Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014 Ran by Klaku at 2014-04-27 21:01:33 Run:2 Running from D:\Pobrane\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit) BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) Task: {2FE776CA-3672-4B3E-BDBC-439CE626E2A4} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe Task: {63DFE667-88B8-4BFB-982A-0C367233D185} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe S3 ALSysIO; \??\C:\Users\Klaku\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 FireStorm; \??\C:\Users\Klaku\AppData\Local\Temp\FireStorm.sys [X] S3 hid7906; system32\drivers\hid7906.sys [X] S3 hid8101; system32\drivers\hid8101.sys [X] S3 hid8103; system32\drivers\hid8103.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {3C9D86CF-68A6-410B-9F2A-FD51792B7A65} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B AlternateDataStreams: C:\ProgramData\TEMP:B755D674 AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 AlternateDataStreams: C:\ProgramData\TEMP:E6E3D650 C:\ProgramData\taskmgr.exe C:\Program Files (x86)\mozilla firefox\plugins C:\Program Files (x86)\IObit C:\Users\Klaku\AppData\Roaming\IObit C:\Windows\pss\3caeb26764675258d8d8c075e5b9b6a9.exe.Startup C:\Windows\pss\minibin.lnk.CommonStartup C:\Windows\pss\Run.lnk.CommonStartup C:\Windows\SysWow64\mswunmokem.dll C:\Windows\SysWow64\mstucmokdm.dll C:\Windows\SysWOW64\sqlite3.dll C:\Windows\SysWOW64\.tmp CMD: del /q C:\Users\Klaku\AppData\Local\{*} Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^minibin.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Klaku^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3caeb26764675258d8d8c075e5b9b6a9.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3caeb26764675258d8d8c075e5b9b6a9" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDD Regenerator" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\screenSHU.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reboot: ***************** LiveUpdateSvc => Service not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully. HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FE776CA-3672-4B3E-BDBC-439CE626E2A4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE776CA-3672-4B3E-BDBC-439CE626E2A4} => Key deleted successfully. C:\Windows\System32\Tasks\EVGAPrecision => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EVGAPrecision => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63DFE667-88B8-4BFB-982A-0C367233D185} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63DFE667-88B8-4BFB-982A-0C367233D185} => Key deleted successfully. C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Razer_Game_Booster_AutoUpdate => Key deleted successfully. ALSysIO => Service not found. catchme => Service not found. FireStorm => Service not found. hid7906 => Service not found. hid8101 => Service not found. hid8103 => Service not found. NVHDA => Service not found. nvvad_WaveExtensible => Service not found. SbieDrv => Service not found. VBoxNetFlt => Service not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C9D86CF-68A6-410B-9F2A-FD51792B7A65} => Key deleted successfully. HKCR\CLSID\{3C9D86CF-68A6-410B-9F2A-FD51792B7A65} => Key not found. C:\ProgramData\TEMP => ":6BE50C2B" ADS removed successfully. C:\ProgramData\TEMP => ":B755D674" ADS removed successfully. C:\ProgramData\TEMP => ":D78D6FF7" ADS removed successfully. C:\ProgramData\TEMP => ":E6E3D650" ADS removed successfully. "C:\ProgramData\taskmgr.exe" => File/Directory not found. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\IObit => Moved successfully. C:\Users\Klaku\AppData\Roaming\IObit => Moved successfully. C:\Windows\pss\3caeb26764675258d8d8c075e5b9b6a9.exe.Startup => Moved successfully. C:\Windows\pss\minibin.lnk.CommonStartup => Moved successfully. C:\Windows\pss\Run.lnk.CommonStartup => Moved successfully. C:\Windows\SysWow64\mswunmokem.dll => Moved successfully. C:\Windows\SysWow64\mstucmokdm.dll => Moved successfully. C:\Windows\SysWOW64\sqlite3.dll => Moved successfully. C:\Windows\SysWOW64\.tmp => Moved successfully. ========= del /q C:\Users\Klaku\AppData\Local\{*} ========= ========= End of CMD: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^minibin.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Klaku^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3caeb26764675258d8d8c075e5b9b6a9.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3caeb26764675258d8d8c075e5b9b6a9" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDD Regenerator" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\screenSHU.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====