucas\Menu Start\Programy\Autostart
2015-12-05 23:20 - 2012-12-20 18:40 - 01089416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-05 23:20 - 2001-10-26 17:15 - 00491314 _____ C:\WINDOWS\system32\perfh015.dat
2015-12-05 23:20 - 2001-10-26 17:15 - 00084526 _____ C:\WINDOWS\system32\perfc015.dat



#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 16 December 2015 - 01:14 PM

Hello lukasbck,

n1eMMmT.jpg Download Windows Repair (all in one) from this site
Install and then run the program.
On the Start Repairs tab click Start DwysfIW.jpg
When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.
Now press Start

---

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u**-windows-i586.exe or Windows x64: jre-8u**-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 17 December 2015 - 08:28 PM

- Windows repair DONE

- Java updated

- When I launch Malwarebytes' Anti-Malware I get an error "application wasn't initiated correctly (0xc000001s)" and it's not starting. I have tried in normal and safe modes.

- ESET didn't find any threats
 



#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 18 December 2015 - 04:52 AM

Hello lukasbck,

It Appears That Your Pc Is Clean!

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.
 

***


Clean up:


***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
EmptyTemp:
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download Delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP is no longer supported from MS.
    This is a security risk anyway.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
You could install Malwarebytes Anti-Exploit.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
http://www.bleepingcomputer.com/download/secunia-psi/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 lukasbck

lukasbck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 20 December 2015 - 09:50 AM

Hi,

 

Thank you for help and tips.

It seems not to much can be done with this computer. I would normally format it and start from the scratch. The thing is, that this comp has been formatted lately. Perhaps windows Vista installation will help.

 

Thanks again.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 20 December 2015 - 10:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users