Jump to content

Recommended Posts

Hello,

im struggling with such problem for few weeks:

Firefox browser keeps popping up automatically every 30-60 mins since i have accidentally downloaded some toxic file.

It usualy opens with some russian betting sites (screenshot) or browser games.

I've tried several anti malware scanners and it didn't help. (Microsoft Safety Scanner, IObit Malware Fighter, SUPERAntiSpyware, AVG and few more wich names i can't remember)

 

1.png

2.png

Link to post
Share on other sites

Hello juniorwc and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Thank you Kevin for your respond.
Here is the FRST log:

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 22-05-2017
Uruchomiony przez Andrzej (administrator)  HIROSZIMA (23-05-2017 23:52:00)
Uruchomiony z C:\Users\Andrzej\Desktop
Załadowane profile: Andrzej (Dostępne profile: Andrzej)
Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Electronic Arts) D:\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Electronic Arts) D:\Origin\OriginThinSetupInternal.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2017-01-14] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Genesis mouse] => "C:\Program Files (x86)\Genesis\GX69 Mouse\Monitor.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit)
HKU\S-1-5-21-857644689-942761481-472397388-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-857644689-942761481-472397388-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-857644689-942761481-472397388-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3921184 2017-04-10] (IObit)
HKU\S-1-5-21-857644689-942761481-472397388-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Startup: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017-01-14]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe ()
Startup: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2017-02-25]
ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe ()
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 192.168.0.1
Tcpip\..\Interfaces\{48649A02-B600-4221-BEC4-2307583F0D50}: [DhcpNameServer] 217.172.224.160 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-857644689-942761481-472397388-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-857644689-942761481-472397388-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)

FireFox:
========
FF DefaultProfile: 3n2suptr.default
FF ProfilePath: C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\3n2suptr.default [2017-05-23]
FF user.js: detected! => C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\3n2suptr.default\user.js [2017-03-07]
FF NewTab: Mozilla\Firefox\Profiles\3n2suptr.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\3n2suptr.default -> google.pl
FF Keyword.URL: Mozilla\Firefox\Profiles\3n2suptr.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B36868384-4180-4790-AE5C-5AA1E5698C38%7D&gp=811037
FF Extension: (Adblock Plus) - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\3n2suptr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.pl/
CHR StartupUrls: Default -> "hxxp://google.pl/"
CHR Profile: C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Prezentacje Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-14]
CHR Extension: (Dokumenty Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-14]
CHR Extension: (Dysk Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (YouTube) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Video Downloader professional) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-14]
CHR Extension: (Arkusze Google) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
CHR Extension: (AdBlock) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Infinite HD App) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\laealigljflmglcgncipdbmbjgjdpiim [2017-01-14]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [311624 2017-05-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2017-01-19] (EasyAntiCheat Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [333272 2016-11-15] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2162064 2017-05-11] (Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3136920 2017-05-11] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Brak podpisu cyfrowego]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952 2017-05-14] (Reimage®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-20] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-20] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-20] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-20] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-20] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-20] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [509056 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-20] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-20] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-20] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-20] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-20] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-14] (Disc Soft Ltd)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2016-12-22] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-03-29] (IObit.com)
R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37472 2016-07-14] (Intel)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-11-03] (IObit.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [35328 2017-02-15] (Windows (R) Win 7 DDK provider)
U0 aswVmm; Brak ImagePath
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-05-23 23:52 - 2017-05-23 23:52 - 00018405 _____ C:\Users\Andrzej\Desktop\FRST.txt
2017-05-23 23:50 - 2017-05-23 23:52 - 00000000 ____D C:\FRST
2017-05-23 23:49 - 2017-05-23 23:49 - 02429952 _____ (Farbar) C:\Users\Andrzej\Desktop\FRST64.exe
2017-05-23 23:43 - 2017-05-23 23:43 - 00001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 23:43 - 2017-05-23 23:43 - 00001121 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-23 23:43 - 2017-05-23 23:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-23 23:43 - 2017-05-23 23:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 18:39 - 2017-05-23 18:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-05-23 18:03 - 2017-05-23 18:03 - 00003026 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-05-23 18:03 - 2017-05-23 18:03 - 00002830 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_Andrzej
2017-05-23 18:03 - 2017-05-23 18:03 - 00002234 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-05-23 18:03 - 2017-05-23 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-05-23 17:55 - 2017-05-23 17:55 - 00000000 _____ C:\autoexec.bat
2017-05-23 17:46 - 2017-05-23 17:46 - 00004280 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-05-23 17:45 - 2017-05-23 17:54 - 00000000 ____D C:\ProgramData\Reimage Protector
2017-05-23 17:45 - 2017-05-23 17:54 - 00000000 ____D C:\Program Files\Reimage
2017-05-23 17:45 - 2017-05-23 17:53 - 00000150 _____ C:\Windows\Reimage.ini
2017-05-23 17:45 - 2017-05-23 17:45 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-23 17:45 - 2017-05-23 17:44 - 00509056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-23 17:45 - 2017-05-20 10:45 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-05-23 17:45 - 2017-05-20 10:45 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-23 17:22 - 2017-05-23 17:40 - 00000000 ____D C:\AdwCleaner
2017-05-22 23:27 - 2017-05-22 23:27 - 00054862 _____ C:\Users\Andrzej\Desktop\GTD350.rar
2017-05-22 22:59 - 2017-05-22 22:59 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-05-22 22:58 - 2017-05-22 22:58 - 00001157 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-05-22 22:58 - 2017-05-22 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-05-22 22:58 - 2017-03-29 18:05 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-05-22 17:00 - 2017-05-22 17:00 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-22 17:00 - 2017-05-22 17:00 - 00000000 ____D C:\Windows\LastGood
2017-05-22 17:00 - 2017-05-03 22:21 - 01893496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-05-22 17:00 - 2017-05-03 22:21 - 01477240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-05-22 17:00 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-22 17:00 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-22 17:00 - 2017-05-03 22:21 - 00057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-05-22 17:00 - 2017-05-03 22:21 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-05-21 23:07 - 2017-05-21 23:07 - 00003596 _____ C:\Windows\System32\Tasks\myblog10comrfvsm
2017-05-20 10:45 - 2017-05-20 10:45 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149526995710901
2017-05-16 16:47 - 2017-05-16 16:47 - 00000000 ____D C:\Users\Andrzej\Desktop\dupka
2017-05-15 16:45 - 2017-05-15 16:48 - 00000000 ____D C:\Users\Andrzej\Desktop\adamaczan
2017-05-15 14:13 - 2017-05-15 14:13 - 00000000 ____H C:\asc_rdflag
2017-05-14 21:28 - 2017-05-14 21:28 - 00000000 ____D C:\Users\Andrzej\Desktop\KOŁO-WIREK1
2017-05-12 21:20 - 2017-05-12 21:24 - 00000000 ____D C:\Users\Andrzej\Documents\FIFA 17
2017-05-12 21:15 - 2017-05-12 21:15 - 00000000 ____D C:\Program Files\ShanWan
2017-05-12 21:15 - 2017-05-12 21:15 - 00000000 ____D C:\Program Files (x86)\ShanWan
2017-05-12 21:10 - 2017-05-12 21:14 - 00000860 _____ C:\Users\Public\Desktop\FIFA 17.lnk
2017-05-12 21:10 - 2017-05-12 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17
2017-05-06 22:08 - 2017-05-06 22:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 21:09 - 2017-05-04 21:09 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-29 10:36 - 2017-04-29 10:36 - 00002752 _____ C:\Windows\System32\Tasks\ASCTaskASC
2017-04-28 20:24 - 2017-04-28 20:24 - 00000000 ___HD C:\$AV_AVG
2017-04-28 18:58 - 2017-04-28 18:58 - 00000000 __SHD C:\Users\Andrzej\AppData\Local\EmieUserList
2017-04-28 18:58 - 2017-04-28 18:58 - 00000000 __SHD C:\Users\Andrzej\AppData\Local\EmieSiteList
2017-04-28 18:27 - 2017-04-28 18:27 - 00000000 ____D C:\Users\Andrzej\Cheathappens
2017-04-28 18:14 - 2017-04-28 18:14 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Google
2017-04-28 16:38 - 2017-04-20 02:18 - 00134776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-04-28 16:38 - 2017-03-10 23:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-04-28 16:38 - 2017-03-10 23:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-04-28 16:38 - 2017-03-10 23:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-04-28 16:38 - 2017-03-10 23:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-04-28 16:36 - 2017-04-20 03:57 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 35313600 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 28558784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 20057176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 17418792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 16431504 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 14659520 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-04-28 16:36 - 2017-04-20 03:57 - 13398512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 11113112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 10636240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 09316832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 08876456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 04071816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 03588376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 03430520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 03010680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438189.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 01600560 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 01589880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438189.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 01053304 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00990144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00960448 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00911480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00895784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00507688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00491024 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00426128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00406736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00218040 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-04-28 16:36 - 2017-04-20 03:57 - 00170176 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00046008 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-04-28 16:36 - 2017-04-20 03:57 - 00041979 _____ C:\Windows\system32\nvinfo.pb
2017-04-28 16:36 - 2017-04-20 03:57 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-04-28 16:36 - 2017-04-20 03:57 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-04-28 16:31 - 2017-04-28 16:38 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-04-24 23:52 - 2017-04-24 23:52 - 00000000 ____D C:\Users\Andrzej\AppData\LocalLow\Microids

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-05-23 23:49 - 2017-01-14 09:44 - 00000000 ____D C:\Users\Andrzej\AppData\LocalLow\Mozilla
2017-05-23 23:48 - 2017-01-14 03:11 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-857644689-942761481-472397388-1001
2017-05-23 23:43 - 2017-01-18 14:52 - 00000000 ____D C:\ProgramData\Origin
2017-05-23 22:02 - 2017-01-18 14:58 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\Origin
2017-05-23 22:01 - 2017-01-14 04:02 - 00003332 _____ C:\Windows\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2017-05-23 22:00 - 2017-01-14 13:06 - 00000000 ____D C:\Users\Andrzej\Documents\temp
2017-05-23 21:59 - 2017-01-14 09:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-23 18:57 - 2017-01-14 03:01 - 01738750 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-23 18:57 - 2013-08-23 01:12 - 00770326 _____ C:\Windows\system32\perfh015.dat
2017-05-23 18:57 - 2013-08-23 01:12 - 00156028 _____ C:\Windows\system32\perfc015.dat
2017-05-23 18:57 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-23 18:52 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-23 18:52 - 2013-08-22 16:44 - 00484424 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-23 18:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-23 18:03 - 2017-01-14 17:12 - 00000000 ____D C:\ProgramData\IObit
2017-05-23 18:02 - 2017-01-14 17:12 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\IObit
2017-05-23 17:54 - 2017-01-14 02:57 - 00000000 ____D C:\Users\Andrzej
2017-05-23 17:53 - 2017-01-14 17:12 - 00000000 ____D C:\Users\Andrzej\AppData\LocalLow\IObit
2017-05-23 12:45 - 2017-03-07 00:27 - 00000000 ____D C:\Users\Andrzej\AppData\Local\CrashDumps
2017-05-22 23:01 - 2017-01-14 16:30 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-22 22:58 - 2017-01-14 17:12 - 00000000 ____D C:\ProgramData\ProductData
2017-05-22 22:58 - 2017-01-14 17:12 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-22 22:57 - 2017-02-20 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-05-22 17:03 - 2017-01-14 16:19 - 00000000 ____D C:\Users\Andrzej\Desktop\syf
2017-05-22 17:00 - 2017-01-14 09:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-22 17:00 - 2017-01-14 09:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-22 17:00 - 2017-01-14 09:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-16 20:39 - 2017-01-14 16:18 - 00002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 20:39 - 2017-01-14 16:18 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-15 14:13 - 2017-03-18 11:51 - 69140480 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2017-05-15 14:13 - 2017-03-18 11:51 - 04808704 _____ C:\Windows\system32\config\DRIVERS.iodefrag.bak
2017-05-15 14:13 - 2017-03-18 11:51 - 00303104 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2017-05-15 14:13 - 2017-03-18 11:51 - 00069632 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2017-05-15 14:13 - 2017-03-18 11:51 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2017-05-12 21:15 - 2017-01-14 04:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-12 21:10 - 2017-01-18 16:17 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-05-12 21:10 - 2017-01-14 03:00 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-10 22:28 - 2017-02-23 21:27 - 00000000 ____D C:\Users\Andrzej\Desktop\techniki cyfrowe
2017-05-08 09:53 - 2017-01-14 19:32 - 00000000 ____D C:\Users\Andrzej\AppData\Local\Microsoft Help
2017-05-05 21:48 - 2017-01-18 16:17 - 00000883 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-05-04 21:09 - 2017-02-23 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-03 22:21 - 2017-01-14 20:10 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-05-03 22:21 - 2017-01-14 20:10 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-05-03 22:21 - 2017-01-14 20:10 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-05-03 21:28 - 2017-01-14 20:10 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-05-03 17:41 - 2017-01-14 20:10 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-04-29 15:33 - 2017-01-14 09:43 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 15:33 - 2017-01-14 09:43 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 20:24 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-28 20:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-28 16:38 - 2017-01-14 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-04-28 16:38 - 2017-01-14 03:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-24 23:33 - 2017-01-22 22:47 - 00000000 ____D C:\Users\Andrzej\AppData\Roaming\uTorrent

==================== Pliki w katalogu głównym wybranych folderów =======

2017-01-14 04:30 - 2017-01-14 04:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

LastRegBack: 2017-05-18 21:01

==================== Koniec  FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.


Let me see those logs in your next reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Thank you again,

every step completed without any issues.

1.

# AdwCleaner v6.047 - Logfile created 24/05/2017 at 15:10:05
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-23.1 [Local]
# Operating System : Windows 8.1 Pro  (X64)
# Username : Andrzej - HIROSZIMA
# Running from : C:\Users\Andrzej\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Andrzej\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\Andrzej\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[#] Folder deleted on reboot: C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare


***** [ Files ] *****

[-] File deleted: C:\Users\Andrzej\AppData\Local\Temp\reimage.log


***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

[-] Task deleted: ASC10_PerformanceMonitor


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Value deleted: HKU\S-1-5-21-857644689-942761481-472397388-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Advanced SystemCare 10]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare


***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9070 Bytes] - [23/05/2017 17:40:28]
C:\AdwCleaner\AdwCleaner[C2].txt - [2653 Bytes] - [24/05/2017 15:10:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [8557 Bytes] - [23/05/2017 17:23:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [3043 Bytes] - [24/05/2017 15:07:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [2918 Bytes] - [24/05/2017 15:09:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2945 Bytes] ##########

 

 

2.

Emsisoft Emergency Kit - Version 2017.4
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
2017-05-24 15:18:00    Malware    82042    1    0:02:31    Manual scan    HIROSZIMA    

 

 

Emsisoft Emergency Kit -Wersja 2017.4
Ostatnia aktualizacja: 2017-05-24 15:17:25
Nazwa użytkownika: HIROSZIMA\Andrzej
Computer name: HIROSZIMA
OS version: Windows 8.1x64

Ustawienia skanera:

Typ skanu: Malware skan
Obiekty: Rootkity, Pamięć, Ślady, Pliki

Wykrywanie PNP: Włączone
Skanowanie plików skompresowanych: Wyłączone
Skanowanie ADS: Włączone
Filtr rozszerzeń plików: Wyłączone
Bezpośredni dostęp do dysku: Wyłączone

Skanowanie uruchomiono:    2017-05-24 15:18:00
C:\Users\Andrzej\AppData\Roaming\software informer     Wykryto: Application.AppInstall (A) [225393]

Przeskanowano:    82042
Wykryto:    1

Koniec skanu:    2017-05-24 15:20:31
Skan trwał:    0:02:31

C:\Users\Andrzej\AppData\Roaming\software informer     Application.AppInstall (A)

Przeniesiono do kwarantanny    1

 

malwarebytes_log.txt

Link to post
Share on other sites

Ok, if you are sure the issue is cleared do the following to clean up:

Navigate to and delete the following, (if present):

C:\ProgramData\Emsisoft
C:\Users\{your user name}\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe


Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Which Browser do you refer to... I see Firefox is indicated as your default so I assume Firefox... Lets try a clean install:

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Remove all synced data from Firefox to stop possible re-infection or exploitation.

https://support.mozilla.org/t5/Sync-and-Save/How-do-I-set-up-Sync-on-my-computer/ta-p/21417

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
 
Thank you,
 
Kevin..
Link to post
Share on other sites

  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.