Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by admin at 2013-10-14 19:35:05 Run:2
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\ \...\???\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [RestrictRun] 0
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKLM-x32\...\Run: [tuto4pc_pl_17] - [x]
Task: {247463FE-FD5F-40EC-BE19-9118AB08F2F6} - System32\Tasks\0 => Iexplore.exe
Task: {32065735-1A8A-4CF8-BCE8-F36624A53C61} - System32\Tasks\4702 => C:\Users\admin\AppData\Local\Temp\launchie.vbsC:\Users\admin\AppData\Local\Temp\launchie.vbs //B
AlternateDataStreams: C:\Users\admin\Local Settings:qZ8udoIq3xBhSNPTcITW
AlternateDataStreams: C:\Users\admin\AppData\Local:qZ8udoIq3xBhSNPTcITW
AlternateDataStreams: C:\Users\admin\AppData\Local\Application Data:qZ8udoIq3xBhSNPTcITW
AlternateDataStreams: C:\Users\admin\AppData\Local\Temporary Internet Files:FLGftShT5xX4DR6v27GgYjgx1FWgj
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
C:\Program Files (x86)\predm
C:\Program Files (x86)\Google\Desktop
C:\Users\admin\AppData\Local\Google\Desktop
C:\Users\admin\Desktop\Antivirus Security Pro.lnk
C:\Users\admin\Desktop\Antivirus Security Pro support.url
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
C:\Users\admin\AppData\Roaming\logs
C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
CMD: netsh winsock reset
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f
Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
*****************

*etadpug => Service deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tuto4pc_pl_17 => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{247463FE-FD5F-40EC-BE19-9118AB08F2F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{247463FE-FD5F-40EC-BE19-9118AB08F2F6} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32065735-1A8A-4CF8-BCE8-F36624A53C61} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32065735-1A8A-4CF8-BCE8-F36624A53C61} => Key deleted successfully.
C:\Windows\System32\Tasks\4702 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4702 => Key deleted successfully.
"C:\Users\admin\Local Settings" => ":qZ8udoIq3xBhSNPTcITW" ADS not found.
C:\Users\admin\AppData\Local => ":qZ8udoIq3xBhSNPTcITW" ADS removed successfully.
"C:\Users\admin\AppData\Local\Application Data" => ":qZ8udoIq3xBhSNPTcITW" ADS not found.
"C:\Users\admin\AppData\Local\Temporary Internet Files" => ":FLGftShT5xX4DR6v27GgYjgx1FWgj" ADS not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => Key deleted successfully.
SwitchBoard => Service deleted successfully.
catchme => Service deleted successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\Program Files (x86)\Google\Desktop => Moved successfully.
C:\Users\admin\AppData\Local\Google\Desktop => Moved successfully.
C:\Users\admin\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\admin\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro => Moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => Moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js => Moved successfully.
C:\Users\admin\AppData\Roaming\logs => Moved successfully.
C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\pl-PL" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\IpsConsumer.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpUtil.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisNetIP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisPerformanceProvider.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\pl-pl" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

=========  netsh winsock reset =========


Pomy�lnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi� komputer, aby uko�czy� resetowanie.


========= End of CMD: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========



The system needs a manual reboot. 

==== End of Fixlog ====