Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Web browsers don't work [Closed]

Started by sofad , Jan 02 2013 02:05 AM

  • This topic is locked This topic is locked

#1
sofad
Posted 02 January 2013 - 02:05 AM

sofad

    Member

  • Member
  • PipPip
  • 12 posts
Hello everyone.
2 days ago my brother downloaded some program from dobreprogramy.pl. During the installation he noticed that there was something fishy about it (Google chrome went crash, the process was taking much too long than it should have). After that no web browser would open (there were no errors etc.). We restarted the computer but it didn't help. Google chrome, Mozilla Firefox and Internet explorer don't work.

I scanned the system a few times with Malwerabytes Anti-Malware, and each time it found some suspicious files, which I deleted. I installed a new browser - Opera - and, surprisingly, it works.

I noticed, that I also have quite a lot (at the moment - seven) processes svchost running. Don't know if it's normal.

Also, I get reports from Malwerabytes Anti-Malware that it have "blocked access to suspicious address/web: here is IP (always different). Type: outgoing.

Here is my OTL log:

OTL logfile created on: 2013-01-02 08:17:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\xyz\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,19% Memory free
3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,75 Gb Total Space | 83,12 Gb Free Space | 35,71% Space Free | Partition Type: NTFS

Computer Name: DOM | User Name: xyz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012-12-30 21:08:08 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012-12-30 19:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xyz\Pulpit\OTL.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-11-17 22:32:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-09-19 15:50:47 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\ContinueToSave\ContinueToSave.exe
PRC - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe
PRC - [2012-07-03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-06-05 14:46:38 | 006,380,440 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011-12-29 15:38:24 | 000,535,665 | ---- | M] () -- C:\Documents and Settings\xyz\Pulpit\memBoost-1-7-9-1798\memBoost.exe
PRC - [2011-12-09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2004-08-03 22:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-01-01 17:54:08 | 002,042,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010101\algo.dll
MOD - [2012-12-12 19:56:49 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012-09-19 15:50:47 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\ContinueToSave\ContinueToSave.exe
MOD - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe
MOD - [2011-12-29 15:38:24 | 000,535,665 | ---- | M] () -- C:\Documents and Settings\xyz\Pulpit\memBoost-1-7-9-1798\memBoost.exe
MOD - [2004-12-26 19:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004-08-03 22:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-12-12 19:56:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-17 22:32:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aeowfpq4)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-09-22 17:34:35 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-09-04 20:42:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012-09-04 20:42:52 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012-07-04 07:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012-07-03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-07-03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-07-03 17:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-07-03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-07-03 17:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-05-30 14:38:06 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-05-24 18:50:07 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011-03-30 19:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2008-11-11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-11-11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-11-11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-02-14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-09-22 21:00:38 | 000,040,448 | R--- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDIS)
DRV - [2005-08-10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-08-03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2001-08-17 19:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKLM\..\SearchScopes\{73D4B2D3-7F75-401E-98F7-A37998ACCC25}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...d0-000d88b38ac7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000d88b38ac7
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{DE99C4C5-FCA6-4E20-9832-943F580E1475}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\..\SearchScopes\{F4D477BC-CC15-4586-82F7-3181EB74CE7D}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "error"
FF - prefs.js..browser.search.defaultenginename: "error"
FF - prefs.js..browser.search.order.1: "error"
FF - prefs.js..keyword.URL: "error"
FF - prefs.js..browser.search.selectedEngine: "error"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-15 12:31:45 | 000,000,000 | ---D | M]

[2012-07-12 13:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xyz\Dane aplikacji\Mozilla\Extensions
[2012-12-30 18:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xyz\Dane aplikacji\Mozilla\Firefox\Profiles\ys8g0vhi.default\extensions
[2012-12-30 18:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xyz\Dane aplikacji\Mozilla\Firefox\Profiles\ys8g0vhi.default\extensions\staged
[2012-10-12 16:33:39 | 000,002,546 | ---- | M] () -- C:\Documents and Settings\xyz\Dane aplikacji\Mozilla\Firefox\Profiles\ys8g0vhi.default\searchplugins\browsemngr.xml
[2012-09-16 17:11:14 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\xyz\Dane aplikacji\Mozilla\Firefox\Profiles\ys8g0vhi.default\searchplugins\startsear.xml
[2012-12-30 21:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-12 13:29:47 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{1a1aef3f-fe06-1fbb-e442-3e9dc304132b}
[2012-01-02 10:48:42 | 000,083,456 | ---- | M] (StartSearch ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012-10-12 16:32:32 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-07-17 08:47:26 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...000000d88b38ac7
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylo...000000d88b38ac7
CHR - plugin: Pierwszy u\u017Cytkownik (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: StartSearch Video plug-in = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Save now = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mannpnhhoofjcofbpafgnmnciileklga\3.4_0\
CHR - Extension: LiveVDO plugin = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\
CHR - Extension: Vid-Saver = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.61_0\crossrider
CHR - Extension: Vid-Saver = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.61_0\
CHR - Extension: Gmail = C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012-12-30 19:22:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\xyz\Menu Start\Programy\Autostart\Registration Brothers In Arms EiB.LNK = File not found
O4 - Startup: C:\Documents and Settings\xyz\Menu Start\Programy\Autostart\Rizone Memory Booster.lnk = C:\Documents and Settings\xyz\Pulpit\memBoost-1-7-9-1798\memBoost.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.249.1.58 80.249.5.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E819C4A-FB01-4996-AC28-4C62407E1666}: DhcpNameServer = 80.249.1.58 80.249.5.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\PROGRA~1\CONTIN~1\sprotector.dll) - c:\Program Files\ContinueToSave\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-20 17:53:26 | 000,000,331 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-05-20 17:53:26 | 000,000,160 | ---- | M] () - C:\AUTOEXEC.CMI -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012-12-30 21:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
[2012-12-30 21:09:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-12-30 21:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\Opera
[2012-12-30 21:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xyz\Dane aplikacji\Opera
[2012-12-30 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012-12-30 19:56:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xyz\Pulpit\OTL.exe
[2012-12-30 19:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xyz\Dane aplikacji\Malwarebytes
[2012-12-30 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2012-12-30 19:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-12-30 19:42:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-12-30 19:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-12-30 19:14:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-12-30 19:00:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-12-30 19:00:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-12-30 19:00:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-12-30 19:00:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-12-30 19:00:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-30 19:00:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\xyz\Menu Start\Programy\Narzędzia administracyjne
[2012-12-30 19:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-12-30 18:59:51 | 005,015,826 | R--- | C] (Swearware) -- C:\Documents and Settings\xyz\Pulpit\ComboFix.exe
[2012-12-30 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium
[2012-12-30 18:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\ContinueToSave
[2012-12-30 18:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\continuetosave
[2012-12-30 18:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2012-12-30 18:24:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012-12-30 18:24:08 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012-12-30 18:24:07 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2012-12-30 11:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012-12-30 11:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CPUID
[2012-12-29 10:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xyz\Dane aplikacji\Skype
[2012-12-29 10:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012-12-29 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype
[2012-12-29 10:33:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012-12-29 10:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype
[2012-12-28 10:59:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012-12-28 10:59:44 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012-12-28 10:59:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012-12-28 10:59:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012-12-28 10:59:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012-12-28 10:59:40 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012-12-28 10:59:38 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012-12-28 10:59:35 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012-12-28 10:59:34 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012-12-28 10:59:29 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012-12-28 10:59:22 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012-12-28 10:59:22 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012-12-28 10:59:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012-12-28 10:59:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012-12-28 10:59:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012-12-28 10:59:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2012-12-28 10:59:21 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2012-12-28 10:59:21 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012-12-28 10:59:21 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012-12-28 10:59:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012-12-28 10:59:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012-12-28 10:59:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2012-12-28 10:59:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012-12-28 10:59:15 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013-01-02 08:16:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-01-02 08:09:38 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013-01-02 08:09:36 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-01-02 08:09:35 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\ContinueToSaveUpdaterTask{6E16BE7E-B8F2-4792-8814-56C9CEA759D0}.job
[2013-01-02 08:09:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-01-01 15:54:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-01-01 10:56:08 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-12-31 15:21:13 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-12-30 21:08:15 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-30 19:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xyz\Pulpit\OTL.exe
[2012-12-30 19:22:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-12-30 19:14:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-12-30 18:51:52 | 005,015,826 | R--- | M] (Swearware) -- C:\Documents and Settings\xyz\Pulpit\ComboFix.exe
[2012-12-30 11:02:34 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-30 21:11:52 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-30 21:11:51 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-30 21:08:15 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk
[2012-12-30 21:08:15 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2012-12-30 19:14:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-12-30 19:14:35 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-12-30 19:00:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-12-30 19:00:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-12-30 19:00:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-12-30 19:00:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-12-30 19:00:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-12-30 18:26:07 | 000,000,558 | -H-- | C] () -- C:\WINDOWS\tasks\ContinueToSaveUpdaterTask{6E16BE7E-B8F2-4792-8814-56C9CEA759D0}.job
[2012-12-30 11:02:34 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk
[2012-12-29 10:33:31 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-09-04 20:42:52 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012-09-04 20:42:52 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012-08-20 15:36:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-08-20 15:33:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-16 16:08:35 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-06-08 13:31:46 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-06-08 13:29:43 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-06-08 13:29:42 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\xyz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-29 15:08:43 | 000,000,298 | ---- | C] () -- C:\WINDOWS\game.ini
[2012-05-26 08:25:00 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-05-26 08:25:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\xyz\Dane aplikacji\PnkBstrK.sys
[2012-05-26 08:24:41 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-05-26 08:24:40 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-05-20 21:17:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012-05-20 21:03:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012-05-20 21:01:44 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2012-05-20 19:21:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-05-20 19:18:43 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-20 17:55:48 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-05-20 17:39:27 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012-05-20 17:39:19 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012-05-20 17:39:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012-05-20 17:39:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012-05-20 17:39:15 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012-05-20 17:30:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-05-20 17:26:48 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-05-20 17:41:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-03 22:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 22:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 22:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 02 January 2013 - 02:08 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
sofad
Posted 02 January 2013 - 04:11 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you Gringo for help :)

Here is the content of the checkup.txt:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO jest wyˆĄczone.
a
v
a
s
t
!
ECHO jest wyˆĄczone.
A
n
t
i
v
i
r
u
s
ECHO jest wyˆĄczone.
K
a
s
p
e
r
s
k
y
ECHO jest wyˆĄczone.
A
n
t
i
V
i
r
u
s
ECHO jest wyˆĄczone.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware wersja 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 7 Adobe Reader out of Date!
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
  • 0

#4
sofad
Posted 02 January 2013 - 04:19 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile from Adwcleaner:

# AdwCleaner v2.104 - Log utworzony 02/01/2013 o 11:14:51
# Aktualizacja 29/12/2012 przez Xplode
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 2 (32 bits)
# Użytkownik : xyz - DOM
# Tryb uruchomienia : Normalny
# Ścieżka : C:\Documents and Settings\xyz\Pulpit\adwcleaner.exe
# Opcja [Usuń]

***** [Usługi] *****


***** [Pliki / Foldery] *****

Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
Folder Usunięto : C:\Documents and Settings\xyz\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\xyz\Dane aplikacji\yourfiledownloader
Folder Usunięto : C:\Program Files\BabylonToolbar
Folder Usunięto : C:\Program Files\Browsers Protector
Folder Usunięto : C:\Program Files\yourfiledownloader
Plik Usunięto : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Plik Usunięto : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Plik Usunięto : C:\Program Files\Mozilla firefox\searchplugins\v9.xml
Usunięto po restarcie : C:\Documents and Settings\All Users\Dane aplikacji\Premium

***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\536d98be23fee14
Klucz Usunięto : HKCU\Software\APN PIP
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\InstalledBrowserExtensions
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klucz Usunięto : HKCU\Software\StartSearch
Klucz Usunięto : HKCU\Software\SweetIM
Klucz Usunięto : HKLM\SOFTWARE\536d98be23fee14
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\BabylonToolbar
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Klucz Usunięto : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LiveVDO plugin
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\startsearch Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Klucz Usunięto : HKLM\Software\PIP
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browsers Protector]

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v6.0.2900.2180

Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/?aff=1&cf=719e6374-cc18-11e1-8cd0-000d88b38ac7 --> hxxp://www.google.com

-\\ Opera v12.12.1707.0

Plik : C:\Documents and Settings\xyz\Dane aplikacji\Opera\Opera\operaprefs.ini

[OK] Plik w porządku.

*************************

AdwCleaner[S1].txt - [5401 octets] - [02/01/2013 11:14:51]

########## EOF - C:\AdwCleaner[S1].txt - [5461 octets] ##########
  • 0

#5
sofad
Posted 02 January 2013 - 04:22 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Log file from RogueKiller :

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Dodatek Service Pack 2) 32 bits version
Started in : Normal mode
User : xyz [Admin rights]
Mode : Remove -- Date : 01/02/2013 11:21:22

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] ContinueToSave.exe -- C:\Documents and Settings\All Users\Dane aplikacji\Premium\ContinueToSave\ContinueToSave.exe -> KILLED [TermProc]
[SUSP PATH] memBoost.exe -- C:\Documents and Settings\xyz\Pulpit\memBoost-1-7-9-1798\memBoost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] ContinueToSaveUpdaterTask{6E16BE7E-B8F2-4792-8814-56C9CEA759D0}.job : C:\Documents and Settings\All Users\Dane aplikacji\Premium\ContinueToSave\ContinueToSave.exe /schedule /profilepath "C:\Documents and Settings\All Users\Dane aplikacji\Premium\ContinueToSave\profile.ini" -> DELETED
[STARTUP][SUSP PATH] Rizone Memory Booster.lnk @xyz : C:\Documents and Settings\xyz\Pulpit\memBoost-1-7-9-1798\memBoost.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3250310AS +++++
--- User ---
[MBR] 5da1089fde43848a58c20e87dd7afc38
[BSP] 29041e276c08a468bd8813171387b66f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238331 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01022013_02d1121.txt >>
RKreport[1]_S_01022013_02d1120.txt ; RKreport[2]_D_01022013_02d1121.txt
  • 0

#6
sofad
Posted 02 January 2013 - 04:58 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK, so I followed the instruction. Internet Explorer works fine, so does Opera. But Google Chrome won't run. Don't know if it's still because of some virus.

I still have seven svchost processes running. But I don't know whether its relevant, so...

But apart from that, the system works fine, and the web browsers that will open, run faster than they did before (as far as I can tell).

I am not sure if the virus has been completely removed from my system, so if you have any other suggestions then I will be grateful.

Anyway, thanks a lot for help :)
  • 0

#7
gringo_pr
Posted 02 January 2013 - 12:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
gringo_pr
Posted 04 January 2013 - 10:37 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#9
sofad
Posted 05 January 2013 - 02:01 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,

I had to go away from home for a couple of days. I should give you update on the situation today evening.
  • 0

#10
gringo_pr
Posted 05 January 2013 - 08:28 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No problem and thanks for letting me know



gringo
  • 0

Advertisements

#11
gringo_pr
Posted 08 January 2013 - 10:37 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#12
sofad
Posted 10 January 2013 - 03:42 PM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,

Finally I can update you with the Combofix log. Sorry it took so long.

Apart from Opera and Internet Explorer, the web browsers still don't work.

ComboFix 13-01-08.01 - xyz 2013-01-09 21:31:45.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1511 [GMT 1:00]
Uruchomiony z: c:\documents and settings\xyz\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-12-09 do 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-04 12:10 . 2013-01-04 12:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-03 21:23 . 2013-01-03 21:23 -------- d-----w- c:\documents and settings\xyz\Ustawienia lokalne\Dane aplikacji\VS Revo Group
2013-01-03 21:22 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-03 21:22 . 2013-01-03 21:22 -------- d-----w- c:\program files\VS Revo Group
2013-01-03 09:28 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-01-03 09:28 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\documents and settings\xyz\Ustawienia lokalne\Dane aplikacji\Opera
2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\program files\Opera
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\documents and settings\xyz\Dane aplikacji\Malwarebytes
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-30 18:42 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-30 17:25 . 2012-12-30 17:25 -------- d-----w- c:\program files\ContinueToSave
2012-12-30 17:25 . 2012-12-30 17:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\continuetosave
2012-12-30 17:24 . 2001-10-26 16:29 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-12-30 17:24 . 2004-08-03 23:44 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-12-30 17:24 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-12-30 17:24 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-12-30 10:02 . 2012-12-30 10:02 -------- d-----w- c:\program files\CPUID
2012-12-29 09:33 . 2013-01-09 09:06 -------- d-----w- c:\documents and settings\xyz\Dane aplikacji\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----w- c:\program files\Common Files\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----r- c:\program files\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2012-12-12 21:17 . 2012-12-12 21:17 -------- d-----w- c:\windows\USB Vibration
2012-12-12 21:17 . 2012-12-12 21:17 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\Setup.dll
2012-12-12 21:17 . 2012-12-12 21:17 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\IGdi.dll
2012-12-12 21:17 . 2002-08-05 09:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\ctor.dll
2012-12-12 21:17 . 2002-08-02 02:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\DotNetInstaller.exe
2012-12-12 21:17 . 2002-08-02 01:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\iKernel.dll
2012-12-12 21:17 . 2002-08-02 01:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\iscript.dll
2012-12-12 21:17 . 2002-08-02 01:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime 700\Intel32\iuser.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:58 . 2012-09-20 17:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:58 . 2012-05-26 17:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:27 . 2012-05-26 07:25 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-08 20:26 . 2012-05-26 07:24 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-17 21:32 . 2012-11-17 21:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-17 21:32 . 2012-11-17 21:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-17 21:32 . 2012-05-28 17:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-17 21:32 . 2012-05-28 17:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 08:26 . 2013-01-04 12:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-12-15 . 44A87287F63395AE9E7950D266A73160 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers 0avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2013-01-05 980376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\xyz\Menu Start\Programy\Autostart\
Registration Brothers In Arms EiB.LNK - c:\gry\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\CONTIN~1\sprotector.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Gry\\Dead Space\\Dead Space.exe"=
"c:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Gry\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=
"c:\\Gry\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Gry\\FIFA 13\\Game\\fifa13.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-05-28 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-05-28 353688]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-09-22 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-05-28 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-30 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-30 682344]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-08-20 101392]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-30 21104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-01-03 27064]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 20:58]
.
2013-01-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 16:21]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-03 21:25]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-03 21:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 80.249.1.58 80.249.5.5
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 21:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1770027372-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,16,0d,aa,41,be,98,d7,7e,cc,16,00,32,9f,27,05,83,32,d9,62,fa,
3b,9f,6a,c8,14,56,39,35,e9,8f,53,c2,31,56,9c,c9,00,06,d5,88,a5,68,53,6c,ab,\
"rkeysecu"=hex:63,a6,c2,71,4f,27,b9,65,2e,98,76,3a,ca,b0,a8,74
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\MSCTF.dll
.
Czas ukończenia: 2013-01-09 21:39:16
ComboFix-quarantined-files.txt 2013-01-09 20:39
ComboFix2.txt 2013-01-06 18:26
.
Przed: 84 190 011 392 bajtów wolnych
Po: 84 195 680 256 bajtów wolnych
.
- - End Of File - - 2B7160130D37A5510E76D6AB22F6098E
  • 0

#13
gringo_pr
Posted 10 January 2013 - 07:47 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#14
gringo_pr
Posted 13 January 2013 - 05:16 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#15
sofad
Posted 14 January 2013 - 03:32 AM

sofad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello,

I did what you suggested. The web browsers still don't work. There are still seven svchost processes running. Moreover, I've noticed that recently when I turn on the computer, there is no this "beep sound" at the very beginning. I have to restart the computer and then everything turns on the way it should. Frankly, I'm quite concerned about this.
Apart from these problems however, everything else works fine - games, software and the two web browsers: IE and Opera.

Anyway, here's the log :

ComboFix 13-01-13.01 - xyz 2013-01-14 8:11.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1402 [GMT 1:00]
Uruchomiony z: c:\documents and settings\xyz\Moje dokumenty\Downloads\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\xyz\Pulpit\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-12-14 do 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-04 12:10 . 2013-01-04 12:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-03 21:23 . 2013-01-03 21:23 -------- d-----w- c:\documents and settings\xyz\Ustawienia lokalne\Dane aplikacji\VS Revo Group
2013-01-03 21:22 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\r evoflt.sys
2013-01-03 21:22 . 2013-01-03 21:22 -------- d-----w- c:\program files\VS Revo Group
2013-01-03 09:28 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\h idusb.sys
2013-01-03 09:28 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hi dusb.sys
2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\documents and settings\xyz\Ustawienia lokalne\Dane aplikacji\Opera
2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\program files\Opera
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\documents and settings\xyz\Dane aplikacji\Malwarebytes
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-12-30 18:42 . 2012-12-30 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-30 18:42 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\m bam.sys
2012-12-30 17:25 . 2012-12-30 17:25 -------- d-----w- c:\program files\ContinueToSave
2012-12-30 17:25 . 2012-12-30 17:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\continuetosave
2012-12-30 17:24 . 2001-10-26 16:29 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-12-30 17:24 . 2004-08-03 23:44 159232 ----a-w- c:\windows\system32\ptpusd.d ll
2012-12-30 17:24 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\ usbscan.sys
2012-12-30 17:24 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\u sbscan.sys
2012-12-30 10:02 . 2012-12-30 10:02 -------- d-----w- c:\program files\CPUID
2012-12-29 09:33 . 2013-01-13 15:23 -------- d-----w- c:\documents and settings\xyz\Dane aplikacji\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----w- c:\program files\Common Files\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----r- c:\program files\Skype
2012-12-29 09:33 . 2012-12-29 09:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-01-08 20:58 . 2012-09-20 17:56 697864 ----a-w- c:\windows\system32\FlashPla yerApp.exe
2013-01-08 20:58 . 2012-05-26 17:12 74248 ----a-w- c:\windows\system32\FlashPlay erCPLApp.cpl
2013-01-08 20:27 . 2012-05-26 07:25 22328 ----a-w- c:\windows\system32\drivers\P nkBstrK.sys
2013-01-08 20:26 . 2012-05-26 07:24 103736 ----a-w- c:\windows\system32\PnkBstrB .exe
2012-11-17 21:32 . 2012-11-17 21:33 93672 ----a-w- c:\windows\system32\WindowsAc cessBridge.dll
2012-11-17 21:32 . 2012-11-17 21:33 143872 ----a-w- c:\windows\system32\javacpl. cpl
2012-11-17 21:32 . 2012-05-28 17:04 821736 ----a-w- c:\windows\system32\npDeploy Java1.dll
2012-11-17 21:32 . 2012-05-28 17:04 746984 ----a-w- c:\windows\system32\deployJa va1.dll
2012-11-29 08:26 . 2013-01-04 12:10 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-12-15 . 44A87287F63395AE9E7950D266A73160 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\cur rentversion\explorer\shelliconoverlayidentifiers\0 0avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763- 00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2013-01-05 980376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu rrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\xyz\Menu Start\Programy\Autostart\
Registration Brothers In Arms EiB.LNK - c:\gry\BrothersInArmsEiB\Support\Register\Registra tionReminder.exe [N/A]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\CONTIN~1\sprotector.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallp olicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Gry\\Dead Space\\Dead Space.exe"=
"c:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Gry\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=
"c:\\Gry\\Dead Space 2\\deadspace2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Gry\\FIFA 13\\Game\\fifa13.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers \sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2012-05-28 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-05-28 353688]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-09-22 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2012-05-28 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-30 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-30 682344]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-08-20 101392]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-12-30 21104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\ EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revofl t.sys [2013-01-03 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 17:31 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Insta ller\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-09-20 20:58]
.
2013-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 16:21]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-03 21:25]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-03 21:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 80.249.1.58 80.249.5.5
FF - ProfilePath -
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 08:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
************************************************** ************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1770027372-72534554 3-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,16,0d,aa,41,be,98,d7,7e,cc,16,00,32,9 f,27,05,83,32,d9,62,fa,
3b,9f,6a,c8,14,56,39,35,e9,8f,53,c2,31,56,9c,c9,00 ,06,d5,88,a5,68,53,6c,ab,\
"rkeysecu"=hex:63,a6,c2,71,4f,27,b9,65,2e,98,76,3a,ca,b 0,a8,74
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DF A0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\Flas hUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DF A0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DF A0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash Util32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DF A0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6A E38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6A E38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid 32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6A E38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCP lugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCP lugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCP lugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCP lugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\MSCTF.dll
.
Czas ukończenia: 2013-01-14 08:18:36
ComboFix-quarantined-files.txt 2013-01-14 07:18
ComboFix2.txt 2013-01-09 20:39
ComboFix3.txt 2013-01-06 18:26
.
Przed: 80 464 588 800 bajtów wolnych
Po: 80 596 754 432 bajtów wolnych
.
- - End Of File - - B0486E98D7D81EF7D00938C95AA97540
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP