Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2013 Ran by mati at 2013-12-10 16:21:00 Run:1 Running from C:\Users\mati\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Task: {3D638DC8-A812-40C0-A73A-6C3C605800B8} - System32\Tasks\{7F62A6E8-11D9-4E8E-8840-E54438E8AAB3} => C:\Users\mati\Desktop\CW.eXe Task: {4F2FB7A7-0233-407A-AE42-ADA64A711242} - System32\Tasks\{DF8F4B2D-E371-4E1F-A673-09F69CD657B3} => C:\Users\mati\Desktop\CW.eXe Task: {6D1FAAC8-13C0-40D6-8BE2-61D3A4710311} - \DealPlyUpdate No Task File Task: {8684B747-1DEC-4C51-B873-7F4952D9365E} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {9A8E4271-D566-46B5-81DE-DDB18CDB5736} - System32\Tasks\{3CE8F943-FF9B-4513-AC3F-EF3465D9ABCB} => C:\Users\mati\Desktop\Windows Loader\Windows Loader.exe Task: {9AF2A33E-5A79-44AE-99C1-4EA55360335B} - System32\Tasks\{B0333B40-1455-4644-AC85-1FF819DCCEA3} => C:\Users\mati\Desktop\Windows Loader\Windows Loader.exe Task: {EA53A5AE-3766-469F-8812-535751DBCD5F} - \Program aktualizacji online firmy Adobe. No Task File Task: {FC11F15A-1E4B-49F0-BDB6-6A3F9A75E16F} - System32\Tasks\{3D7BB322-38DF-41E8-9CFB-D0D5F2905237} => C:\Users\mati\Desktop\Windows Loader\Windows Loader.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59056029.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59056029.sys => ""="Driver" R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies) S1 EIO64; system32\DRIVERS\EIO64.sys [x] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] C:\Windows\system32\drivers\avgtpx64.sys C:\Users\mati\Downloads\keylogger-3-0.exe C:\Users\mati\AppData\Roaming\syslog C:\Users\mati\AppData\Local\SwvUpdater C:\Users\mati\AppData\Local\Google\Chrome CMD: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f CMD: netstat -ano ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => Key deleted successfully. C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D638DC8-A812-40C0-A73A-6C3C605800B8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D638DC8-A812-40C0-A73A-6C3C605800B8} => Key deleted successfully. C:\Windows\System32\Tasks\{7F62A6E8-11D9-4E8E-8840-E54438E8AAB3} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F62A6E8-11D9-4E8E-8840-E54438E8AAB3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F2FB7A7-0233-407A-AE42-ADA64A711242} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F2FB7A7-0233-407A-AE42-ADA64A711242} => Key deleted successfully. C:\Windows\System32\Tasks\{DF8F4B2D-E371-4E1F-A673-09F69CD657B3} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF8F4B2D-E371-4E1F-A673-09F69CD657B3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D1FAAC8-13C0-40D6-8BE2-61D3A4710311} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D1FAAC8-13C0-40D6-8BE2-61D3A4710311} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8684B747-1DEC-4C51-B873-7F4952D9365E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8684B747-1DEC-4C51-B873-7F4952D9365E} => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A8E4271-D566-46B5-81DE-DDB18CDB5736} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A8E4271-D566-46B5-81DE-DDB18CDB5736} => Key deleted successfully. C:\Windows\System32\Tasks\{3CE8F943-FF9B-4513-AC3F-EF3465D9ABCB} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CE8F943-FF9B-4513-AC3F-EF3465D9ABCB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AF2A33E-5A79-44AE-99C1-4EA55360335B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF2A33E-5A79-44AE-99C1-4EA55360335B} => Key deleted successfully. C:\Windows\System32\Tasks\{B0333B40-1455-4644-AC85-1FF819DCCEA3} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B0333B40-1455-4644-AC85-1FF819DCCEA3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA53A5AE-3766-469F-8812-535751DBCD5F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA53A5AE-3766-469F-8812-535751DBCD5F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe. => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC11F15A-1E4B-49F0-BDB6-6A3F9A75E16F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC11F15A-1E4B-49F0-BDB6-6A3F9A75E16F} => Key deleted successfully. C:\Windows\System32\Tasks\{3D7BB322-38DF-41E8-9CFB-D0D5F2905237} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D7BB322-38DF-41E8-9CFB-D0D5F2905237} => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\59056029.sys => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\59056029.sys => Key deleted successfully. avgtp => Service deleted successfully. EIO64 => Service deleted successfully. GGSAFERDriver => Service deleted successfully. RimUsb => Service deleted successfully. C:\Windows\system32\drivers\avgtpx64.sys => Moved successfully. "C:\Users\mati\Downloads\keylogger-3-0.exe" => File/Directory not found. C:\Users\mati\AppData\Roaming\syslog => Moved successfully. C:\Users\mati\AppData\Local\SwvUpdater => Moved successfully. C:\Users\mati\AppData\Local\Google\Chrome => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja uko�czona pomy�lnie. ========= End of CMD: ========= ========= netstat -ano ========= Aktywne po��czenia Protok�� Adres lokalny Obcy adres Stan PID TCP 0.0.0.0:135 0.0.0.0:0 NAS�UCHIWANIE 828 TCP 0.0.0.0:445 0.0.0.0:0 NAS�UCHIWANIE 4 TCP 0.0.0.0:1025 0.0.0.0:0 NAS�UCHIWANIE 492 TCP 0.0.0.0:1026 0.0.0.0:0 NAS�UCHIWANIE 956 TCP 0.0.0.0:1027 0.0.0.0:0 NAS�UCHIWANIE 568 TCP 0.0.0.0:1028 0.0.0.0:0 NAS�UCHIWANIE 436 TCP 0.0.0.0:1054 0.0.0.0:0 NAS�UCHIWANIE 548 TCP 0.0.0.0:5357 0.0.0.0:0 NAS�UCHIWANIE 4 TCP 0.0.0.0:12025 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12110 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12119 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12143 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12465 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12563 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12993 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:12995 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 0.0.0.0:27275 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:1029 127.0.0.1:1030 USTANOWIONO 1852 TCP 127.0.0.1:1030 127.0.0.1:1029 USTANOWIONO 1852 TCP 127.0.0.1:3323 127.0.0.1:3324 USTANOWIONO 2652 TCP 127.0.0.1:3324 127.0.0.1:3323 USTANOWIONO 2652 TCP 127.0.0.1:5354 0.0.0.0:0 NAS�UCHIWANIE 2184 TCP 127.0.0.1:6187 127.0.0.1:6188 CZAS_OCZEKIWANIA 0 TCP 127.0.0.1:6191 127.0.0.1:6192 CZAS_OCZEKIWANIA 0 TCP 127.0.0.1:12025 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12080 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12080 127.0.0.1:6176 CZAS_OCZEKIWANIA 0 TCP 127.0.0.1:12080 127.0.0.1:6189 CZAS_OCZEKIWANIA 0 TCP 127.0.0.1:12110 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12119 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12143 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12465 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12563 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12993 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:12995 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 127.0.0.1:27015 0.0.0.0:0 NAS�UCHIWANIE 2028 TCP 127.0.0.1:27275 0.0.0.0:0 NAS�UCHIWANIE 1288 TCP 192.168.1.100:139 0.0.0.0:0 NAS�UCHIWANIE 4 TCP 192.168.1.100:3459 69.171.235.16:443 USTANOWIONO 2652 TCP 192.168.1.100:6179 31.13.81.97:443 USTANOWIONO 2652 TCP 192.168.1.100:6180 87.106.241.149:80 CZAS_OCZEKIWANIA 0 TCP 192.168.1.100:6181 23.14.92.209:443 USTANOWIONO 2652 TCP [::]:135 [::]:0 NAS�UCHIWANIE 828 TCP [::]:445 [::]:0 NAS�UCHIWANIE 4 TCP [::]:1025 [::]:0 NAS�UCHIWANIE 492 TCP [::]:1026 [::]:0 NAS�UCHIWANIE 956 TCP [::]:1027 [::]:0 NAS�UCHIWANIE 568 TCP [::]:1028 [::]:0 NAS�UCHIWANIE 436 TCP [::]:1054 [::]:0 NAS�UCHIWANIE 548 TCP [::]:3587 [::]:0 NAS�UCHIWANIE 4624 TCP [::]:5357 [::]:0 NAS�UCHIWANIE 4 TCP [::1]:12025 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12080 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12110 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12119 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12143 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12465 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12563 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12993 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:12995 [::]:0 NAS�UCHIWANIE 1288 TCP [::1]:27275 [::]:0 NAS�UCHIWANIE 1288 UDP 0.0.0.0:500 *:* 436 UDP 0.0.0.0:3702 *:* 2140 UDP 0.0.0.0:3702 *:* 348 UDP 0.0.0.0:3702 *:* 348 UDP 0.0.0.0:3702 *:* 2140 UDP 0.0.0.0:4500 *:* 436 UDP 0.0.0.0:5355 *:* 1188 UDP 0.0.0.0:52209 *:* 2140 UDP 0.0.0.0:52211 *:* 348 UDP 0.0.0.0:52213 *:* 348 UDP 0.0.0.0:61345 *:* 2184 UDP 127.0.0.1:1900 *:* 2140 UDP 127.0.0.1:44301 *:* 2348 UDP 127.0.0.1:58426 *:* 2140 UDP 127.0.0.1:61342 *:* 2028 UDP 127.0.0.1:61343 *:* 2028 UDP 127.0.0.1:61344 *:* 1816 UDP 192.168.1.100:137 *:* 4 UDP 192.168.1.100:138 *:* 4 UDP 192.168.1.100:1900 *:* 2140 UDP 192.168.1.100:5353 *:* 2184 UDP 192.168.1.100:58425 *:* 2140 UDP [::]:500 *:* 436 UDP [::]:3540 *:* 4624 UDP [::]:3702 *:* 348 UDP [::]:3702 *:* 2140 UDP [::]:3702 *:* 348 UDP [::]:3702 *:* 2140 UDP [::]:4500 *:* 436 UDP [::]:5355 *:* 1188 UDP [::]:52210 *:* 2140 UDP [::]:52212 *:* 348 UDP [::]:52214 *:* 348 UDP [::]:61346 *:* 2184 UDP [::1]:1900 *:* 2140 UDP [::1]:5353 *:* 2184 UDP [::1]:58424 *:* 2140 UDP [fe80::476:4963:d339:1aae%13]:546 *:* 956 UDP [fe80::476:4963:d339:1aae%13]:1900 *:* 2140 UDP [fe80::476:4963:d339:1aae%13]:58423 *:* 2140 ========= End of CMD: ========= The system needs a manual reboot. ==== End of Fixlog ====