HKLM-Run-SynTPEnh.reg.dat - trojan (?) zeroday.b

Limoni · 29 Sierpnia 2016

Witajcie.

1. Pisze z Linuxa i nie mam polskich liter. Tak w ogole, to pisze, bo zrobilem formata swojemu Windowsowi 7 jak zobaczylem, ze jakies zeroday.b czy inaczej zamula mi komputer. Mialem tam troche prywatnych zdjec i dokumentow waznych.

2. Co moglo sie stac z dokumentami i zdjeciami? Czy byl dostep zdalny do wszystkiego, co bylo na komputerze?

Jak zainterweniowalem skanowaniem systemu to bylo cos takiego:

2016-08-29 03:32:46 . 2016-08-29 03:32:46 0 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2016-08-29 03:31:52 . 2016-08-29 03:31:52 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2016-08-29 03:29:57 . 2016-08-29 04:29:11 13,731 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2016-08-29 03:25:54 . 2016-08-29 04:26:27 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2016-07-11 20:26:07 . 2016-07-11 20:27:27 0 ----a-w- C:\Qoobox\Quarantine\C\END.vir

dzisiaj jak widac, a nie wiem, co to te END.vir i czemu pojawilo sie ponad miesiac temu po instalacji truecrypta i szyfrowaniu systemu

3. ostatnia czynnosc tego kogos to bylo utworzenie MBR_HardDisk0.mbr, to znaczy ze mam zupelnie skazony komputer i musze cos zrobic w mbr'ach?

4. Czy mozliwe, ze ta osoba jest stale podlaczona pod router i wszystkie urzadzenia?

5. W tym samy okresie robilem format iphone i ipada. czy to mozliwe, zeby tez byly skazone?

Addition_25-07-2016_20-42-37

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by chemlab (2016-07-25 20:41:37)
Running from C:\Users\chemlab\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-11 17:08:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3088884697-2617029356-1196926899-500 - Administrator - Disabled) => C:\Users\Administrator
chemlab (S-1-5-21-3088884697-2617029356-1196926899-1000 - Administrator - Enabled) => C:\Users\chemlab
Guest (S-1-5-21-3088884697-2617029356-1196926899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3088884697-2617029356-1196926899-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{574634E2-87F7-1DC7-082B-483C41E4989E}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Democracy 3 (HKLM-x32\...\GOGPACKDEMOCRACY3_is1) (Version: 2.0.0.3 - GOG.com)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{9945F35E-85EF-4759-A95C-2E10AA34EA58}) (Version: 3.1.1 - Hewlett-Packard)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 pl)) (Version: 47.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Oprogramowanie Intel® PROSet/Wireless WiFi (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.317.0 - Tracker Software Products (Canada) Ltd.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Wiedźmin Edycja Rozszerzona (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0213B6CF-D99C-42AB-ACFF-8B4728F35EC8} - System32\Tasks\{1CA2EA76-372A-4D2B-9104-184CF00D54CE} => pcalua.exe -a C:\Users\chemlab\Desktop\TWEE_Upgrade.exe -d C:\Users\chemlab\Desktop
Task: {8DE88D9B-3F8F-48D8-97C4-AAD8C62FC4EC} - System32\Tasks\{DBB73FD7-910B-4F22-BCC0-0905209DFF2D} => pcalua.exe -a E:\sp55086.exe -d E:\
Task: {9C6CA8E2-9B31-4D7F-8229-DD5D230D6592} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-03-25 17:28 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-10 17:23 - 2016-06-10 17:23 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-12 23:40 - 2011-04-12 23:40 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-07-11 21:01 - 2016-07-11 21:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f3fe53ec4c0c7aa33e716ad6727579a2\IsdiInterop.ni.dll
2016-07-11 21:01 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2016-07-25 16:04 - 2016-07-25 16:04 - 19483328 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3088884697-2617029356-1196926899-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3088884697-2617029356-1196926899-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 62.179.1.63 - 62.179.1.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8D0F903A-991A-4CED-A993-86128AD3144F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{092AAB71-E868-45F5-A754-803CDBEDA6B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BA4F734-0A1C-44FE-BF9C-5DFCAEB63219}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D89C62B9-9AB7-41B4-9619-EE746C1EEEF8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{DECA44F3-C17B-4672-BF4E-9F0DFB2A7244}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3209F816-C333-4E2D-AEAD-83199757DF0A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{8D42D37F-CAAC-464C-A7AF-721395B8E6DA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

==================== Restore Points =========================

15-07-2016 23:24:30 Installed iTunes
15-07-2016 23:41:41 Removed iTunes
15-07-2016 23:45:54 Removed iTunes
15-07-2016 23:53:57 Installed iTunes
16-07-2016 01:14:39 Removed iTunes
16-07-2016 01:17:49 Removed Apple Software Update
16-07-2016 01:18:42 Removed Apple Application Support (32-bit)
16-07-2016 01:21:40 Removed Apple Application Support (64-bit)
16-07-2016 01:27:44 Removed Apple Mobile Device Support
16-07-2016 01:28:48 Removed Bonjour
21-07-2016 10:33:46 Installed PDF-XChange Viewer

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: hp CDDVDW TS-L633J
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Centrino® Wireless-N 1030
Description: Intel® Centrino® Wireless-N 1030
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2016 08:33:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:33:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:33:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:32:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:32:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:09:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:06:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:06:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/25/2016 08:01:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (07/25/2016 07:50:23 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (07/25/2016 07:43:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/25/2016 06:08:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/25/2016 04:27:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:27:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:26:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:26:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:25:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:25:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/25/2016 04:25:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

CodeIntegrity:
===================================
Date: 2016-07-25 18:52:25.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.164
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 18:52:25.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-25 16:27:10.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 4043.83 MB
Available physical RAM: 1675.56 MB
Total Virtual: 8085.86 MB
Available Virtual: 5301.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.17 GB) (Free:521.92 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A7C5DE94)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Add-Remove Programs

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 22 NPAPI
Apple Application Support (32-bit)
Apple Software Update
BitRaider Streaming Client
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ESU for Microsoft Windows 7 SP1
Exif Tag Remover 5.1
HP SimplePass 2012
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Kaspersky Anti-Virus
Malwarebytes Anti-Malware wersja 2.2.1.1043
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 48.0.2 (x86 pl)
Notepad++
PowerISO
PX Profile Update
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Star Wars The Old Republic
Star Wars: The Old Republic
TrueCrypt

KASPERSky nie zauwazal niczego ani Malwarebytes

Jedynie Combofix znalazl cos:

ComboFix 16-08-21.02 - chemlab 2016-08-29 5:27.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1033.18.4044.2971 [GMT 2:00]
Uruchomiony z: c:\users\chemlab\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Anti-Virus *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Pliki utworzone od 2016-07-28 do 2016-08-29 )))))))))))))))))))))))))))))))
.
.
2016-08-29 03:31 . 2016-08-29 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-08-29 03:31 . 2016-08-29 03:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-08-27 22:59 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2016-08-27 22:59 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2016-08-27 22:59 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2016-08-27 22:59 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2016-08-27 22:58 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2016-08-27 22:58 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2016-08-27 22:58 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2016-08-27 22:58 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-08-27 22:58 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2016-08-27 22:58 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-08-27 22:58 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2016-08-27 22:58 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-08-27 22:58 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2016-08-27 22:58 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-08-25 09:21 . 2016-08-25 09:21 14792 ----a-w- c:\program files (x86)\Mozilla Firefox\qipcap.dll
2016-08-23 13:53 . 2016-08-23 13:53 192216 ----a-w- c:\windows\system32\drivers\74EE7FC5.sys
2016-08-22 11:51 . 2016-08-22 11:51 192216 ----a-w- c:\windows\system32\drivers\5EC4540C.sys
2016-08-20 13:24 . 2016-08-29 03:05 -------- d-----w- c:\program files (x86)\IDoser v4
2016-08-16 12:51 . 2016-08-16 12:51 192216 ----a-w- c:\windows\system32\drivers\63492D2F.sys
2016-08-14 23:10 . 2016-08-14 23:10 -------- d-----w- c:\windows\Migration
2016-08-14 22:22 . 2016-08-14 22:22 -------- d-----w- c:\program files (x86)\Reference Assemblies
2016-08-14 22:22 . 2016-08-14 22:22 -------- d-----w- c:\program files (x86)\MSBuild
2016-08-14 22:22 . 2016-08-14 22:22 -------- d-----w- c:\program files\Reference Assemblies
2016-08-14 22:22 . 2016-08-14 22:22 -------- d-----w- c:\program files\MSBuild
2016-08-14 21:39 . 2016-08-14 21:39 -------- d-----w- c:\program files\Eraser
2016-08-14 21:16 . 2016-08-14 21:16 -------- d-----w- c:\windows\SysWow64\BestPractices
2016-08-14 21:16 . 2016-08-14 21:16 -------- d-----w- c:\windows\system32\BestPractices
2016-08-14 21:16 . 2016-08-14 21:16 -------- d-----w- C:\inetpub
2016-08-14 20:14 . 2016-08-27 08:37 -------- d-----w- c:\users\chemlab\AppData\Local\gtk-2.0
2016-08-14 20:14 . 2016-08-14 20:14 -------- d-----w- c:\users\chemlab\.thumbnails
2016-08-14 20:09 . 2016-08-14 20:09 -------- d-----w- c:\users\chemlab\AppData\Local\fontconfig
2016-08-14 20:09 . 2016-08-27 08:39 -------- d-----w- c:\users\chemlab\.gimp-2.8
2016-08-14 20:09 . 2016-08-14 20:09 -------- d-----w- c:\users\chemlab\AppData\Local\gegl-0.2
2016-08-14 20:04 . 2016-08-14 20:05 -------- d-----w- c:\program files\GIMP 2
2016-08-14 18:38 . 2016-08-14 18:38 -------- d-----w- c:\program files (x86)\Exif Tag Remover
2016-08-14 18:38 . 2004-03-08 21:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.ocx
2016-08-14 18:34 . 2016-08-14 18:35 -------- d-----w- c:\users\chemlab\AppData\Local\CyberGhost
2016-08-14 18:32 . 2016-08-14 18:33 -------- d-----w- c:\program files\TAP-Windows
2016-08-14 18:09 . 2016-08-22 11:14 -------- d-----w- c:\program files\CyberGhost 6
2016-08-13 23:53 . 2016-08-14 22:14 -------- d-----w- c:\users\chemlab\AppData\Local\Eraser 6
2016-08-13 23:22 . 2013-05-06 06:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-08-13 23:22 . 2016-08-13 23:22 -------- d-----w- c:\windows\ELAMBKUP
2016-08-13 23:22 . 2016-08-13 23:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-08-13 23:22 . 2016-08-16 12:19 1001304 ----a-w- c:\windows\system32\drivers\klif.sys
2016-08-13 23:22 . 2015-12-11 15:28 182152 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-08-13 23:02 . 2016-04-19 09:23 184512 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2016-08-05 23:45 . 2014-12-03 02:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2016-08-05 23:45 . 2014-12-03 02:01 206104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2016-08-05 23:45 . 2014-12-03 02:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2016-08-05 23:45 . 2014-12-03 02:01 110488 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2016-08-05 23:44 . 2016-08-05 23:44 -------- d-----w- c:\program files\SAMSUNG
2016-08-05 23:43 . 2016-08-05 23:43 -------- d-----w- c:\programdata\Samsung
2016-08-05 23:19 . 2016-08-05 23:19 -------- d-----w- c:\users\chemlab\AppData\Roaming\Shuame
2016-08-05 23:01 . 2016-08-05 23:01 -------- d-----w- c:\users\chemlab\.android
2016-08-05 20:51 . 2016-08-05 21:12 192216 ----a-w- c:\windows\system32\drivers\1E7240F5.sys
2016-08-04 20:38 . 2016-08-25 07:29 -------- d-----w- c:\users\chemlab\AppData\Roaming\vlc
2016-08-04 20:33 . 2016-08-04 20:33 -------- d-----w- c:\program files\VideoLAN
2016-08-04 20:12 . 2016-08-04 20:12 -------- d-----w- c:\program files (x86)\iTunes
2016-08-04 20:12 . 2016-08-04 20:12 -------- d-----w- c:\program files\iPod
2016-08-04 20:12 . 2016-08-04 20:13 -------- d-----w- c:\program files\iTunes
2016-08-04 20:10 . 2016-08-04 20:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2016-08-04 20:10 . 2016-08-04 20:10 -------- d-----w- c:\program files\Bonjour
2016-08-04 20:10 . 2016-08-04 20:10 -------- d-----w- c:\program files (x86)\Bonjour
2016-08-04 20:10 . 2016-08-04 20:12 -------- d-----w- c:\program files\Common Files\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-29 03:10 . 2016-07-11 18:16 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-16 12:19 . 2015-12-03 09:10 110424 ----a-w- c:\windows\system32\drivers\klwtp.sys
2016-08-16 12:18 . 2016-05-05 15:13 236888 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-07-29 14:51 . 2016-07-29 14:51 192216 ----a-w- c:\windows\system32\drivers\337B0A92.sys
2016-07-25 20:10 . 2016-07-25 19:33 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-25 20:10 . 2016-07-25 19:33 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-15 11:51 . 2016-07-15 11:51 192216 ----a-w- c:\windows\system32\drivers\6AEF3AEA.sys
2016-07-14 12:43 . 2016-07-14 12:43 29376 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-07-14 12:43 . 2016-07-14 12:43 18592 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-07-14 12:43 . 2016-07-14 12:43 18592 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-07-14 12:43 . 2016-07-14 12:43 18592 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-07-14 12:37 . 2016-07-14 12:37 30912 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-07-14 12:37 . 2016-07-14 12:37 18600 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-07-14 12:37 . 2016-07-14 12:37 18600 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-07-14 12:37 . 2016-07-14 12:37 18600 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-07-11 18:25 . 2016-07-11 18:25 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2016-07-11 1516496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-12 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 AVP16.0.1;Us³uga Kaspersky Anti-Virus 16.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 CG6Service;CyberGhost 6 Service;c:\program files\CyberGhost 6\CyberGhost.Service.exe;c:\program files\CyberGhost 6\CyberGhost.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 klvssbrigde64;klvssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-07-26 176952]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
------- Skan uzupe³niaj¹cy -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
FF - ProfilePath - c:\users\chemlab\AppData\Roaming\Mozilla\Firefox\Profiles\zhgjm2zd.default\
.
- - - - USUNIÊTO PUSTE WPISY - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukoñczenia: 2016-08-29 05:32:46
ComboFix-quarantined-files.txt 2016-08-29 03:32
.
Przed: 546 004 836 352 bytes free
Po: 545 860 177 920 bytes free
.
- - End Of File - - 1F166B9480E98DA32A8B3111A5B94F22

Tak jak na poczatku znalazlem w kwarantannie combofixa:

catchme i END.vir

na dodatek mialem zalozony folder IIS serwer razem z plikami jakimis.

Moje glowne pytanie brzmi, co sie stalo, co moglo zostac ukradzione (pliki, zdjecia, dane, dokumenty, hasla?)?

Czy nadal cos mi grozi?

edit: wlasciwie to nie zrobilem formata, tylko wyczyscilem dysk i pisze do Was z live usb

edit2: Prosze moderatora o zmiane tytulu tematu z "zeroday.b" na zeroaccess.b

filutka78 · 29 Sierpnia 2016

C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

To wygląda tylko na pozostałości po skanowaniu jakiegoś narzędzia, np. "mbr.exe", albo Kasperskiego, albo MBAM.

Nie widzę w tym niczego podejrzanego.

Zrób log z TDSSKiller http://forum.pclab.pl/topic/896975-Narz%C4%99dzia-u%C5%BCywane-do-dezynfekcji/page__p__11846322entry11846322

Brak logu FRST.txt - uzupełnij to.

Logi (tekst) wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów)

F.

Zaloguj się

Temat został przeniesiony do archiwum

HKLM-Run-SynTPEnh.reg.dat - trojan (?) zeroday.b

Rekomendowane odpowiedzi

Limoni 0

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

filutka78 11

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Ostatnio przeglądający 0 użytkowników

Tematy

Odpowiedzi

Aktywni użytkownicy

Przeglądaj

Aktywność