Anonim / 2 lata, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by Izabela at 2015-04-18 08:13:40 Run:1
Running from C:\Documents and Settings\Izabela\Moje dokumenty\Pobieranie
Loaded Profiles: Izabela (Available profiles: Izabela)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABCAFoANgAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADYANwA1AD (the data entry has 213 more characters).
HKU\S-1-5-21-789336058-179605362-1801674531-1004\...\MountPoints2: {8f9c2774-05ca-11df-b106-0040f490939a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-789336058-179605362-1801674531-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-789336058-179605362-1801674531-1004 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-789336058-179605362-1801674531-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S4 IntelIde; No ImagePath
S2 ivelazxn; \??\C:\WINDOWS\system32\drivers\fhyiovmluykumhb.sys [X]
2015-04-17 20:49 - 2015-04-17 20:51 - 00000000 ____D () C:\AdwCleaner
2013-06-26 18:00 - 2014-06-23 06:12 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
C:\Documents and Settings\Izabela\Dane aplikacji\*.exe
C:\Documents and Settings\All Users\*.log
CustomCLSID: HKU\S-1-5-21-789336058-179605362-1801674531-1004_Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\InprocServer32 -> C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-789336058-179605362-1801674531-1004_Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}\InprocServer32 -> C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{C771EF2C-89E8-420B-8673-2CFA4067B7C9}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-179605362-1801674531-1004Core.job => C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-179605362-1801674531-1004UA.job => C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  logowanie.job => C:\WINDOWS\system32\xp_eos.exe
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully.
"HKU\S-1-5-21-789336058-179605362-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f9c2774-05ca-11df-b106-0040f490939a}" => Key deleted successfully.
HKCR\CLSID\{8f9c2774-05ca-11df-b106-0040f490939a} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-789336058-179605362-1801674531-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-789336058-179605362-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.
"HKU\S-1-5-21-789336058-179605362-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
catchme => Service deleted successfully.
EagleNT => Service deleted successfully.
EagleXNt => Service deleted successfully.
IntelIde => Service deleted successfully.
ivelazxn => Service deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
C:\Documents and Settings\Izabela\Dane aplikacji\*.exe => Moved successfully.
C:\Documents and Settings\All Users\*.log => Moved successfully.
HKU\S-1-5-21-789336058-179605362-1801674531-1004_Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found. 
HKU\S-1-5-21-789336058-179605362-1801674531-1004_Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} => Key not found. 
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-179605362-1801674531-1004Core.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-789336058-179605362-1801674531-1004UA.job => Moved successfully.
C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  co miesiąc.job => Moved successfully.
C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  logowanie.job => Moved successfully.
EmptyTemp: => Removed 6.7 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 08:18:07 ====