help_decrypt

[krzysiek123456 0]

Witam. Mam pewien problem. Mianowicie ostatnio wlaczam komputer a wszyskie moje zdjecia, filmy, pliki tekstowe itd. sa zaszyfrowane. Kiedy wlaczam plik z notatkami to mam w nim zamiast notatki cos w rodzaju chinskich znakow czy ciagu liczb i liter. przy kazdym pliku/folderze z plikami, utworzyly sie 4 pliki o nazwie "help_decrypt". Dwa jako pliki skrotowe do strony internetowej, jeden jako dokument tekstowy i jeden jako obraz PNG. W kazdym z nich sa jakies instrukcje, opisy itd. po angielsku. Cos o jakims CryptoWall 3.0... dysk komputera jest w porzadku, mialem jakies wirusy przez nieuzywanie antywirusa ale tez je pousuwalem. Nie potrafie tylko odszyfrowac tych plikow. Poprzednich wersji ani kopii zapasowej rowniez nie mam. Moje pytanie brzmi czy da sie jakos odszyfrowac te pliki czy sa one pouszkadzane? Z gory dziekuje za pomoc. Pozdrawiam!

 

PS: Zeskanowalem system programem FRST. Moze to byc istotne wiec wklejam to co mi wyskoczylo

 

Plik FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01

Ran by Krzysztof (administrator) on JAKUB-KOMPUTER on 29-05-2015 15:30:35

Running from C:\Users\Krzysztof\Downloads

Loaded Profiles: Krzysztof (Available Profiles: Jakub & Krzysztof & Tomasz)

Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe

(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe

(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

() C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)

HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\...\MountPoints2: {67198115-8111-11df-af53-806e6f6e6963} - E:\LoaderPrawko.exe

HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [785744 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation)

Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-04-02] ()

Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-04-02] ()

InternetURL: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/1cp42gh

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\acsydatp.default

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Krzysztof\AppData\Roaming\Mozilla\Firefox\Profiles\acsydatp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-23]

 

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HKLM\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - https://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome.NCRQS4RW6I56DRW6FLRPVY7VLQ - C:\Users\Jakub\AppData\Local\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)

R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)

R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)

R2 MaintainerSvc6.89.573444; C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe [128240 2015-05-29] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)

S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2015-03-25] (Overwolf LTD)

S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)

R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

R2 SAService; C:\windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 305c2e03; "C:\windows\system32\rundll32.exe" "c:\Program Files\IncludeSystem\IncludeSystem.dll",serv

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)

S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)

R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-06-26] ()

R3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

R3 pfc; C:\windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]

R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI)

R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]

S1 coacfunv; \??\C:\windows\system32\drivers\coacfunv.sys [X]

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-29 15:27 - 2015-05-29 15:30 - 00010969 _____ () C:\Users\Krzysztof\Downloads\FRST.txt

2015-05-29 15:27 - 2015-05-29 15:30 - 00000000 ____D () C:\FRST

2015-05-29 15:26 - 2015-05-29 15:26 - 01147392 _____ (Farbar) C:\Users\Krzysztof\Downloads\FRST.exe

2015-05-29 15:16 - 2015-05-29 15:26 - 00000853 _____ () C:\Users\Krzysztof\Desktop\Nowy dokument tekstowy.txt

2015-05-23 16:26 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\utilman.exe

2015-05-23 15:40 - 2015-05-23 15:40 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-05-23 15:34 - 2015-05-23 15:40 - 00001912 _____ () C:\windows\epplauncher.mif

2015-05-23 15:29 - 2015-05-23 15:29 - 00008646 _____ () C:\Users\Krzysztof\HELP_DECRYPT.HTML

2015-05-23 15:27 - 2015-05-23 15:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-05-23 15:26 - 2015-05-23 15:26 - 00008646 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.HTML

2015-05-23 15:26 - 2015-05-23 15:26 - 00008646 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.HTML

2015-05-23 15:25 - 2015-05-23 15:25 - 00008646 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.HTML

2015-05-23 15:21 - 2015-05-23 15:21 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-05-23 15:21 - 2015-05-23 15:21 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-05-23 15:21 - 2015-05-23 15:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-05-23 15:21 - 2015-05-23 15:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-05-23 15:17 - 2015-05-23 15:26 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Mozilla

2015-05-23 15:17 - 2015-05-23 15:18 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\Mozilla

2015-05-23 15:17 - 2015-05-23 15:17 - 00000000 ____D () C:\ProgramData\Mozilla

2015-05-23 14:50 - 2015-05-23 14:50 - 00000000 __SHD () C:\found.002

2015-05-23 14:42 - 2015-05-23 14:42 - 00000000 ____D () C:\windows\pss

2015-05-23 14:40 - 2015-05-23 14:45 - 00000000 ____D () C:\AdwCleaner

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-29 15:29 - 2010-06-26 13:00 - 01137171 _____ () C:\windows\WindowsUpdate.log

2015-05-29 15:10 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-29 15:10 - 2009-07-14 06:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-29 15:01 - 2010-06-09 11:05 - 00752844 _____ () C:\windows\system32\perfh015.dat

2015-05-29 15:01 - 2010-06-09 11:05 - 00159900 _____ () C:\windows\system32\perfc015.dat

2015-05-29 15:01 - 2010-06-09 03:36 - 01695538 _____ () C:\windows\system32\PerfStringBackup.INI

2015-05-29 14:56 - 2014-11-17 17:17 - 00000000 ____D () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321

2015-05-29 14:55 - 2015-04-02 16:35 - 00001018 _____ () C:\windows\Tasks\uElkiLDzkiHO9pBEeuS5UDX.job

2015-05-29 14:55 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-05-29 14:55 - 2009-07-14 06:39 - 00076719 _____ () C:\windows\setupact.log

2015-05-23 16:04 - 2015-03-21 19:43 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\LogMeIn Hamachi

2015-05-23 15:54 - 2015-04-01 13:33 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}

2015-05-23 15:54 - 2014-09-19 10:39 - 00001058 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA.job

2015-05-23 15:54 - 2010-06-09 03:47 - 01375438 _____ () C:\windows\PFRO.log

2015-05-23 15:29 - 2015-04-07 17:18 - 00004266 _____ () C:\Users\Krzysztof\HELP_DECRYPT.TXT

2015-05-23 15:29 - 2015-04-07 17:18 - 00000296 _____ () C:\Users\Krzysztof\HELP_DECRYPT.URL

2015-05-23 15:29 - 2014-11-17 16:43 - 00000000 ____D () C:\Users\Krzysztof\Documents\Optimizer Pro

2015-05-23 15:29 - 2014-09-21 21:10 - 00000000 ____D () C:\Users\Krzysztof

2015-05-23 15:29 - 2014-09-21 21:08 - 00000000 ____D () C:\Users\Krzysztof\Desktop\Pliki

2015-05-23 15:26 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.TXT

2015-05-23 15:26 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.TXT

2015-05-23 15:26 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.URL

2015-05-23 15:26 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\HELP_DECRYPT.URL

2015-05-23 15:25 - 2015-04-07 03:57 - 00004266 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.TXT

2015-05-23 15:25 - 2015-04-07 03:57 - 00000296 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.URL

2015-05-23 15:25 - 2014-09-21 21:10 - 00000000 ____D () C:\Users\Krzysztof\AppData\Local\VirtualStore

2015-05-23 15:22 - 2014-11-17 19:56 - 00000266 __RSH () C:\ProgramData\ntuser.pol

2015-05-23 14:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System

2015-05-23 14:32 - 2015-04-02 17:34 - 00000004 _____ () C:\windows\system32\029B560A371F4E00AB32838EBC01B9E7

2015-05-23 13:45 - 2015-01-19 13:48 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\LibreOffice

2015-05-23 13:45 - 2015-01-06 10:34 - 00000000 ____D () C:\Users\Krzysztof\Desktop\Nestopia - NES emulator

2015-05-23 13:45 - 2015-01-06 10:32 - 00000000 ____D () C:\Users\Krzysztof\Desktop\NES romy PL i emulator

2015-05-23 13:45 - 2015-01-06 10:21 - 00000000 ____D () C:\Users\Krzysztof\Desktop\ultimate_stuntman

2015-05-23 13:45 - 2015-01-05 00:07 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Maxthon3

2015-05-23 13:45 - 2014-12-28 23:36 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\TS3Client

2015-05-23 13:45 - 2014-12-22 01:53 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Image-Line

2015-05-23 13:45 - 2014-12-18 16:21 - 00000000 ____D () C:\Users\Krzysztof\Documents\VirtualDJ

2015-05-23 13:45 - 2014-12-10 14:53 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\PCFixKit

2015-05-23 13:45 - 2014-11-20 05:08 - 00000000 ____D () C:\Users\Krzysztof\AppData\Roaming\Tibia

2015-05-23 13:21 - 2015-03-17 16:28 - 00000000 ___HD () C:\Users\Jakub\AppData\Roaming\5CEAAF67

2015-05-23 13:21 - 2015-03-13 18:59 - 00000000 ____D () C:\Users\Jakub\AppData\Local\LogMeIn Hamachi

2015-05-23 13:21 - 2015-03-13 01:05 - 00000000 ____D () C:\Users\Jakub\Desktop\Nowy folder

2015-05-23 13:21 - 2015-03-03 18:08 - 00000000 ____D () C:\Users\Jakub\Desktop\mapy tibia

2015-05-23 13:21 - 2015-03-01 02:02 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\mxnitro

2015-05-23 13:21 - 2015-02-28 13:57 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Overwolf

2015-05-23 13:21 - 2015-02-15 10:56 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\uTorrent

2015-05-23 13:21 - 2015-02-06 22:43 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\LibreOffice

2015-05-23 13:21 - 2015-02-01 19:48 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\TeamViewer

2015-05-23 13:21 - 2015-01-28 22:31 - 00000000 ___HD () C:\Users\Jakub\AppData\Roaming\GoldenGate

2015-05-23 13:21 - 2015-01-18 00:39 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Wise Registry Cleaner

2015-05-23 13:21 - 2015-01-10 21:23 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\OpenFM

2015-05-23 13:21 - 2015-01-05 00:05 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\GG

2015-05-23 13:21 - 2015-01-05 00:05 - 00000000 ____D () C:\Users\Jakub\AppData\Local\GG

2015-05-23 13:21 - 2014-12-26 02:26 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\TS3Client

2015-05-23 13:21 - 2014-12-14 13:09 - 00000000 ____D () C:\Users\Jakub\Desktop\smieci

2015-05-23 13:21 - 2014-11-20 02:39 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Opera Software

2015-05-23 13:21 - 2014-11-17 16:42 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Tibia

2015-05-23 13:21 - 2014-10-08 23:07 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Microsoft Games

2015-05-23 13:21 - 2014-09-20 17:41 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Skype

2015-05-23 13:21 - 2014-09-20 17:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Skype

2015-05-23 13:21 - 2014-09-20 17:36 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\.minecraft

2015-05-23 13:21 - 2014-09-19 16:20 - 00000000 ____D () C:\Users\Jakub\AppData\Local\PunkBuster

2015-05-23 13:21 - 2014-09-19 10:36 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Google

2015-05-23 13:21 - 2014-09-18 10:29 - 00000000 ____D () C:\Users\Jakub\AppData\Local\VirtualStore

2015-05-23 13:20 - 2015-02-16 14:36 - 00000000 ____D () C:\Users\Jakub\Desktop\XenoBot10.54

2015-05-23 13:20 - 2015-02-01 18:29 - 00000000 __RSD () C:\Users\Jakub\Documents\My Stationery

2015-05-23 13:20 - 2015-01-05 00:06 - 00000000 ___SD () C:\Users\Jakub\GG dysk

2015-05-23 13:20 - 2014-12-14 00:39 - 00000000 ____D () C:\Users\Jakub\Documents\Image-Line

2015-05-23 13:20 - 2014-12-12 21:54 - 00000000 ____D () C:\Users\Jakub\Documents\Action!

2015-05-23 13:20 - 2014-09-18 10:29 - 00000000 ____D () C:\Users\Jakub

 

==================== Files in the root of some directories =======

 

2015-05-23 15:26 - 2015-05-23 15:26 - 0008646 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.HTML

2015-04-07 03:57 - 2015-05-23 15:26 - 0045690 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.PNG

2015-04-07 03:57 - 2015-05-23 15:26 - 0004266 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.TXT

2015-04-07 03:57 - 2015-05-23 15:26 - 0000296 _____ () C:\Users\Krzysztof\AppData\Roaming\HELP_DECRYPT.URL

2015-05-23 15:25 - 2015-05-23 15:25 - 0008646 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.HTML

2015-04-07 03:57 - 2015-05-23 15:25 - 0045690 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.PNG

2015-04-07 03:57 - 2015-05-23 15:25 - 0004266 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.TXT

2015-04-07 03:57 - 2015-05-23 15:25 - 0000296 _____ () C:\Users\Krzysztof\AppData\Local\HELP_DECRYPT.URL

2015-01-19 15:58 - 2015-01-19 15:58 - 0613057 _____ (CMI Limited) C:\Users\Krzysztof\AppData\Local\nsiB276.tmp

2015-01-21 13:09 - 2015-01-21 13:09 - 0613057 _____ (CMI Limited) C:\Users\Krzysztof\AppData\Local\nsnC96F.tmp

2015-05-23 14:35 - 2015-05-23 14:35 - 0011696 _____ () C:\Users\Krzysztof\AppData\Local\Temp-log.txt

2015-04-02 16:41 - 2015-04-02 16:41 - 0008598 _____ () C:\ProgramData\HELP_DECRYPT.HTML

2015-04-02 16:41 - 2015-04-02 16:41 - 0045706 _____ () C:\ProgramData\HELP_DECRYPT.PNG

2015-04-02 16:41 - 2015-04-02 16:41 - 0004242 _____ () C:\ProgramData\HELP_DECRYPT.TXT

2015-04-02 16:41 - 2015-04-02 16:41 - 0000280 _____ () C:\ProgramData\HELP_DECRYPT.URL

 

Some files in TEMP:

====================

C:\Users\Jakub\AppData\Local\Temp\5B18CF01-1AE8-8494-4B49-C7DF16C81CF5.dll

C:\Users\Jakub\AppData\Local\Temp\AutoRun.exe

C:\Users\Jakub\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Jakub\AppData\Local\Temp\bbgcabfccbd.exe

C:\Users\Jakub\AppData\Local\Temp\bcdcabfcccd.exe

C:\Users\Jakub\AppData\Local\Temp\bcgcabfccca.exe

C:\Users\Jakub\AppData\Local\Temp\bcicabfccbii.exe

C:\Users\Jakub\AppData\Local\Temp\bcicabfcccbe.exe

C:\Users\Jakub\AppData\Local\Temp\cbdcabfcebeg.exe

C:\Users\Jakub\AppData\Local\Temp\cbdcabfcebhe.exe

C:\Users\Jakub\AppData\Local\Temp\cicabfccbje.exe

C:\Users\Jakub\AppData\Local\Temp\cicabfccje.exe

C:\Users\Jakub\AppData\Local\Temp\DseShExt-x86.dll

C:\Users\Jakub\AppData\Local\Temp\dsrsetup.exe

C:\Users\Jakub\AppData\Local\Temp\flstudio_10.0.8_online.exe

C:\Users\Jakub\AppData\Local\Temp\FreeVideoEditor.exe

C:\Users\Jakub\AppData\Local\Temp\ggdrive-menu.exe

C:\Users\Jakub\AppData\Local\Temp\ggdrive-overlay.exe

C:\Users\Jakub\AppData\Local\Temp\ICReinstall_Wise-Registry-Cleaner(13347)-dp.exe

C:\Users\Jakub\AppData\Local\Temp\installstats.exe

C:\Users\Jakub\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Jakub\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Jakub\AppData\Local\Temp\OptimizerPro.exe

C:\Users\Jakub\AppData\Local\Temp\optprosetup.exe

C:\Users\Jakub\AppData\Local\Temp\res.dll

C:\Users\Jakub\AppData\Local\Temp\SDShelEx-win32.dll

C:\Users\Jakub\AppData\Local\Temp\setup.exe

C:\Users\Jakub\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jakub\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe

C:\Users\Jakub\AppData\Local\Temp\Softonic_PL_1-5-11_PL-Production_10_CleanRelease.exe

C:\Users\Jakub\AppData\Local\Temp\SpOrder.dll

C:\Users\Jakub\AppData\Local\Temp\tu17p84.exe

C:\Users\Jakub\AppData\Local\Temp\uninstall.exe

C:\Users\Jakub\AppData\Local\Temp\utils.dll

C:\Users\Jakub\AppData\Local\Temp\{6BB99CED-A690-46F6-BF2E-6AF81365A2FB}-37.0.2062.124_37.0.2062.120_chrome_updater.exe

C:\Users\Krzysztof\AppData\Local\Temp\appshat_generic.exe

C:\Users\Krzysztof\AppData\Local\Temp\AutoRun.exe

C:\Users\Krzysztof\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Krzysztof\AppData\Local\Temp\bbjcabfccbji.exe

C:\Users\Krzysztof\AppData\Local\Temp\bcbcabfccbic.exe

C:\Users\Krzysztof\AppData\Local\Temp\dsrsetup.exe

C:\Users\Krzysztof\AppData\Local\Temp\flstudio_10.0.8_online.exe

C:\Users\Krzysztof\AppData\Local\Temp\InstallGenieo.exe

C:\Users\Krzysztof\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Krzysztof\AppData\Local\Temp\optprosetup.exe

C:\Users\Krzysztof\AppData\Local\Temp\Quarantine.exe

C:\Users\Krzysztof\AppData\Local\Temp\res.dll

C:\Users\Krzysztof\AppData\Local\Temp\ShopperProJSINJFull.exe

C:\Users\Krzysztof\AppData\Local\Temp\sqlite3.dll

C:\Users\Krzysztof\AppData\Local\Temp\tu17p84.exe

C:\Users\Krzysztof\AppData\Local\Temp\Ultimate Stuntman__3435_il391377.exe

C:\Users\Krzysztof\AppData\Local\Temp\UpdateCheckerSetup.exe

C:\Users\Krzysztof\AppData\Local\Temp\UpdateYTD_amodcG20141226.exe

C:\Users\Krzysztof\AppData\Local\Temp\ytdieamo_amodc_setup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-03-28 18:11

 

==================== End of log ============================

 

Plik Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01

Ran by Krzysztof at 2015-05-29 15:34:29

Running from C:\Users\Krzysztof\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3547090968-3412655250-3130215973-500 - Administrator - Disabled)

Gość (S-1-5-21-3547090968-3412655250-3130215973-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3547090968-3412655250-3130215973-1002 - Limited - Enabled)

Jakub (S-1-5-21-3547090968-3412655250-3130215973-1000 - Administrator - Enabled) => C:\Users\Jakub

Krzysztof (S-1-5-21-3547090968-3412655250-3130215973-1003 - Administrator - Enabled) => C:\Users\Krzysztof

Tomasz (S-1-5-21-3547090968-3412655250-3130215973-1004 - Limited - Enabled) => C:\Users\Tomasz

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 Pepper (HKLM\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Asystent rejestracji usługi Windows Live (HKLM\...\{51958BA7-21E4-4A8B-9098-CD8375BD17B2}) (Version: 5.000.818.5 - Microsoft Corporation)

Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )

Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)

Cinemax (HKLM\...\Cinemax) (Version: 1.35.12.18 - SBG) <==== ATTENTION

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)

Counter-Strike 1.6 v48 (HKLM\...\Counter-Strike 1.6) (Version: v48 - CSSetti.pl)

EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)

ElfBot NG 4.5.9 (HKLM\...\ElfBot NG_is1) (Version: - NGSoft, LLC)

Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)

FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line)

FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - )

Galeria fotografii usługi Windows Live (Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Gunzodus 10.75 10.75 (HKLM\...\Gunzodus 10.75 10.75) (Version: 10.75 - GunzOT)

IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

K-Lite Codec Pack 10.7.1 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.1 - )

Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)

Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden

Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)

Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)

LibreOffice 4.3.5.2 (HKLM\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)

LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)

LogMeIn Hamachi (Version: 2.2.0.319 - LogMeIn, Inc.) Hidden

Maxthon Nitro (HKLM\...\MxNitro) (Version: 1.0.0.700 - Maxthon International Limited)

Memsoria 8.6 wersja 8.6 (HKLM\...\{1CA6A4DC-07FE-478D-A500-F695D396A5CA}_is1) (Version: 8.6 - Memsoria)

Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - Polski (HKLM\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Mozilla Firefox 26.0 (x86 pl) (HKLM\...\Mozilla Firefox 26.0 (x86 pl)) (Version: 26.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)

Narzędzie do przekazywania usługi Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Overwolf (HKLM\...\Overwolf) (Version: 0.84.92.0 - Overwolf Ltd.)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Poczta usługi Windows Live (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Podstawowe programy Windows Live (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Super Mario Bros. X version 1.3 (HKLM\...\{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1) (Version: 1.3 - SuperMarioBrothers.org)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Testy CDplus 5.1.3.81 (HKLM\...\{56F1DD5E-63AD-410D-935D-D124188C20BF}_is1) (Version: 5.1.3.81 - Grupa IMAGE sp. z o.o.)

Tibia (HKLM\...\Tibia_is1) (Version: 10.58 - CipSoft GmbH)

Ventrilo (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 2.1.4 - Flagship Industries, Inc.)

VirtualDJ 8 (HKLM\...\{85E12659-D3A1-4583-BA1C-95DF53C3C632}) (Version: 8.0.2087.0 - Atomix Productions)

Windows Live Sync (HKLM\...\{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}) (Version: 14.0.8089.726 - Microsoft Corporation)

WinRAR 5.20 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jakub\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe" No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Jakub\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Krzysztof\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File

CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File

 

==================== Restore Points =========================

 

23-05-2015 15:47:52 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {11FFFF07-8EEB-4B27-A13A-994F0DE39244} - System32\Tasks\uElkiLDzkiHO9pBEeuS5UDX => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe [2015-04-03] () <==== ATTENTION

Task: {2337289C-9295-4224-B58A-C45F8B30244F} - System32\Tasks\{4B38F1ED-BDBE-4842-9BCA-F0EF1024B711} => pcalua.exe -a C:\Users\Jakub\Downloads\MinecraftZyczu.exe -d C:\Users\Jakub\Downloads

Task: {2DD38E17-E45E-4108-B389-F544CA72B2F7} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-03-25] (Overwolf LTD)

Task: {3557E97E-B8C7-43F8-AB65-F1C9CFB41747} - System32\Tasks\{D0F16977-63CA-4192-9D18-55FAB169FCF9} => C:\Program Files\Adobe\Audition 1.5\Audition.exe

Task: {4887CE3E-0256-49CE-A776-CA4395D30250} - System32\Tasks\{5F2DF555-E6F2-4A07-9746-091BD9CC0A0F} => pcalua.exe -a E:\Setup.exe -d E:\

Task: {5E8CA9D2-DD74-4962-B105-FD0D96571396} - System32\Tasks\{E53D2C34-B562-4B7F-AD53-985AA8992A10} => pcalua.exe -a C:\Users\Jakub\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION

Task: {62AECD1F-DF14-4EA0-B309-8C3902DF3548} - System32\Tasks\{788E6C57-DC24-4B82-9FBA-272EFD0455C5} => C:\Program Files\Adobe\Audition 1.5\Audition.exe

Task: {712BA005-057D-4B58-A774-E3F5BD402518} - System32\Tasks\{32C20742-608F-4A32-BBB7-CC6E2B7AE3B4} => C:\Program Files\ElfBot NG\loader.exe [2010-03-18] ()

Task: {769626B4-AFA7-4449-8939-5CBF993E91D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {7B9AC52F-EA75-4A28-89CC-D63FCA31FB67} - System32\Tasks\{84DFBC8F-DA7B-424F-A8AB-A4A3457DC525} => C:\Program Files\ElfBot NG\loader.exe [2010-03-18] ()

Task: {89FBEC03-9B95-4535-8AE0-46BCC460F20A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {8C48A66D-1242-4F3A-9CB1-52C0C388D57F} - System32\Tasks\{4364465A-F0C3-44C0-9B10-3CA49E86A2CB} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )

Task: {933073BE-F063-459F-9C76-3CCD7FD3106A} - System32\Tasks\{A43F6A8D-6E58-46BF-9B5B-205CF60C18AB} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )

Task: {959A9F49-AAE1-4270-A1B4-B3CB05D6AB39} - System32\Tasks\{CEE586A8-6718-4541-935B-0C486070D006} => C:\Users\Krzysztof\Desktop\tibia1072.exe [2015-01-19] (CipSoft GmbH )

Task: {A8808D8E-3402-467F-B5ED-637B75311D0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {B05D621E-7F60-496D-9E20-5DE8D42CFADF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)

Task: {D6C2EABA-820B-4A5F-82F1-4F01E1BE6EDE} - System32\Tasks\{591F906E-FD97-428F-9EAA-C51D1376C230} => pcalua.exe -a C:\Users\Jakub\Desktop\MinecraftZyczu.exe -d C:\Users\Jakub\Desktop

Task: {DA98DB1E-A268-4DC4-94DA-57B0F43367F3} - System32\Tasks\{FB2997E8-A7FA-4DCB-90EF-21DDBB5746F0} => C:\Program Files\Adobe\Audition 1.5\Audition.exe

Task: {EAC5753A-4871-4EA1-8BC2-211850EC55B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {F0C13E8C-54C2-4F2D-AA11-9759DBFB5E40} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-12-25] (WiseCleaner.com)

Task: {F5E5BF45-E81D-4E73-9F39-ABE460A0C9FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000Core => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-19] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000Core.job => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3547090968-3412655250-3130215973-1000UA.job => C:\Users\Jakub\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\uElkiLDzkiHO9pBEeuS5UDX.job => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe <==== ATTENTION

Task: C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2010-06-26 13:11 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll

2010-06-26 13:11 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll

2014-11-17 12:29 - 2015-05-29 14:56 - 00128240 _____ () C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe

2015-05-23 15:21 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:6BE50C2B

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\windows\pss\HELP_DECRYPT.PNG.Startup

MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\windows\pss\HELP_DECRYPT.TXT.Startup

MSCONFIG\startupfolder: C:^Users^Krzysztof^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\windows\pss\HELP_DECRYPT.URL.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: bitsmuid => C:\Users\KRZYSZ~1\AppData\Local\Temp\aviccic.exe

MSCONFIG\startupreg: gmsd_pl_27 => "C:\Program Files\gmsd_pl_27\gmsd_pl_27.exe"

MSCONFIG\startupreg: gmsd_pl_28 => "C:\Program Files\gmsd_pl_28\gmsd_pl_28.exe"

MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

MSCONFIG\startupreg: MxDock => C:\Program Files\Maxthon\Modules\MxDock\MxDock.exe

MSCONFIG\startupreg: SPDriver => C:\Program Files\ShopperPro\JSDriver\1461.0.0.0\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{78C833ED-154B-464D-BDD6-F3AB2E46531C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{FC76B2F3-B6E1-4868-BB35-E91DEFE1A8C3}] => (Allow) svchost.exe

FirewallRules: [{893AAFC3-62B4-4413-BB45-1F2AF159869E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{5333E00B-81E4-4CBE-B276-CC2C6785B7D2}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{E78BFA4B-DA06-4828-AF51-02A1F9BDB3BA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{5DED20B0-D96F-417F-9EF7-FA48099C0FF9}] => (Allow) C:\windows\System32\IgrsSvcs.exe

FirewallRules: [{2C59D7BB-9213-4F67-8FBC-F02CFDDBE4C1}] => (Allow) C:\windows\System32\IgrsSvcs.exe

FirewallRules: [{15428514-1DE0-45D2-A038-D348A1698F2D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe

FirewallRules: [{7E85A663-B1E4-4E61-AFA5-9C3F151BC4DE}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe

FirewallRules: [{976F39A6-10B1-4DD5-96BB-A1D687E76A9D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe

FirewallRules: [{8A8AEFFA-083E-408A-B734-DEA5112AA9F6}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

FirewallRules: [{AE4C1B2A-FC7E-46E3-998B-879B816EF5AA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

FirewallRules: [{5FBA402B-8F5C-456F-B6DD-F5F5209CF7D7}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

FirewallRules: [{29023185-7738-4E9C-8AC6-9810A1ACA8CD}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

FirewallRules: [{17C8D95C-BB75-4DED-95C7-BF2EF4E92128}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{D7EE6B8A-41E1-4E5D-B34A-A0ADF2BA0708}] => (Allow) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{8D67E699-405D-4AA9-9915-9353D066F6E4}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{90CEA0BC-24A9-4855-B342-5DEBD70D3064}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{4E73BB8D-0200-4A30-A24B-0EA8FE755A62}C:\program files\elfbot ng\navserv.exe] => (Block) C:\program files\elfbot ng\navserv.exe

FirewallRules: [uDP Query User{22A60B05-6E2A-4D52-BEA3-4B4A19BA0E47}C:\program files\elfbot ng\navserv.exe] => (Block) C:\program files\elfbot ng\navserv.exe

FirewallRules: [TCP Query User{EB52F83D-E5B9-4910-9212-7AEBFE401FCF}D:\gry\counter-strike 1.6\hl.exe] => (Block) D:\gry\counter-strike 1.6\hl.exe

FirewallRules: [uDP Query User{FD4F4A33-C23F-4550-A84C-6FFA7A818516}D:\gry\counter-strike 1.6\hl.exe] => (Block) D:\gry\counter-strike 1.6\hl.exe

FirewallRules: [TCP Query User{878D4448-AE19-4495-A604-99E9449D7C34}D:\gry\counter-strike 1.6\hl.exe] => (Allow) D:\gry\counter-strike 1.6\hl.exe

FirewallRules: [uDP Query User{6D957607-3028-4A19-801B-0B44B94260E4}D:\gry\counter-strike 1.6\hl.exe] => (Allow) D:\gry\counter-strike 1.6\hl.exe

FirewallRules: [{A35FDB3F-D30B-4240-98CD-DD5ACF164715}] => (Allow) C:\Program Files\Steam\Steam.exe

FirewallRules: [{B2511482-A21E-454A-9543-6CD7B0311C44}] => (Allow) C:\Program Files\Steam\Steam.exe

FirewallRules: [{CFD80F58-8143-41A3-A666-4BA81D5A0332}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [{C5463491-D6E5-4473-9CB9-75CF2DB71E4F}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [TCP Query User{F92732FD-1372-4C1C-810E-231DEEBC42D4}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [uDP Query User{F3971148-1197-4F8B-9FF9-9809FB4CA92B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [TCP Query User{526E7F93-6E1E-4209-9729-254B3D46480D}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [uDP Query User{5EE2A2FA-32FC-4698-93E5-8A929A915316}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [{0238DE60-BDCB-4A9C-B723-8C55DFAA2544}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F021395B-8DE2-4B55-AF62-1ABDAF34FD6E}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{4C2DB091-2466-4C08-B440-D464E9E325F1}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{CF9B8263-E372-43CE-93CC-F127E2D09801}] => (Allow) C:\Users\Jakub\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{7085498E-6317-40AA-B2B0-E0A0EA0C60D1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{75A1359A-CEC4-457E-9AF8-34E0765D878F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{110AE83C-982F-4F03-B182-B8EEF4A39A32}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{35A461A7-8A77-4F0A-B8FA-611E1B8065CE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{5D51D9D2-048A-4C96-9B79-5C401DACA542}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe

FirewallRules: [uDP Query User{65601FEF-8026-4B0D-8399-9EF341C434CE}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe

FirewallRules: [TCP Query User{864B53A0-D982-47A8-B4BD-CFB764495558}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe

FirewallRules: [uDP Query User{289BA3CC-965C-4CB3-99C6-9588F05595C8}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe

FirewallRules: [TCP Query User{D9554914-890D-4C49-8A8A-8D46076F545D}C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Block) C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe

FirewallRules: [uDP Query User{2E9F12EE-BDC5-43FB-B9D6-C5218BE95268}C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe] => (Block) C:\users\jakub\appdata\roaming\utorrent\updates\3.4.2_39586.exe

 

==================== Faulty Device Manager Devices =============

 

Name: ccnfd_1_10_0_4

Description: ccnfd_1_10_0_4

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: ccnfd_1_10_0_4

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: Teredo Tunneling Pseudo-Interface

Description: Karta tunelowania Teredo firmy Microsoft

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/29/2015 03:31:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program WINWORDC.EXE w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

 

Identyfikator procesu: d30

 

Godzina rozpoczęcia: 01d09a13b274c52f

 

Godzina zakończenia: 15

 

Ścieżka aplikacji: Q:\140066.plk\Office14\WINWORDC.EXE

 

Identyfikator raportu: 060e3cd7-0607-11e5-9b8c-88ae1d35b691

 

Error: (05/29/2015 03:29:56 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Program FRST.exe w wersji 27.5.2015.1 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

 

Identyfikator procesu: 8c8

 

Godzina rozpoczęcia: 01d09a132feb98cc

 

Godzina zakończenia: 16

 

Ścieżka aplikacji: C:\Users\Krzysztof\Downloads\FRST.exe

 

Identyfikator raportu: b04fd214-0606-11e5-9b8c-88ae1d35b691

 

Error: (05/29/2015 03:01:05 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

(Stream product id=0x0066): Streaming Failed

 

Error: (05/29/2015 02:59:13 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

Too many failures while downloading ranges: 2

 

Error: (05/23/2015 04:43:06 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

Error: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty.

ErrorCode: 14007(0x36b7).

 

Error: (05/23/2015 04:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

(Stream product id=0x0066): Streaming Failed

 

Error: (05/23/2015 04:06:26 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

Too many failures while downloading ranges: 2

 

Error: (05/23/2015 03:57:27 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Tylko informacje.

Too many failures while downloading ranges: 2

 

Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)

Description: Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Wadliwie sformułowany ciąg to 9544. Pierwszy wpis DWORD w sekcji danych (Data) zawiera wartość indeksu wadliwie sformułowanego ciągu, a drugi i trzeci wpis DWORD w sekcji danych zawiera ostatnie prawidłowe wartości indeksu.

 

Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)

Description: Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Wadliwie sformułowany ciąg to 9544. Pierwszy wpis DWORD w sekcji danych (Data) zawiera wartość indeksu wadliwie sformułowanego ciągu, a drugi i trzeci wpis DWORD w sekcji danych zawiera ostatnie prawidłowe wartości indeksu.

 

 

System errors:

=============

Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:

%%-2140993535

 

Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:

%%-2140993535

 

Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:

%%-2140993535

 

Error: (05/29/2015 03:35:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:

%%-2140993535

 

Error: (05/29/2015 03:35:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

 

Error: (05/29/2015 03:35:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

 

Error: (05/29/2015 03:33:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:

%%-2140993535

 

Error: (05/29/2015 03:33:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu:

%%-2140993535

 

Error: (05/29/2015 03:33:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

 

Error: (05/29/2015 03:33:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd:

%%-2140993535

 

 

Microsoft Office:

=========================

Error: (05/29/2015 03:31:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: WINWORDC.EXE0.0.0.0d3001d09a13b274c52f15Q:\140066.plk\Office14\WINWORDC.EXE060e3cd7-0607-11e5-9b8c-88ae1d35b691

 

Error: (05/29/2015 03:29:56 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST.exe27.5.2015.18c801d09a132feb98cc16C:\Users\Krzysztof\Downloads\FRST.exeb04fd214-0606-11e5-9b8c-88ae1d35b691

 

Error: (05/29/2015 03:01:05 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Stream product id=0x0066): Streaming Failed

 

Error: (05/29/2015 02:59:13 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Too many failures while downloading ranges: 2

 

Error: (05/23/2015 04:43:06 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Error: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty.

ErrorCode: 14007(0x36b7).

 

Error: (05/23/2015 04:07:08 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Stream product id=0x0066): Streaming Failed

 

Error: (05/23/2015 04:06:26 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Too many failures while downloading ranges: 2

 

Error: (05/23/2015 03:57:27 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Too many failures while downloading ranges: 2

 

Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)

Description: 954416482500004625000047250000B8010000

 

Error: (05/23/2015 03:41:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: ZARZĄDZANIE NT)

Description: 954416482500004625000047250000B8010000

 

 

==================== Memory info ===========================

 

Processor: Celeron® Dual-Core CPU T3300 @ 2.00GHz

Percentage of memory in use: 79%

Total physical RAM: 2008.6 MB

Available physical RAM: 413.52 MB

Total Pagefile: 4017.2 MB

Available Pagefile: 1944.25 MB

Total Virtual: 2047.88 MB

Available Virtual: 1911.54 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.66 GB) (Free:27.07 GB) NTFS

Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:28.83 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5C765CA1)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

 

==================== End of log ============================

[Miszel03 0]

Mam bardzo niedobre wieść - w systemie działa infekcja Cryptowall 3.0, co więcej: deszyfracja plików jest awykonalna, nawet jeśli zostałą wykonana ich kopia infekcja ta wykorzytsuje technikę nadpisywania danych na dysku co u niemożliwa ich przywrócienie

 

Moja pomoc będzie polegała na usunięciu infekcji, oraz czyszczenia komputera z adware.

 

Na poczatek: Usunięcie infekcji + adware.

 

Akcja:

 

1. Do notatnika wklej i zapisz jako fixlist.txt i kliknij Fix w Interfejsie FRST

Plik fixlist.txt umieść obok programu FRST

 

CloseProcesses:
C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-04-02] ()
C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-04-02] ()
InternetURL: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/1cp42gh
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3547090968-3412655250-3130215973-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 MaintainerSvc6.89.573444; C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321\maintainer.exe [128240 2015-05-29] ()
S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
S1 coacfunv; \??\C:\windows\system32\drivers\coacfunv.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
C:\ProgramData\01e58235-010d-43b1-8340-277d43a75321
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jakub\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Krzysztof\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3547090968-3412655250-3130215973-1003_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe No File
Task: {11FFFF07-8EEB-4B27-A13A-994F0DE39244} - System32\Tasks\uElkiLDzkiHO9pBEeuS5UDX => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe [2015-04-03] () <==== ATTENTION
Task: {5E8CA9D2-DD74-4962-B105-FD0D96571396} - System32\Tasks\{E53D2C34-B562-4B7F-AD53-985AA8992A10} => pcalua.exe -a C:\Users\Jakub\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
Task: C:\windows\Tasks\uElkiLDzkiHO9pBEeuS5UDX.job => C:\Users\Jakub\AppData\Roaming\uElkiLDzkiHO9pBEeuS5UDX.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:6BE50C2B
EmptyTemp:

 

2. Przeglądarka Google Chrome została przekonwertowana z wersji "stabilnej" do "development" - wymagana jest kompleksowa reinstalacja Google Chrome!

 

CHR dev: Chrome dev build detected! <======= ATTENTION

 

Przez panel sterowania odinstaluj:

Google Chrome

I zainstaluj na nowe z tej strony:

Chrome: https://www.google.pl/chrome/browser/desktop/

 

3. Pobierz Eset Online Scanner i wykonaj pełny skan systemu, - wszystko co wykryje poddaj kwaranntanie.

 

Eset Online Scanner: ESET

 

4. Wstaw raport ze skryptu (Fixlog) i raport z Adwclaner (Raport z Adwclaner znajduję się w tym folderze: C:\AdwCleaner) oraz raport z ESET + zrób nowe logi z FRST (Zaznacz też: Addition i ShortCup)