Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014 Ran by Marek at 2014-10-22 08:52:58 Run:1 Running from C:\Users\Marek\Desktop\Aanaliza Loaded Profile: Marek (Available profiles: Marek & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-77345471-4210661780-3767852875-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-77345471-4210661780-3767852875-1000\...\Run: [Cudax] => C:\Users\Marek\AppData\Roaming\Cudax\nircmd.exe [44032 2013-08-11] (NirSoft) AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found Task: {086E1680-CA4B-4D08-A809-47D47B9A8E8B} - System32\Tasks\{33E1FCF9-90D8-4A08-9ADB-366A1C0864E4} => C:\Kulki\KULKI.EXE Task: {0B7FB4A3-8942-4B64-821B-570874E740F4} - System32\Tasks\{BF098A72-4DC7-4733-A173-F0C1F09242C0} => C:\Kulki\KULKI.EXE Task: {2006BCE0-66D4-4354-A584-315FD8A2EB95} - System32\Tasks\{59D21868-DC83-49AE-81E9-70F72966D02F} => C:\Kulki\KULKI.EXE Task: {2203407D-E657-408C-8B2B-913178081620} - System32\Tasks\4677 => Wscript.exe C:\Users\Marek\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {5271D894-3698-42F0-B898-B9920D0A9B55} - System32\Tasks\{31849660-5E81-45FB-AC54-924A95C2711D} => I:\GRY\TDU2\TestDrive2.exe Task: {627259C5-0343-4577-B97B-086A4206BABB} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {66F37C0B-441E-4224-AEB6-30E1E9B0DBA0} - System32\Tasks\{F80B26EB-70BA-4337-82EC-329817C85F1F} => C:\Kulki\KULKI.EXE Task: {739DAB90-3F99-48BC-B00E-23184C18953E} - System32\Tasks\{EE5184C3-9D62-44D0-B6A1-C9C1898098E4} => C:\Kulki\KULKI.EXE Task: {79985907-3E1B-4606-AF32-2C8577FF2E3B} - System32\Tasks\{EF9CF115-B2EC-42A9-85A8-9533A7FF3F95} => C:\Kulki\KULKI.EXE Task: {A7D6EC14-AA3F-4E80-AD03-2BE89C5EEDE5} - System32\Tasks\{B8142478-C730-4FCD-990C-9EDA627F2883} => C:\Program Files (x86)\Namco Bandai Games\Hexodius\Hexodius.exe Task: {E583B98A-EEAB-4A8C-9442-7C85CADC5A1B} - System32\Tasks\VisualBeeRecovery => C:\Users\Marek\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe <==== ATTENTION S3 MSICDSetup; \??\D:\CDriver64.sys [X] S4 sptd; System32\Drivers\sptd.sys [X] URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - yandex.ru-122035 URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7MXGB_plPL523 BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File C:\Program Files (x86)\Mozilla Firefox\plugins C:\Users\Marek\AppData\Local\Google C:\Users\Marek\AppData\Roaming\Cudax C:\Users\Marek\AppData\Roaming\Opera RemoveDirectory: C:\Kaspersky Rescue Disk 10.0 Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURL" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: copy /y C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ps7ec1p7.default\prefs.js C:\Users\Marek\Desktop\prefs.js CMD: ipconfig /flushdns EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-77345471-4210661780-3767852875-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. HKU\S-1-5-21-77345471-4210661780-3767852875-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cudax => value deleted successfully. "c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll" => Value Data removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{086E1680-CA4B-4D08-A809-47D47B9A8E8B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{086E1680-CA4B-4D08-A809-47D47B9A8E8B}" => Key deleted successfully. C:\Windows\System32\Tasks\{33E1FCF9-90D8-4A08-9ADB-366A1C0864E4} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33E1FCF9-90D8-4A08-9ADB-366A1C0864E4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B7FB4A3-8942-4B64-821B-570874E740F4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7FB4A3-8942-4B64-821B-570874E740F4}" => Key deleted successfully. C:\Windows\System32\Tasks\{BF098A72-4DC7-4733-A173-F0C1F09242C0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF098A72-4DC7-4733-A173-F0C1F09242C0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2006BCE0-66D4-4354-A584-315FD8A2EB95}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2006BCE0-66D4-4354-A584-315FD8A2EB95}" => Key deleted successfully. C:\Windows\System32\Tasks\{59D21868-DC83-49AE-81E9-70F72966D02F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{59D21868-DC83-49AE-81E9-70F72966D02F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2203407D-E657-408C-8B2B-913178081620}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2203407D-E657-408C-8B2B-913178081620}" => Key deleted successfully. C:\Windows\System32\Tasks\4677 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4677" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5271D894-3698-42F0-B898-B9920D0A9B55}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5271D894-3698-42F0-B898-B9920D0A9B55}" => Key deleted successfully. C:\Windows\System32\Tasks\{31849660-5E81-45FB-AC54-924A95C2711D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31849660-5E81-45FB-AC54-924A95C2711D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{627259C5-0343-4577-B97B-086A4206BABB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{627259C5-0343-4577-B97B-086A4206BABB}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66F37C0B-441E-4224-AEB6-30E1E9B0DBA0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66F37C0B-441E-4224-AEB6-30E1E9B0DBA0}" => Key deleted successfully. C:\Windows\System32\Tasks\{F80B26EB-70BA-4337-82EC-329817C85F1F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80B26EB-70BA-4337-82EC-329817C85F1F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{739DAB90-3F99-48BC-B00E-23184C18953E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{739DAB90-3F99-48BC-B00E-23184C18953E}" => Key deleted successfully. C:\Windows\System32\Tasks\{EE5184C3-9D62-44D0-B6A1-C9C1898098E4} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE5184C3-9D62-44D0-B6A1-C9C1898098E4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79985907-3E1B-4606-AF32-2C8577FF2E3B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79985907-3E1B-4606-AF32-2C8577FF2E3B}" => Key deleted successfully. C:\Windows\System32\Tasks\{EF9CF115-B2EC-42A9-85A8-9533A7FF3F95} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF9CF115-B2EC-42A9-85A8-9533A7FF3F95}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7D6EC14-AA3F-4E80-AD03-2BE89C5EEDE5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7D6EC14-AA3F-4E80-AD03-2BE89C5EEDE5}" => Key deleted successfully. C:\Windows\System32\Tasks\{B8142478-C730-4FCD-990C-9EDA627F2883} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B8142478-C730-4FCD-990C-9EDA627F2883}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E583B98A-EEAB-4A8C-9442-7C85CADC5A1B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E583B98A-EEAB-4A8C-9442-7C85CADC5A1B}" => Key deleted successfully. C:\Windows\System32\Tasks\VisualBeeRecovery => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery" => Key deleted successfully. MSICDSetup => Service deleted successfully. sptd => Service deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\yandex.ru-122035" => Key deleted successfully. "HKCR\CLSID\yandex.ru-122035" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Users\Marek\AppData\Local\Google => Moved successfully. C:\Users\Marek\AppData\Roaming\Cudax => Moved successfully. C:\Users\Marek\AppData\Roaming\Opera => Moved successfully. "C:\Kaspersky Rescue Disk 10.0" => removed successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURL" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= copy /y C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ps7ec1p7.default\prefs.js C:\Users\Marek\Desktop\prefs.js ========= Liczba skopiowanych plik¢w: 1. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= End of CMD: ========= EmptyTemp: => Removed 399.6 MB temporary data. The system needed a reboot. ==== End of Fixlog ====