Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 Ran by Ja at 2015-05-26 15:37:57 Run:1 Running from G:\groch Loaded Profiles: UpdatusUser & Ja (Available Profiles: UpdatusUser & Ja & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f GroupPolicyUsers\S-1-5-21-2473729197-2336158867-2275122229-1000\User: Group Policy Restriction detected <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2473729197-2336158867-2275122229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com HKU\S-1-5-21-2473729197-2336158867-2275122229-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Toolbar: HKU\S-1-5-21-2473729197-2336158867-2275122229-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] U3 BcmSqlStartupSvc; No ImagePath U2 CLKMSVC10_3A60B698; No ImagePath U2 CLKMSVC10_C3B3B687; No ImagePath U2 DriverService; No ImagePath U2 iATAgentService; No ImagePath U2 idealife Update Service; No ImagePath U3 IGRS; No ImagePath U2 IviRegMgr; No ImagePath U2 Oasis2Service; No ImagePath U2 PCCarerService; No ImagePath U2 ReadyComm.DirectRouter; No ImagePath U2 RichVideo; No ImagePath U2 RtLedService; No ImagePath U2 SeaPort; No ImagePath U2 SoftwareService; No ImagePath U3 SQLWriter; No ImagePath C:\ProgramData\Comodo C:\Program Files\McAfee C:\Program Files (x86)\McAfee C:\ProgramData\McAfee C:\Program Files (x86)\ESET Task: {BC6A0641-F08C-4210-AFEC-8076539CF144} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisED6A.exe <==== ATTENTION Task: {34A034AC-4714-4084-B30C-E2C656A12E78} - System32\Tasks\{5D3891FE-7BEC-4678-A293-CE2D64F0729E} => pcalua.exe -a F:\setup.exe -d F:\ Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\windows\system32\GroupPolicyUsers\S-1-5-21-2473729197-2336158867-2275122229-1000\User => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully "HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value Removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value Removed successfully HKU\S-1-5-21-2473729197-2336158867-2275122229-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKU\S-1-5-21-2473729197-2336158867-2275122229-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value. HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-2473729197-2336158867-2275122229-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => key Removed successfully HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => key not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found. BcmSqlStartupSvc => Service Removed successfully CLKMSVC10_3A60B698 => Service Removed successfully CLKMSVC10_C3B3B687 => Service Removed successfully DriverService => Service Removed successfully iATAgentService => Service Removed successfully idealife Update Service => Service Removed successfully IGRS => Service Removed successfully IviRegMgr => Service Removed successfully Oasis2Service => Service Removed successfully PCCarerService => Service Removed successfully ReadyComm.DirectRouter => Service Removed successfully RichVideo => Service Removed successfully RtLedService => Service Removed successfully SeaPort => Service Removed successfully SoftwareService => Service Removed successfully SQLWriter => Service Removed successfully C:\ProgramData\Comodo => Moved successfully. C:\Program Files\McAfee => Moved successfully. C:\Program Files (x86)\McAfee => Moved successfully. C:\ProgramData\McAfee => Moved successfully. "C:\Program Files (x86)\ESET" => File/Folder not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC6A0641-F08C-4210-AFEC-8076539CF144}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC6A0641-F08C-4210-AFEC-8076539CF144}" => key Removed successfully C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34A034AC-4714-4084-B30C-E2C656A12E78}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34A034AC-4714-4084-B30C-E2C656A12E78}" => key Removed successfully C:\Windows\System32\Tasks\{5D3891FE-7BEC-4678-A293-CE2D64F0729E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D3891FE-7BEC-4678-A293-CE2D64F0729E}" => key Removed successfully ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= EmptyTemp: => Removed 581.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:38:09 ====