Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by KamilPC at 2014-04-04 14:03:56 Run:1 Running from C:\Users\KamilPC\Desktop\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** IFEO\avcenter.exe: [Debugger] nsjw.exe IFEO\avguard.exe: [Debugger] nsjw.exe IFEO\avp.exe: [Debugger] nsjw.exe IFEO\bdagent.exe: [Debugger] nsjw.exe IFEO\ccuac.exe: [Debugger] nsjw.exe IFEO\ComboFix.exe: [Debugger] nsjw.exe IFEO\egui.exe: [Debugger] nsjw.exe IFEO\hijackthis.exe: [Debugger] nsjw.exe IFEO\keyscrambler.exe: [Debugger] nsjw.exe IFEO\mbam.exe: [Debugger] nsjw.exe IFEO\MpCmdRun.exe: [Debugger] nsjw.exe IFEO\MSASCui.exe: [Debugger] nsjw.exe IFEO\MsMpEng.exe: [Debugger] nsjw.exe IFEO\msseces.exe: [Debugger] nsjw.exe IFEO\spybotsd.exe: [Debugger] nsjw.exe IFEO\wireshark.exe: [Debugger] nsjw.exe IFEO\zlclient.exe: [Debugger] nsjw.exe StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\ProgramData\335936624.exe C:\Users\KamilPC\AppData\Roaming\system.ini C:\Users\KamilPC\AppData\Roaming\msconfig.ini Reg: reg delete "HKCU\Software\Microsoft\Windows Script" /f Reg: reg delete "HKCU\Software\Microsoft\Windows Script Host" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule Reboot: ***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. C:\ProgramData\335936624.exe => Moved successfully. C:\Users\KamilPC\AppData\Roaming\system.ini => Moved successfully. C:\Users\KamilPC\AppData\Roaming\msconfig.ini => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Windows Script" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows Script Host" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Schedule ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule AtTaskMaxHours REG_DWORD 0x48 DisplayName REG_SZ @%SystemRoot%\system32\schedsvc.dll,-100 Group REG_SZ SchedulerGroup ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Description REG_SZ @%SystemRoot%\system32\schedsvc.dll,-101 ObjectName REG_SZ LocalSystem ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x4 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ RPCSS\0EventLog ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeIncreaseQuotaPrivilege\0SeChangeNotifyPrivilege\0SeAuditPrivilege\0SeImpersonatePrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeRestorePrivilege FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Security ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====