Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with tmp9C43.exe - similar to this topic(different tmpXXX.exe)


  • This topic is locked This topic is locked
7 replies to this topic

#1 bonzai1990

bonzai1990

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 02 January 2015 - 06:52 AM

Hi,

 

One day started appears different messages about unable to find file C:/ProgramData/.../Secure/Icons/tmpxxx.exe. I was suspicious and I looked up in google and I found out that is some kind of malware. I used AdwCleaner but it didn't help. So this time I use RogueKiller and generate report to my problem. Could you please help?

 

RogueKiller V10.1.1.0 [Dec 23 2014] od Adlice Software
 
System Operacyjny : Windows 8.1 (6.3.9200 ) 32 bits version
Uruchomiono : Tryb Normalny
Użytkownik : Mateusz Bacal [Administrator]
Tryb : Skan -- Data : 01/02/2015  12:45:25
 
¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll[-] -> Wyrejestrowano
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll[-] -> Wyrejestrowano
[Suspicious.Path] explorer.exe -- C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll[-] -> Wyrejestrowano
 
¤¤¤ Rejestr : 14 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} -> Znaleziono
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA}  -> Znaleziono
[Suspicious.Path] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run | YcfPack : C:\Windows\System32\regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion\wxUserWeb.dll"  -> Znaleziono
[Suspicious.Path] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run | runas : "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"  -> Znaleziono
[Suspicious.Path] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ethtion : regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll"  -> Znaleziono
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.wp.pl/?src01=dp2  -> Znaleziono
[PUM.HomePage] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.wp.pl/?src01=dp2  -> Znaleziono
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DB17B2E-2296-4068-8812-8C3398227F3A} | DhcpNameServer : 10.176.177.78 82.160.1.1 213.199.225.10 [(Private Address) (XX)][POLAND (PL)][POLAND (PL)]  -> Znaleziono
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6DB17B2E-2296-4068-8812-8C3398227F3A} | DhcpNameServer : 10.176.177.78 82.160.1.1 213.199.225.10 [(Private Address) (XX)][POLAND (PL)][POLAND (PL)]  -> Znaleziono
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Znaleziono
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Znaleziono
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Znaleziono
[Suspicious.Path] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Control Panel\Desktop | SCRNSAVE.EXE : "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"  -> Znaleziono
[HJ.AutoRun] HKEY_USERS\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"  -> Znaleziono
 
¤¤¤ Zaplanowane zadania : 0 ¤¤¤
 
¤¤¤ Pliki : 3 ¤¤¤
[Suspicious.Path][Plik] chgusr.lnk -- C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chgusr.lnk [LNK@] C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\chgusr.exe -> Znaleziono
[Suspicious.Path][Plik] ntoskrnl.lnk -- C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntoskrnl.lnk [LNK@] C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe -> Znaleziono
[Suspicious.Path][Plik] runas.lnk -- C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runas.lnk [LNK@] C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe -> Znaleziono
 
¤¤¤ Plik Hosts : 0 [Too big!] ¤¤¤
 
¤¤¤ Anty-Rootkit : 15 (Driver: Załadowany) ¤¤¤
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x2426a9c (push dword 0x2426a9c|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x2336154 (push dword 0x2336154|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextExW : Unknown @ 0x230efdc (push dword 0x230efdc|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x230babc (push dword 0x230babc|ret )
[IAT:Inl] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x231067c (push dword 0x231067c|ret )
[IAT:Inl] (iexplore.exe) WS2_32.dll - WSASend : Unknown @ 0x230640c (push dword 0x230640c|ret )
[IAT:Inl] (iexplore.exe) WINMM.dll - waveOutOpen : Unknown @ 0x2331224 (push dword 0x2331224|ret )
[IAT:Inl] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x230fb2c (push dword 0x230fb2c|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x2706a9c (push dword 0x2706a9c|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x2736ecc (push dword 0x2736ecc|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextExW : Unknown @ 0x270b15c (push dword 0x270b15c|ret )
[IAT:Inl] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x270d174 (push dword 0x270d174|ret )
[IAT:Inl] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x2730444 (push dword 0x2730444|ret )
[IAT:Inl] (iexplore.exe) WS2_32.dll - WSASend : Unknown @ 0x270640c (push dword 0x270640c|ret )
[IAT:Inl] (iexplore.exe) WINMM.dll - waveOutOpen : Unknown @ 0x2731f9c (push dword 0x2731f9c|ret )
 
¤¤¤ Przeglądarki internetowe : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 5fb1a6yb.default : user_pref("browser.startup.homepage", "www.wp.pl/?src01=dp2"); -> Znaleziono
 
¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725032A9A364 +++++
--- User ---
[MBR] 3f84fdde8fc8dc0f3a128bfb2c7b4798
[BSP] 7219c2304e46193e1947be79e3d2d014 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 287536 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 589490176 | Size: 17407 MB
User = LL1 ... OK
User = LL2 ... OK

Edited by hamluis, 02 January 2015 - 08:17 AM.
Moved from Win 8 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 bonzai1990

bonzai1990
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 02 January 2015 - 07:01 AM

Below also I pasted log from FRST:

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by Mateusz Bacal (administrator) on MATEUSZ on 02-01-2015 12:57:01
Running from C:\Users\Mateusz Bacal\Desktop
Loaded Profile: Mateusz Bacal (Available profiles: Mateusz Bacal)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Mateusz Bacal\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [Spotify Web Helper] => C:\Users\Mateusz Bacal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [YcfPack] => C:\Windows\System32\regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion\wxUserWeb.dll"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [runas] => "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [Ethtion] => regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll" <===== ATTENTION
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Command Processor: "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe" <===== ATTENTION!
Startup: C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chgusr.lnk
ShortcutTarget: chgusr.lnk -> C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\chgusr.exe (No File)
Startup: C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntoskrnl.lnk
ShortcutTarget: ntoskrnl.lnk -> C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe (No File)
Startup: C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runas.lnk
ShortcutTarget: runas.lnk -> C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 08 C:\Windows\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Windows\system32\wlidnsp.dll [49664] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0F1DD0E7-35B8-41B3-A71D-8A4B45427AC2}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{541E167B-310F-4E71-832B-4CC38C9B1A3D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6DB17B2E-2296-4068-8812-8C3398227F3A}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AE3F85D9-4F7D-4A70-ABE5-AE086142B7D5}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C2107DCA-3A29-418B-8BBF-18020F4DACE7}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Mateusz Bacal\AppData\Roaming\Mozilla\Firefox\Profiles\5fb1a6yb.default
FF Homepage: www.wp.pl/?src01=dp2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-05]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://google.pl/"
CHR Profile: C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-04]
CHR Extension: (Dysk Google) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-04]
CHR Extension: (YouTube) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-04]
CHR Extension: (Szukaj w Google) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-04]
CHR Extension: (Postman - REST Client) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2014-05-14]
CHR Extension: (AdBlock) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-04]
CHR Extension: (Avast Online Security) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-06]
CHR Extension: (Poczta o2) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhkhehdcicfckijbllglgdkegdnhplm [2013-08-04]
CHR Extension: (Tiësto) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mateusz Bacal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-09-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-09-24] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [39944 2013-11-29] (LogMeIn Inc.)
S3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-01-02] ()
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-09-24] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys [25632 2014-07-31] (Wondershare)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
U1 WACService; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 12:57 - 2015-01-02 12:57 - 00014772 _____ () C:\Users\Mateusz Bacal\Desktop\FRST.txt
2015-01-02 12:56 - 2015-01-02 12:57 - 00000000 ____D () C:\FRST
2015-01-02 12:56 - 2015-01-02 12:56 - 01114624 _____ (Farbar) C:\Users\Mateusz Bacal\Desktop\FRST.exe
2015-01-02 12:46 - 2015-01-02 12:46 - 00006585 _____ () C:\Users\Mateusz Bacal\Desktop\RKreport_SCN_01022015_124525.log
2015-01-02 12:40 - 2015-01-02 12:40 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\CrashDumps
2015-01-02 12:33 - 2015-01-02 12:33 - 15298136 _____ () C:\Users\Mateusz Bacal\Desktop\RogueKiller.exe
2014-12-31 10:33 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-31 10:33 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-31 10:31 - 2014-12-31 10:31 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-31 10:13 - 2014-12-31 10:13 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\CDex
2014-12-31 10:09 - 2014-12-31 10:16 - 00000000 ____D () C:\Program Files\CDex
2014-12-31 10:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-31 10:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-31 10:09 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-31 10:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-31 10:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-31 10:09 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-31 10:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-31 10:09 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-31 10:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-31 10:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-31 10:09 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-31 10:09 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-31 10:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-31 10:09 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-31 10:09 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-31 10:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-31 10:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-31 10:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-31 10:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-31 10:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-31 10:07 - 2014-12-04 00:38 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-31 10:07 - 2014-12-04 00:08 - 00728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-31 10:07 - 2014-12-03 00:09 - 00873984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-31 10:07 - 2014-12-03 00:09 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-31 10:07 - 2014-12-03 00:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-31 10:07 - 2014-12-03 00:09 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-31 10:07 - 2014-12-03 00:09 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-31 10:07 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-31 10:07 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-31 10:07 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-31 10:03 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-31 10:03 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-31 10:03 - 2014-10-13 03:47 - 00199488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-31 10:03 - 2014-10-13 03:47 - 00131392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-31 10:03 - 2014-10-13 03:47 - 00076096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-31 10:03 - 2014-10-13 03:47 - 00036160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-31 09:21 - 2015-01-02 12:38 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-31 09:21 - 2014-12-31 09:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-24 16:25 - 2014-12-24 16:25 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-12-21 13:48 - 2014-12-30 12:53 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\Ethtion
2014-12-21 11:04 - 2014-12-30 16:49 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion
2014-12-16 19:52 - 2014-12-25 10:33 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Roaming\FrameworkUpdate
2014-12-16 19:52 - 2014-12-16 19:53 - 00000000 _____ () C:\ProgramData\@system.temp
2014-12-16 19:52 - 2014-12-16 19:52 - 00000480 ____H () C:\Users\Mateusz Bacal\AppData\Roaming\麽鎒駓覜
2014-12-13 12:17 - 2014-12-31 10:16 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Roaming\Wondershare
2014-12-13 12:13 - 2014-12-13 12:13 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\Wondershare
2014-12-13 12:13 - 2014-12-13 12:13 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-12-13 12:13 - 2014-07-31 15:55 - 00025632 _____ (Wondershare) C:\WINDOWS\system32\Drivers\WsAudioDevice_383.sys
2014-12-09 18:15 - 2014-12-09 18:15 - 00000000 __SHD () C:\Users\Mateusz Bacal\AppData\Local\EmieUserList
2014-12-09 18:15 - 2014-12-09 18:15 - 00000000 __SHD () C:\Users\Mateusz Bacal\AppData\Local\EmieSiteList
2014-12-09 18:15 - 2014-12-09 18:15 - 00000000 __SHD () C:\Users\Mateusz Bacal\AppData\Local\EmieBrowserModeList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 12:29 - 2013-08-04 09:56 - 00001060 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 12:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 11:58 - 2014-11-05 06:04 - 01247587 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-02 07:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-02 02:29 - 2013-08-04 09:56 - 00001056 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 22:45 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 18:47 - 2014-11-05 15:59 - 00000000 ___DO () C:\Users\Mateusz Bacal\OneDrive
2015-01-01 18:46 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-01 11:00 - 2013-08-13 11:29 - 01058304 ___SH () C:\Users\Mateusz Bacal\Desktop\Thumbs.db
2015-01-01 10:59 - 2014-11-05 05:35 - 00000000 ____D () C:\Users\Mateusz Bacal
2014-12-31 19:48 - 2013-09-17 20:56 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Roaming\Spotify
2014-12-31 15:53 - 2014-05-14 20:59 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\Eclipse
2014-12-31 15:52 - 2014-10-16 17:20 - 00000000 ____D () C:\Program Files\eclipse - java
2014-12-31 11:16 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-31 10:32 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-31 10:31 - 2014-09-24 06:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-31 10:31 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\pl-PL
2014-12-31 10:31 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-31 10:30 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-31 10:21 - 2013-08-19 20:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-31 10:16 - 2013-08-06 18:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-31 10:14 - 2013-08-05 19:03 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-31 10:11 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-31 10:11 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-31 09:48 - 2014-09-24 04:44 - 01979712 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-31 09:48 - 2014-09-24 04:11 - 00862076 _____ () C:\WINDOWS\system32\perfh015.dat
2014-12-31 09:48 - 2014-09-24 04:11 - 00190428 _____ () C:\WINDOWS\system32\perfc015.dat
2014-12-31 09:44 - 2013-08-04 10:26 - 00000000 ____D () C:\WSZYSTKO
2014-12-31 09:43 - 2014-09-23 19:33 - 00008714 _____ () C:\WINDOWS\PFRO.log
2014-12-31 09:42 - 2013-12-31 16:21 - 00000000 ____D () C:\AdwCleaner
2014-12-31 09:41 - 2013-08-22 08:23 - 00292393 _____ () C:\WINDOWS\setupact.log
2014-12-21 19:11 - 2013-09-13 17:07 - 00000000 ____D () C:\Users\Mateusz Bacal\Documents\FIFA 13
2014-12-21 19:10 - 2013-12-28 09:33 - 00000000 ___RD () C:\Users\Mateusz Bacal\Desktop\GAMES
2014-12-18 23:02 - 2014-10-27 21:09 - 00000000 ____D () C:\Users\Mateusz Bacal\workspacePracaMagisterska
2014-12-18 19:51 - 2013-09-17 20:57 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Local\Spotify
2014-12-17 19:57 - 2013-10-27 22:58 - 00000000 ____D () C:\z skidrow-a
2014-12-17 19:15 - 2013-09-26 16:53 - 00000000 ____D () C:\Users\Mateusz Bacal\AppData\Roaming\uTorrent
 
Some content of TEMP:
====================
C:\Users\Mateusz Bacal\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mateusz Bacal\AppData\Local\Temp\Quarantine.exe
C:\Users\Mateusz Bacal\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-01 19:00
 
==================== End Of Log ============================
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by Mateusz Bacal at 2015-01-02 12:58:04
Running from C:\Users\Mateusz Bacal\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Tools for .Net 3.5 - PLK Lang Pack (Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bandizip (HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Bandizip) (Version: 3.07 - Bandisoft.com)
Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.5.0.0 - Electronic Arts)
GitHub (HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\5f7eb300e2ea4ebf) (Version: 1.3.3.1 - GitHub, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{B6A04A05-23B7-4506-A3AA-98AA2D7DA0ED}) (Version: 4.2.8.1 - Hewlett-Packard Company)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ipla 2.8 (HKLM\...\ipla) (Version: 2.8 - Redefine Sp z o.o.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
LocalESPC (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (Version: 8.59.25584 - Microsoft) Hidden
LocalESPCui for pl-pl (Version: 8.59.25584 - Microsoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - PLK Lang Pack (HKLM\...\{1164D725-1114-4EB4-A559-5CD80A50ED5D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - PLK (HKLM\...\{9AF3CB63-491B-48BB-A150-6791D0BC9AF7}) (Version: 3.0.30710.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - PLK (HKLM\...\{E9F7A418-C569-4F1C-8907-0536163F25FE}) (Version: 1.0.20710.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - PLK (HKLM\...\Microsoft Help Viewer 2.0 Language Pack - PLK) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 z dodatkiem SP1 PLK (HKLM\...\{C10BC260-1D6D-4E15-B4F8-67F5830F5C3C}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 pl) (HKLM\...\Mozilla Firefox 30.0 (x86 pl)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MTPuTTY 1.6 beta (HKLM\...\MTPuTTY_is1) (Version: 1.6 - TTYPlus)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
SMPlayer 14.3.0 (HKLM\...\SMPlayer) (Version: 14.3.0 - Ricardo Villalba)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 Update 4 (KB2707250) (HKLM\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
WapSter AQQ (HKLM\...\AQQ) (Version: 2.4.5.50 - Creative Team S.A.)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinSCP 5.5.3 (HKLM\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-446222945-3137370078-2837892162-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Mateusz Bacal\AppData\Local\Bandizip\bdzshl32.dll (Bandisoft.com)
 
==================== Restore Points  =========================
 
16-12-2014 23:21:18 Removed Nero 11.
24-12-2014 14:04:15 Zaplanowany punkt kontrolny
31-12-2014 10:09:42 Windows Update
31-12-2014 10:09:58 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:13 - 2014-12-24 16:25 - 00001512 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.102 www.google-analytics.com.
85.25.107.102 google-analytics.com.
85.25.107.102 connect.facebook.net.
192.99.206.112 www.google-analytics.com.
192.99.206.112 google-analytics.com.
192.99.206.112 connect.facebook.net.
195.162.69.252 www.google-analytics.com.
195.162.69.252 google-analytics.com.
195.162.69.252 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E8ADC5B-B8F6-4917-8A54-082B663EC1A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {726B908A-654F-43C5-BA67-50D292B02992} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {ABCEE53C-3D53-496C-8B1B-7E2A44845796} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {B2B9B239-2916-48B1-BE62-4339F1D5E91E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {F3FB75D6-A714-40E6-92FA-014346E3F495} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-01 14:03 - 2014-08-01 14:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-01 11:00 - 2015-01-01 11:00 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\15010100\algo.dll
2015-01-02 10:51 - 2015-01-02 10:51 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010200\algo.dll
2014-12-30 12:53 - 2014-12-30 12:53 - 00036864 _____ () C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll
2014-11-25 16:52 - 2014-11-25 16:52 - 00143360 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\ErrorReporting.dll
2014-08-01 14:04 - 2014-08-01 14:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-30 12:55 - 2014-12-30 12:55 - 00036864 _____ () C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion\wxUserWeb.dll
2014-12-10 16:30 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 16:30 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 16:30 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 16:30 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-02 12:33 - 2015-01-02 12:33 - 15298136 _____ () C:\Users\Mateusz Bacal\Desktop\RogueKiller.exe
2014-12-14 19:27 - 2014-12-14 19:27 - 01978368 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-12-14 19:27 - 2014-12-14 19:27 - 01596416 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-12-10 16:31 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mateusz Bacal\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "DivXMediaServer"
HKLM\...\StartupApproved\Run: => "DivXUpdate"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "20131121"
HKLM\...\StartupApproved\Run: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\StartupApproved\StartupFolder: => "OUTLOOK — skrót.lnk"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\StartupApproved\Run: => "LiveSupport"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\StartupApproved\Run: => "ChromeUpdate"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-446222945-3137370078-2837892162-500 - Administrator - Disabled)
Gość (S-1-5-21-446222945-3137370078-2837892162-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-446222945-3137370078-2837892162-1003 - Limited - Enabled)
Mateusz Bacal (S-1-5-21-446222945-3137370078-2837892162-1001 - Administrator - Enabled) => C:\Users\Mateusz Bacal
 
==================== Faulty Device Manager Devices =============
 
Name: Nieznane urządzenie USB (resetowanie portu nie powiodło się)
Description: Nieznane urządzenie USB (resetowanie portu nie powiodło się)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standardowy kontroler hosta USB)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Kontroler Realtek PCIe GBE Family Controller
Description: Kontroler Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Urządzenie Bluetooth (sieć osobista)
Description: Urządzenie Bluetooth (sieć osobista)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 00:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.3.9600.17284, sygnatura czasowa: 0x53f8130d
Nazwa modułu powodującego błąd: IconsCacheHelper.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x547b7ce3
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x000f5eeb
Identyfikator procesu powodującego błąd: 0x724
Godzina uruchomienia aplikacji powodującej błąd: 0xExplorer.EXE0
Ścieżka aplikacji powodującej błąd: Explorer.EXE1
Ścieżka modułu powodującego błąd: Explorer.EXE2
Identyfikator raportu: Explorer.EXE3
Pełna nazwa pakietu powodującego błąd: Explorer.EXE4
Identyfikator aplikacji względem pakietu powodującego błąd: Explorer.EXE5
 
Error: (01/02/2015 07:00:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/02/2015 07:00:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 08:15:31 PM) (Source: Chrome) (EventID: 1) (User: ZARZĄDZANIE NT)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=1E03A7F20B914D3399ED540119ADE17F;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\1717fdb2-efe7-49d2-a18d-d57be1c94aa8.dmp
 
Error: (01/01/2015 01:32:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 01:32:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 01:22:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 01:22:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 00:01:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
Error: (01/01/2015 00:01:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.
 
 
System errors:
=============
Error: (01/01/2015 06:45:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 18:05:27 na ‎2015-‎01-‎01 było nieoczekiwane.
 
Error: (01/01/2015 10:59:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 10:51:01 na ‎2015-‎01-‎01 było nieoczekiwane.
 
Error: (12/31/2014 10:14:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT)
Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070020: Aktualizacja systemu Windows 8.1 (KB3008242).
 
Error: (12/31/2014 09:37:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 09:33:34 na ‎2014-‎12-‎31 było nieoczekiwane.
 
Error: (12/30/2014 06:31:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 06:28:55 na ‎2014-‎12-‎30 było nieoczekiwane.
 
Error: (12/24/2014 03:52:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error: (12/16/2014 11:06:58 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT)
Description: 1053TrustedInstallerNiedostępny{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (12/16/2014 11:06:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Instalator modułów systemu Windows z powodu następującego błędu: 
%%1053
 
Error: (12/16/2014 11:06:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Instalator modułów systemu Windows.
 
Error: (12/16/2014 04:55:18 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Wygenerowano alert krytyczny, który został wysłany do zdalnego punktu końcowego. W efekcie połączenie może zostać zakończone. Kod błędu krytycznego zdefiniowany przez protokół TLS to 70. Kod stanu błędu SChannel w systemie Windows to 105.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 71%
Total physical RAM: 2997.87 MB
Available physical RAM: 841.07 MB
Total Pagefile: 3573.87 MB
Available Pagefile: 1537.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1859.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:280.8 GB) (Free:157 GB) NTFS
Drive d: () (Fixed) (Total:17 GB) (Free:8.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E8136942)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Please help.


#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 05 January 2015 - 05:44 PM

hi,

 

If you still need help you can do two things. First we will use FRST, then get another download and we will go from there:

 

1)  Open notepad. Please copy/paste the contents of the code box below into the open notepad and save it to your desktop as fixlist.txt

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [YcfPack] => C:\Windows\System32\regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion\wxUserWeb.dll"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [runas] => "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [Ethtion] => regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll" <===== ATTENTION
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Command Processor: "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe" <===== ATTENTION!
Hosts:
EmptyTemp:

2) Run FRST.exe/FRST64.exe like before except this time press the Fix button once and wait.

    If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run

    When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

Next:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

 

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to the following:

        Launch Malwarebytes Anti-Malware

        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

    Click Finish.

    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.

    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

    A Threat Scan will begin.

    With some infections, you may see this message box.

        'Could not load DDA driver'

    Click 'Yes' to this message, to allow the driver to load after a restart.

    Allow the computer to restart. Continue with the rest of these instructions.

    When the scan is complete, click Apply Actions.

    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.

    Click on the History tab > Application Logs.

    Double click on the scan log which shows the Date and time of the scan just performed.

    Click 'Copy to Clipboard'

    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#4 bonzai1990

bonzai1990
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 07 January 2015 - 11:02 AM

FixLog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Mateusz Bacal at 2015-01-07 16:35:13 Run:1
Running from C:\Users\Mateusz Bacal\Desktop
Loaded Profiles: Mateusz Bacal &  (Available profiles: Mateusz Bacal)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [YcfPack] => C:\Windows\System32\regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ezrdtion\wxUserWeb.dll"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [runas] => "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe"
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Run: [Ethtion] => regsvr32.exe "C:\Users\Mateusz Bacal\AppData\Local\Ethtion\wxUserWeb.dll" <===== ATTENTION
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\...\Command Processor: "C:\Users\Mateusz Bacal\AppData\Roaming\Microsoft\Windows\IEUpdate\runas.exe" <===== ATTENTION!
Hosts:
EmptyTemp:
*****************
 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YcfPack => Value not found.
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\runas => Value not found.
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ethtion => Value not found.
HKU\S-1-5-21-446222945-3137370078-2837892162-1001\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 865.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:36:26 ====
 
Anti - Malware logs:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-01-07
Scan Time: 16:42:01
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.07.11
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x86
File System: NTFS
User: Mateusz Bacal
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362096
Time Elapsed: 18 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 07 January 2015 - 05:08 PM

Ok. Looks like you already cleaned up. Not much there in the FRST log or the Malwarebytes log. Hows it looking on your end now?


How Can I Reduce My Risk to Malware?


#6 bonzai1990

bonzai1990
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 12 January 2015 - 02:24 PM

It looks ok, thanks :)



#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 12 January 2015 - 06:11 PM

Ok,good. You can open Roguekiller and click on the uninstall button to remove it. You can delete the FRST icon and its logs also.

Keep and use Malwarebytes as a antimalware app. Always update before a scan.

 

If all is good: Happy safe surfing out there.


How Can I Reduce My Risk to Malware?


#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 23 January 2015 - 05:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users