Jump to content

Recommended Posts

Hi there. I noticed my computer running slowly and the Task Manager has been showing 100% CPU usage most of the time today. Surely enough, there's a svchost.exe (in Temp folder) process hogging the CPU and Malwarebytes detects it as a trojan. I tried various tools, but the process always reappears after a restart.

 

Here are the Farbar logs (there is some Polish in the logs, hope that's not a problem):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Alicja (administrator) on NOVASTAR on 17-01-2015 19:08:07
Running from C:\Users\Alicja\Desktop
Loaded Profiles: Alicja (Available profiles: Alicja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Flux Software LLC) C:\Users\Alicja\AppData\Local\FluxSoftware\Flux\flux.exe
(Doublevil) C:\Program Files (x86)\Houhou SRS\Houhou SRS.exe
() C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Google Inc.) E:\Gmail Notifier\gnotify.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(RPA Technology) C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\Temp\svchost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => E:\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Run: [DAEMON Tools Lite] => E:\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Run: [f.lux] => C:\Users\Alicja\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Run: [Houhou SRS Tray] => C:\Program Files (x86)\Houhou SRS\Houhou SRS.exe [1205248 2015-01-10] (Doublevil)
HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\MountPoints2: G - G:\autorun.exe
Startup: C:\Users\Alicja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Asystent menedżera zawartości dla PlayStation®.lnk
ShortcutTarget: Asystent menedżera zawartości dla PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:
========
FF ProfilePath: C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\oshiete-goo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\rakuten.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-jp-auctions.xml
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\rikaichan-jpen@polarcloud.com [2014-05-16]
FF Extension: Rikaichan Japanese Names Dictionary File - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\rikaichan-jpnames@polarcloud.com [2014-05-16]
FF Extension: Rikaichan - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2014-05-16]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-06-12]
FF Extension: Tumblr Savior - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-09-02]
FF Extension: Suppon Nabe - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\suppon_nabe@what.about.clyde.xpi [2014-05-16]
FF Extension: LeechBlock - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-06-07]
FF Extension: Adblock Plus - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
FF Extension: Greasemonkey - C:\Users\Alicja\AppData\Roaming\Mozilla\Firefox\Profiles\lw29saop.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-04-10]
CHR Extension: (Tampermonkey) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-02-06]
CHR Extension: (Video Downloader professional) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-03-30]
CHR Extension: (AdBlock) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-01]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-18]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2013-03-01]
CHR Extension: (rikaikun) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-03-30]
CHR Extension: (Google ウォレット) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Todo.ly) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2013-03-01]
CHR Extension: (WaniKani Notifier Redux) - C:\Users\Alicja\AppData\Local\Google\Chrome\User Data\Default\Extensions\objmjhmkpipkgollnfnabdneiihdnafj [2014-02-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DAUpdaterSvc; E:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-12-28] (BioWare)
S2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3377568 2014-05-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-23] (DT Soft Ltd)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [58360 2012-11-26] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ALSysIO; \??\C:\Users\Alicja\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
S3 WinRing0_1_2_0; \??\E:\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 19:08 - 2015-01-17 19:08 - 00018795 _____ () C:\Users\Alicja\Desktop\FRST.txt
2015-01-17 19:03 - 2015-01-17 19:08 - 00000000 ____D () C:\FRST
2015-01-17 19:01 - 2015-01-17 19:01 - 02125824 _____ (Farbar) C:\Users\Alicja\Desktop\FRST64.exe
2015-01-17 18:48 - 2015-01-17 18:48 - 00285336 _____ () C:\Windows\Minidump\011715-188484-01.dmp
2015-01-17 18:46 - 2015-01-17 18:46 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-17 18:42 - 2015-01-17 18:42 - 00011538 _____ () C:\Windows\system32\.crusader
2015-01-17 18:18 - 2015-01-17 18:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-17 18:18 - 2015-01-17 18:19 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-17 18:17 - 2015-01-17 18:18 - 11225840 _____ (SurfRight B.V.) C:\Users\Alicja\Desktop\HitmanPro_x64.exe
2015-01-17 17:46 - 2015-01-17 18:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 17:46 - 2015-01-17 17:46 - 00000000 ____D () C:\Users\Alicja\Desktop\MBAM
2015-01-17 17:18 - 2015-01-17 18:49 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2015-01-17 16:14 - 2015-01-17 16:14 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 16:07 - 2015-01-17 16:07 - 01188194 _____ () C:\Users\Alicja\Desktop\ProcessExplorer.zip
2015-01-17 16:07 - 2015-01-17 16:07 - 00000000 ____D () C:\Users\Alicja\Desktop\ProcessExplorer
2015-01-15 20:28 - 2015-01-15 20:28 - 00120563 _____ () C:\Users\Alicja\Desktop\British Culture 2014-2015.odt
2015-01-15 19:39 - 2015-01-15 19:39 - 00014279 _____ () C:\Users\Alicja\Desktop\wtf.odt
2015-01-14 21:05 - 2015-01-14 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 13:17 - 2015-01-15 20:28 - 00109486 _____ () C:\Users\Alicja\Desktop\Kultura Japonii 2014-2015.odt
2015-01-13 22:28 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 22:28 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 22:28 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 22:28 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 22:28 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 22:28 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 22:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:28 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:28 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 22:28 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 22:28 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:28 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:41 - 2015-01-13 13:44 - 06922447 _____ () C:\Users\Alicja\Desktop\Klagmar's Top VGM #1,682 - UnderTale - Heartache.m4a
2015-01-13 13:40 - 2015-01-13 13:44 - 09596225 _____ () C:\Users\Alicja\Desktop\BRYNHILDR IN THE DARKNESS -Ver. EJECTED- FULL.m4a
2015-01-13 13:40 - 2015-01-13 13:40 - 06117878 _____ () C:\Users\Alicja\Desktop\BRYNHILDR IN THE DARKNESS -Ver. EJECTED- FULL.mp4
2015-01-10 20:05 - 2015-01-10 20:12 - 00000000 ____D () C:\Users\Alicja\Desktop\GRAZIA
2015-01-09 18:49 - 2015-01-15 19:13 - 00062292 _____ () C:\Windows\temp023423.vbe
2015-01-07 12:54 - 2015-01-07 13:41 - 00076443 _____ () C:\Users\Alicja\Desktop\guns.odt
2015-01-07 12:25 - 2015-01-07 12:25 - 00000842 _____ () C:\Users\Alicja\Desktop\quesetions.txt
2014-12-28 18:49 - 2014-12-28 18:49 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-24 17:13 - 2014-12-24 17:13 - 00000202 _____ () C:\Users\Alicja\Desktop\Saints Row IV.url
2014-12-22 23:01 - 2014-12-22 23:01 - 00000202 _____ () C:\Users\Alicja\Desktop\Hatoful Boyfriend.url
2014-12-21 23:14 - 2014-12-21 23:14 - 00000000 ____D () C:\Users\Alicja\AppData\Local\Doublevil
2014-12-21 23:11 - 2015-01-17 19:10 - 00000000 ____D () C:\Users\Alicja\Documents\Houhou
2014-12-21 23:11 - 2015-01-17 18:50 - 00000000 ____D () C:\ProgramData\Houhou SRS
2014-12-21 23:11 - 2014-12-21 23:11 - 00000000 ____D () C:\Users\Alicja\AppData\Local\Houhou SRS
2014-12-21 23:10 - 2015-01-15 19:41 - 00001031 _____ () C:\Users\Public\Desktop\Houhou SRS.lnk
2014-12-21 23:10 - 2015-01-15 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Houhou SRS
2014-12-21 23:10 - 2015-01-15 19:41 - 00000000 ____D () C:\Program Files (x86)\Houhou SRS
2014-12-18 14:11 - 2014-12-18 14:22 - 1006726848 _____ () C:\Users\Alicja\Desktop\Mewtwo Strikes Back.mp4
2014-12-18 14:00 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:00 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 19:03 - 2009-07-14 05:51 - 00778442 _____ () C:\Windows\setupact.log
2015-01-17 18:57 - 2012-04-14 22:15 - 00000000 ____D () C:\Users\Alicja\AppData\Roaming\BitTorrent
2015-01-17 18:57 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 18:57 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 18:56 - 2012-10-25 18:38 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 18:53 - 2012-04-09 22:24 - 01102597 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 18:50 - 2012-05-05 11:05 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-01-17 18:48 - 2012-10-25 18:38 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 18:48 - 2012-06-02 22:01 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 18:48 - 2012-05-05 11:05 - 00000000 ____D () C:\ProgramData\Giraffic
2015-01-17 18:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 18:45 - 2012-08-30 15:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-17 18:45 - 2012-04-09 13:10 - 00243318 _____ () C:\Windows\PFRO.log
2015-01-17 18:23 - 2012-04-09 10:38 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 18:12 - 2014-06-16 18:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 17:46 - 2014-06-16 18:36 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 17:15 - 2012-05-10 16:51 - 00000000 ____D () C:\Users\Alicja\AppData\Local\CRE
2015-01-17 16:30 - 2014-06-16 18:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 16:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-01-17 16:14 - 2014-06-16 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 16:12 - 2012-07-16 23:10 - 00007620 _____ () C:\Users\Alicja\AppData\Local\Resmon.ResmonCfg
2015-01-17 15:56 - 2012-04-15 13:16 - 00000000 ____D () C:\Users\Alicja\Documents\Anki
2015-01-17 15:09 - 2012-08-30 17:33 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-17 15:07 - 2014-05-16 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 19:13 - 2014-09-08 20:52 - 00000000 ____D () C:\ProgramData\Origin
2015-01-14 23:23 - 2012-04-09 10:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 23:23 - 2012-04-09 10:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 23:23 - 2012-04-09 10:38 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 23:18 - 2013-08-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 23:08 - 2012-04-09 13:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:14 - 2013-10-11 17:57 - 00000000 ____D () C:\Users\Alicja\Desktop\studia
2014-12-31 12:14 - 2012-04-09 11:09 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 23:14 - 2009-07-14 18:55 - 00750048 _____ () C:\Windows\system32\perfh015.dat
2014-12-28 23:14 - 2009-07-14 18:55 - 00161526 _____ () C:\Windows\system32\perfc015.dat
2014-12-28 23:14 - 2009-07-14 06:13 - 01699354 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 17:12 - 2012-04-14 19:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-21 17:06 - 2014-11-22 22:36 - 00000868 _____ () C:\Users\Alicja\Desktop\Handbrake.lnk
2014-12-18 14:11 - 2014-04-22 17:06 - 00000000 ____D () C:\Users\Alicja\AppData\Roaming\HandBrake

==================== Files in the root of some directories =======
2013-01-29 15:17 - 2013-01-29 15:17 - 0703117 _____ () C:\Users\Alicja\AppData\Roaming\technic-launcher.jar
2013-09-10 20:17 - 2013-09-10 20:17 - 0000037 ___SH () C:\Users\Alicja\AppData\Local\70149b02515b3bb20dd492.47983420
2012-06-07 21:02 - 2012-06-07 21:02 - 0000094 _____ () C:\Users\Alicja\AppData\Local\fusioncache.dat
2012-11-29 18:18 - 2012-11-29 18:18 - 0000600 _____ () C:\Users\Alicja\AppData\Local\PUTTY.RND
2014-02-27 21:34 - 2014-02-27 21:34 - 0006367 _____ () C:\Users\Alicja\AppData\Local\recently-used.xbel
2012-07-16 23:10 - 2015-01-17 16:12 - 0007620 _____ () C:\Users\Alicja\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Alicja\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Alicja\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Alicja\AppData\Local\Temp\lowproc.exe
C:\Users\Alicja\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Alicja\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Alicja\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Alicja\AppData\Local\Temp\nvStInst.exe
C:\Users\Alicja\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Alicja\AppData\Local\Temp\stubhelper.dll
C:\Users\Alicja\AppData\Local\Temp\unins000.exe
C:\Users\Alicja\AppData\Local\Temp\_is7AA6.exe
C:\Users\Alicja\AppData\Local\Temp\_isFCD4.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-07 13:32

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Alicja at 2015-01-17 19:10:27
Running from C:\Users\Alicja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Aegisub 3.1.3 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.1.3 - Aegisub Team)
Aktualizacje NVIDIA 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )
Anki (HKLM-x32\...\Anki) (Version:  - )
Anodyne (HKLM-x32\...\Steam App 234900) (Version:  - )
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Any Video Converter 3.3.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aquaria (HKLM-x32\...\Steam App 24420) (Version:  - Bit Blot)
Asystent menedżera zawartości dla PlayStation® (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoHotkey 1.1.09.02 (HKLM-x32\...\AutoHotkey) (Version: 1.1.09.02 - Lexikos)
Bandicam (HKLM-x32\...\Bandicam) (Version:  - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
CLANNAD Full Voice 1.5 (HKLM-x32\...\{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1) (Version:  - Visual Art's / Key)
Claw (HKLM-x32\...\Captain Claw) (Version: 1.0 - Monolith Productions)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Detektor Winampa (HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\Flux) (Version:  - )
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FLY'N (HKLM-x32\...\Steam App 223730) (Version:  - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Free Video to MP3 Converter version 5.0.10.423 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.10.423 - DVDVideoSoft Ltd.)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
Houhou SRS version 1.1.1 (HKLM-x32\...\Houhou SRS_is1) (Version: 1.1.1 - )
iExplorer 3.2.0.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Instagiffer version 1.41 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.41 - Justin Todd)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - )
Machinarium (HKLM-x32\...\Steam App 40700) (Version:  - Amanita Design)
Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 JPN (HKLM\...\{1923566D-9B21-4E47-AA51-200767FB05BE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mobile Mouse Server (HKLM-x32\...\{0FBCF6E4-1F1A-4729-940F-A354CC84A770}) (Version: 2.6.5 - RPA Tech, Inc)
Mozilla Firefox 35.0 (x86 ja) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 ja)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.5 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
My Game Long Name (HKLM\...\UDK-48a94a20-e227-4a84-9f29-76a3e927f611) (Version:  - Epic Games, Inc.)
NetWorx 5.2.7 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
Obsługa programów Apple (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{0141D498-16DA-4221-A529-1D7A64BE8B05}) (Version: 3.3.9567 - OpenOffice.org)
Panel sterowania NVIDIA 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
Python 3.2.3 (HKLM-x32\...\{789C9644-9F82-44d3-B4CA-AC31F46F5882}) (Version: 3.2.3150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.02 - Ubisoft)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Legacy Demo version 1.0.3 (HKLM-x32\...\Rogue Legacy Demo_is1) (Version: 1.0.3 - )
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super House of Dead Ninjas (HKLM-x32\...\Steam App 224820) (Version:  - )
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
System Requirements Lab Detection (HKLM-x32\...\{2CF12828-F941-400B-9E80-7068BE139EE3}) (Version: 2.2.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.8.1 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Binding of Isaac Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
Veoh Giraffic Video Accelerator (HKLM-x32\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (HKLM-x32\...\Veoh Web Player Beta) (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VIA Platforma Menedżera urządzeń (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Waveform (HKLM-x32\...\Steam App 204180) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1544885062-73475794-1225158242-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alicja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544885062-73475794-1225158242-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544885062-73475794-1225158242-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544885062-73475794-1225158242-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544885062-73475794-1225158242-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alicja\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-01-2015 18:00:09 Malwarebytes Anti-Rootkit Restore Point
17-01-2015 18:41:28 Punkt przywracania stworzony przez HitmanPro
17-01-2015 18:42:30 Punkt przywracania stworzony przez HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044F6B43-6D67-47DF-9728-F1262827E27E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {19091BF5-E7DE-4C88-9781-E80B808399A1} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-01-15] () <==== ATTENTION
Task: {56B62B53-421D-44AF-85D4-EFA0112F0799} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1544885062-73475794-1225158242-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {6E81F535-E88F-484B-8AC8-CB96EF24C3E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {81475913-5905-4852-BC18-5EFD7AD8E001} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {9B6C3A73-31B1-4110-B708-BDF2385353C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {A0ED568E-9140-4251-AEC6-AAEEAA506A43} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1544885062-73475794-1225158242-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {ACC15233-011A-44B6-B4B1-7143E353BAFD} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2012-06-11] (Veoh Networks)
Task: {B3811916-0EC4-40C6-AD81-D23D1F0BA322} - System32\Tasks\Razer_Game_Booster_AutoUpdate => E:\Razer Game Booster\AutoUpdate.exe
Task: {EBCA8B2A-3905-47BF-8DE9-AD51EE044135} - System32\Tasks\{27744E2C-33C9-4B4A-8DCD-C045FDA65606} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.114&LastError=12002
Task: {FD380600-3158-4BC2-82AB-756A326FF2EA} - System32\Tasks\{CAC76D0B-DD4D-4750-A8FC-CCF83F10DD6F} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\DVD Audio Ripper\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-30 15:50 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2014-12-21 23:10 - 2015-01-10 16:53 - 00078336 _____ () C:\Program Files (x86)\Houhou SRS\Kanji.Database.dll
2012-03-08 13:44 - 2012-03-08 13:44 - 01169920 _____ () C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
2012-04-14 21:47 - 2009-05-07 15:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-04-14 21:47 - 2009-05-07 15:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-04-14 21:47 - 2008-01-18 13:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-04-14 21:47 - 2009-09-02 08:26 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-01-17 18:52 - 2015-01-17 18:52 - 01605120 _____ () C:\Windows\Temp\svchost.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-14 12:19 - 2011-06-14 12:19 - 00025600 _____ () C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
2012-03-16 14:42 - 2012-03-16 14:42 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-03-16 14:42 - 2012-03-16 14:42 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-01-14 21:05 - 2015-01-14 21:06 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1544885062-73475794-1225158242-500 - Administrator - Disabled)
Alicja (S-1-5-21-1544885062-73475794-1225158242-1000 - Administrator - Enabled) => C:\Users\Alicja
ASPNET (S-1-5-21-1544885062-73475794-1225158242-1004 - Limited - Enabled)
Gość (S-1-5-21-1544885062-73475794-1225158242-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1544885062-73475794-1225158242-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000002d8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002B1EE90.72).  hr = 0x80070005, Odmowa dostępu.
.

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x0000075c,(null),0,REG_BINARY,000000000295E2E0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Nazwa modułu zapisującego: WMI Writer
   Identyfikator wystąpienia modułu zapisującego: {9e921967-962b-4efa-8fc5-594802c38239}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000dfc,(null),0,REG_BINARY,0000000005DDDDC0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Nazwa modułu zapisującego: MSSearch Service Writer
   Identyfikator wystąpienia modułu zapisującego: {a5c42adb-2c62-401c-9032-9180833dc538}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000208,(null),0,REG_BINARY,0000000002BBE7C0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nazwa modułu zapisującego: Shadow Copy Optimization Writer
   Identyfikator wystąpienia modułu zapisującego: {206125b4-2893-48d7-a075-0876b3aae245}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001cc,(null),0,REG_BINARY,000000000123EB20.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Nazwa modułu zapisującego: Registry Writer
   Identyfikator wystąpienia modułu zapisującego: {be1f8262-bc0d-4290-afb7-af5cb05d5fce}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001d8,(null),0,REG_BINARY,0000000002C5EE00.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Nazwa modułu zapisującego: COM+ REGDB Writer
   Identyfikator wystąpienia modułu zapisującego: {88b5c716-624b-4543-9407-f1ced72e2cb4}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x0000075c,(null),0,REG_BINARY,000000000295E2E0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Nazwa modułu zapisującego: WMI Writer
   Identyfikator wystąpienia modułu zapisującego: {9e921967-962b-4efa-8fc5-594802c38239}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000dfc,(null),0,REG_BINARY,0000000005DDDDC0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Nazwa modułu zapisującego: MSSearch Service Writer
   Identyfikator wystąpienia modułu zapisującego: {a5c42adb-2c62-401c-9032-9180833dc538}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x00000208,(null),0,REG_BINARY,0000000002BBE7C0.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nazwa modułu zapisującego: Shadow Copy Optimization Writer
   Identyfikator wystąpienia modułu zapisującego: {206125b4-2893-48d7-a075-0876b3aae245}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001cc,(null),0,REG_BINARY,000000000123EB20.72).  hr = 0x80070005, Odmowa dostępu.
.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Nazwa modułu zapisującego: Registry Writer
   Identyfikator wystąpienia modułu zapisującego: {be1f8262-bc0d-4290-afb7-af5cb05d5fce}


System errors:
=============
Error: (01/17/2015 06:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Veoh Giraffic Video Accelerator niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (01/17/2015 06:52:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi SSDPSRV.

Error: (01/17/2015 06:48:40 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880031afa28, 0xfffff880031af280)C:\Windows\MEMORY.DMP011715-188484-01

Error: (01/17/2015 06:47:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\athExt.dll
Kod błędu: 126

Error: (01/17/2015 06:47:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Usługa HitmanPro 3.7 Crusader (Boot) zakończyła działanie; wystąpił specyficzny dla niej błąd %%0.

Error: (01/17/2015 06:46:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 18:43:40 na ‎2015-‎01-‎17 było nieoczekiwane.

Error: (01/17/2015 06:03:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\athExt.dll
Kod błędu: 126

Error: (01/17/2015 05:16:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\athExt.dll
Kod błędu: 126

Error: (01/17/2015 04:30:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: ZARZĄDZANIE NT)
Description: Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.

Ścieżka modułu: C:\Windows\system32\athExt.dll
Kod błędu: 126

Error: (01/17/2015 03:58:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi cpuz135 z powodu następującego błędu:
%%2


Microsoft Office Sessions:
=========================
Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002B1EE90.72)0x80070005, Odmowa dostępu.

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000075c,(null),0,REG_BINARY,000000000295E2E0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Nazwa modułu zapisującego: WMI Writer
   Identyfikator wystąpienia modułu zapisującego: {9e921967-962b-4efa-8fc5-594802c38239}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000dfc,(null),0,REG_BINARY,0000000005DDDDC0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Nazwa modułu zapisującego: MSSearch Service Writer
   Identyfikator wystąpienia modułu zapisującego: {a5c42adb-2c62-401c-9032-9180833dc538}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000208,(null),0,REG_BINARY,0000000002BBE7C0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nazwa modułu zapisującego: Shadow Copy Optimization Writer
   Identyfikator wystąpienia modułu zapisującego: {206125b4-2893-48d7-a075-0876b3aae245}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001cc,(null),0,REG_BINARY,000000000123EB20.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Nazwa modułu zapisującego: Registry Writer
   Identyfikator wystąpienia modułu zapisującego: {be1f8262-bc0d-4290-afb7-af5cb05d5fce}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001d8,(null),0,REG_BINARY,0000000002C5EE00.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Nazwa modułu zapisującego: COM+ REGDB Writer
   Identyfikator wystąpienia modułu zapisującego: {88b5c716-624b-4543-9407-f1ced72e2cb4}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000075c,(null),0,REG_BINARY,000000000295E2E0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Nazwa modułu zapisującego: WMI Writer
   Identyfikator wystąpienia modułu zapisującego: {9e921967-962b-4efa-8fc5-594802c38239}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000dfc,(null),0,REG_BINARY,0000000005DDDDC0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Nazwa modułu zapisującego: MSSearch Service Writer
   Identyfikator wystąpienia modułu zapisującego: {a5c42adb-2c62-401c-9032-9180833dc538}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000208,(null),0,REG_BINARY,0000000002BBE7C0.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nazwa modułu zapisującego: Shadow Copy Optimization Writer
   Identyfikator wystąpienia modułu zapisującego: {206125b4-2893-48d7-a075-0876b3aae245}

Error: (01/17/2015 06:43:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001cc,(null),0,REG_BINARY,000000000123EB20.72)0x80070005, Odmowa dostępu.


Operacja:
   Zdarzenie BackupShutdown

Kontekst:
   Kontekst wykonywania: Writer
   Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Nazwa modułu zapisującego: Registry Writer
   Identyfikator wystąpienia modułu zapisującego: {be1f8262-bc0d-4290-afb7-af5cb05d5fce}


==================== Memory info ===========================

Processor: AMD Phenom II X4 945 Processor
Percentage of memory in use: 48%
Total physical RAM: 4095.3 MB
Available physical RAM: 2125.25 MB
Total Pagefile: 8188.79 MB
Available Pagefile: 5928.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:1.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:184 GB) (Free:25.02 GB) NTFS
Drive f: () (Fixed) (Total:184 GB) (Free:10.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E59EA4DF)
Partition 1: (Not Active) - (Size=100 MB) - (Type=05)
Partition 2: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=184 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

 

 

warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Hi, thanks for the reply! ^_^

 

I ran the fix (the svchost.exe thing remains untouched, though), here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Alicja at 2015-01-19 18:36:35 Run:1
Running from C:\Users\Alicja\Desktop
Loaded Profiles: Alicja (Available profiles: Alicja)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
emptytemp:
C:\Windows\Temp\svchost.exe
HKU\S-1-5-21-1544885062-73475794-1225158242-1000\...\MountPoints2: G - G:\autorun.exe
S3 ALSysIO; \??\C:\Users\Alicja\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
S3 WinRing0_1_2_0; \??\E:\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
2015-01-09 18:49 - 2015-01-15 19:13 - 00062292 _____ () C:\Windows\temp023423.vbe
C:\Users\Alicja\AppData\Roaming\Origin\update.vbe























































*****************

Processes closed successfully.
C:\Windows\Temp\svchost.exe => Moved successfully.
"HKU\S-1-5-21-1544885062-73475794-1225158242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
ALSysIO => Service deleted successfully.
EagleX64 => Service deleted successfully.
RTL8187 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
C:\Windows\temp023423.vbe => Moved successfully.
C:\Users\Alicja\AppData\Roaming\Origin\update.vbe => Moved successfully.
EmptyTemp: => Removed 348.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:39:01 ====

 

Link to post
Share on other sites

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


Link to post
Share on other sites

Done! The process didn't reopen on restart this time.

 

Logs:

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.19.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Alicja :: NOVASTAR [administrator]

2015-01-19 19:43:09
mbar-log-2015-01-19 (19-43-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 344272
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> 5532 -> Delete on reboot. [db6c1ddc4c3d181e1aa8eeb4da2ac33d]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [db6c1ddc4c3d181e1aa8eeb4da2ac33d]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 4294238208, free: 1378611200

Downloaded database version: v2015.01.19.11
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/19/2015 19:42:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\cbfs3.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80049c0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-6\
Lower Device Object: 0xfffffa80049c6060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80049c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800453db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80049c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004534940, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80049c6060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E59EA4DF

Partition information:

    Partition 0 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204800000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 205006848  Numsec = 385882112

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 590888960  Numsec = 385882112

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.Agent.Gen]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

Link to post
Share on other sites

Glad I could help.

 

 

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.