Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015 Ran by Daria at 2015-06-29 20:37:01 Run:3 Running from C:\Users\Daria\Desktop Loaded Profiles: Daria (Available Profiles: Daria) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: DisableService: sptd S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-06-27] (ESET) R1 FSES; C:\Windows\System32\drivers\fses.sys [44496 2009-11-26] (F-Secure Corporation) Task: {2C9E5B6C-DBB5-4C30-AFD6-52E1E1BA201B} - System32\Tasks\{FEC07447-FECD-4798-BFDE-4D2B6E80C793} => pcalua.exe -a "E:\Windows98 Driver\setup.exe" -d "E:\Windows98 Driver" Task: {2D2A657D-2E70-4DE8-BF27-573CEEF5B644} - System32\Tasks\{755C5001-591A-4CEE-A4AC-F7E29DB4206D} => pcalua.exe -a C:\Users\Daria\Desktop\Shockwave_Installer_Slim.exe -d C:\Users\Daria\Desktop Task: {308B6619-5C77-4559-B4E8-1B8D79186A3A} - System32\Tasks\{66BF84A6-3F09-4409-B2E8-5D7A269E9046} => pcalua.exe -a "C:\Users\Daria\Desktop\Nowy folder\setup.EXE" -d "C:\Users\Daria\Desktop\Nowy folder" Task: {3BB17040-A85C-4F9E-AB5B-7154AFCABD5B} - System32\Tasks\{A1ECF8DC-57BB-443F-A209-9C32471889B7} => pcalua.exe -a C:\Windows\IsUn0415.exe -c -f"C:\Program Files (x86)\SuperMemo UX\Courses\Angielski No Problem 3\Uninst.isu" Task: {3E5DAED4-351E-4A47-BD9C-886032F672F0} - System32\Tasks\{BD7C3AB6-A836-4A01-A1D7-B7A0527AAE02} => C:\Program Files (x86)\MATLAB71\bin\win32\MATLAB.exe Task: {671714E5-0553-4E26-A4E3-19BA007E7F96} - System32\Tasks\{EABC7668-1F5D-4634-8D15-C6CD379F2132} => pcalua.exe -a "C:\Program Files (x86)\MATLAB71\uninstall\uninstall.exe" -c C:\Program Files (x86)\MATLAB71\ Task: {6C1A83EB-7520-4462-BF12-A6C9444CC481} - System32\Tasks\{4FDA19A2-4C1B-4B01-9654-B1D0B1299F9A} => pcalua.exe -a C:\Users\Daria\Desktop\securew2_win.exe -d C:\Users\Daria\Desktop Task: {6CA10C05-723B-47B8-9999-3BE55FFCF5E1} - System32\Tasks\{D61306E0-FB69-485C-AB01-4A38723CE090} => pcalua.exe -a "C:\Program Files (x86)\F-Secure\Uninstall\fsuninst.exe" -c /UninstRegKey:"F-Secure Anti-Virus" Task: {B6563DD4-D281-4287-BC77-391C054A5035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1153746196-1546038390-1762079413-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\...\Run: [IRNeroReboot] => "C:\Users\Daria\Desktop\Nero_BurningROM2015_setup-16.3c_trial.exe" /reboot="1" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Program Files\ESET C:\ProgramData\AVAST Software C:\ProgramData\ESET C:\ProgramData\Temp C:\Users\Daria\AppData\Local\cache C:\Users\Daria\AppData\Local\Mozilla C:\Users\Daria\AppData\Roaming\Mozilla C:\Users\Daria\AppData\Roaming\TuneUp Software C:\Users\Daria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk C:\Windows\system32\Drivers\ESETCleanersDriver.sys C:\Windows\system32\Drivers\fses.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure Manager" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure TNB" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-516" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader" /f Reg: reg query HKLM\System\CurentControlSet\Services\Eaphost\Methods /s CMD: netsh advfirewall reset CMD: type C:\Windows\system32\Drivers\etc\hosts ***************** Processes closed successfully. Restore point was successfully created. sptd service was disabled ESETCleanersDriver => Service removed successfully FSES => Service stopped successfully. FSES => Service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C9E5B6C-DBB5-4C30-AFD6-52E1E1BA201B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C9E5B6C-DBB5-4C30-AFD6-52E1E1BA201B}" => key removed successfully C:\Windows\System32\Tasks\{FEC07447-FECD-4798-BFDE-4D2B6E80C793} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEC07447-FECD-4798-BFDE-4D2B6E80C793}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D2A657D-2E70-4DE8-BF27-573CEEF5B644}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2A657D-2E70-4DE8-BF27-573CEEF5B644}" => key removed successfully C:\Windows\System32\Tasks\{755C5001-591A-4CEE-A4AC-F7E29DB4206D} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{755C5001-591A-4CEE-A4AC-F7E29DB4206D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{308B6619-5C77-4559-B4E8-1B8D79186A3A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{308B6619-5C77-4559-B4E8-1B8D79186A3A}" => key removed successfully C:\Windows\System32\Tasks\{66BF84A6-3F09-4409-B2E8-5D7A269E9046} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BF84A6-3F09-4409-B2E8-5D7A269E9046}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BB17040-A85C-4F9E-AB5B-7154AFCABD5B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB17040-A85C-4F9E-AB5B-7154AFCABD5B}" => key removed successfully C:\Windows\System32\Tasks\{A1ECF8DC-57BB-443F-A209-9C32471889B7} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1ECF8DC-57BB-443F-A209-9C32471889B7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E5DAED4-351E-4A47-BD9C-886032F672F0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E5DAED4-351E-4A47-BD9C-886032F672F0}" => key removed successfully C:\Windows\System32\Tasks\{BD7C3AB6-A836-4A01-A1D7-B7A0527AAE02} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD7C3AB6-A836-4A01-A1D7-B7A0527AAE02}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{671714E5-0553-4E26-A4E3-19BA007E7F96}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671714E5-0553-4E26-A4E3-19BA007E7F96}" => key removed successfully C:\Windows\System32\Tasks\{EABC7668-1F5D-4634-8D15-C6CD379F2132} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EABC7668-1F5D-4634-8D15-C6CD379F2132}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1A83EB-7520-4462-BF12-A6C9444CC481}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1A83EB-7520-4462-BF12-A6C9444CC481}" => key removed successfully C:\Windows\System32\Tasks\{4FDA19A2-4C1B-4B01-9654-B1D0B1299F9A} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4FDA19A2-4C1B-4B01-9654-B1D0B1299F9A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CA10C05-723B-47B8-9999-3BE55FFCF5E1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CA10C05-723B-47B8-9999-3BE55FFCF5E1}" => key removed successfully C:\Windows\System32\Tasks\{D61306E0-FB69-485C-AB01-4A38723CE090} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D61306E0-FB69-485C-AB01-4A38723CE090}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6563DD4-D281-4287-BC77-391C054A5035}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6563DD4-D281-4287-BC77-391C054A5035}" => key removed successfully C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1153746196-1546038390-1762079413-1000 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-1153746196-1546038390-1762079413-1000" => key removed successfully HKU\S-1-5-21-1153746196-1546038390-1762079413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IRNeroReboot => value removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully C:\Program Files\ESET => moved successfully. C:\ProgramData\AVAST Software => moved successfully. C:\ProgramData\ESET => moved successfully. C:\ProgramData\Temp => moved successfully. C:\Users\Daria\AppData\Local\cache => moved successfully. "C:\Users\Daria\AppData\Local\Mozilla" => File/Folder not found. C:\Users\Daria\AppData\Roaming\Mozilla => moved successfully. C:\Users\Daria\AppData\Roaming\TuneUp Software => moved successfully. C:\Users\Daria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk => moved successfully. C:\Windows\system32\Drivers\ESETCleanersDriver.sys => moved successfully. C:\Windows\system32\Drivers\fses.sys => moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure Manager" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure TNB" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-516" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_ssl_v12" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\System\CurentControlSet\Services\Eaphost\Methods /s ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= type C:\Windows\system32\Drivers\etc\hosts ========= # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 127.0.0.1 mistrzowie.org 127.0.0.1 www.mistrzowie.org 127.0.0.1 ipuzzle.pl 127.0.0.1 www.ipuzzle.pl 127.0.0.1 puzzle-online.pl 127.0.0.1 www.puzzle-online.pl 127.0.0.1 demotywatory.pl 127.0.0.1 www.demotywatory.pl 127.0.0.1 kwejk.pl 127.0.0.1 www.kwejk.pl 127.0.0.1 www.gry.jeja.pl 127.0.0.1 gry.jeja.pl 127.0.0.1 www.wyspagier.pl 127.0.0.1 wyspagier.pl 127.0.0.1 www.wellgames.com 127.0.0.1 wellgames.com 127.0.0.1 giercownia.pl 127.0.0.1 www.giercownia.pl 127.0.0.1 pudelek.pl 127.0.0.1 www.pudelek.pl 127.0.0.1 bezuzyteczna.pl 127.0.0.1 www.bezuzyteczna.pl 127.0.0.1 pasjans.org 127.0.0.1 www.pasjans.org 127.0.0.1 bezlitosne.pl 127.0.0.1 www.bezlitosne.pl 127.0.0.1 activate.adobe.com 127.0.0.1 preactivate.adobe.com 127.0.0.1 adobeereg.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 www.redtube.com 127.0.0.1 192.150.18.108 127.0.0.1 activate.adobe.com:443 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 redtube.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 s1.skijumpmania.com/ 127.0.0.1 www.s1.skijumpmania.com/ 127.0.0.1 skijumpmania.com 127.0.0.1 www.skijumpmania.com 127.0.0.1 pasjans-online.pl 127.0.0.1 www.pasjans-online.pl 127.0.0.1 chamsko.pl 127.0.0.1 www.chamsko.pl 127.0.0.1 jebzdzidy.pl 127.0.0.1 www.jebzdzidy.pl 127.0.0.1 fishki.pl 127.0.0.1 www.fishki.pl 127.0.0.1 www.blockpuzzle.com 127.0.0.1 blockpuzzle.com 127.0.0.1 yafud.pl 127.0.0.1 www.yafud.pl ========= End of CMD: ========= The system needed a reboot.. ==== End of Fixlog 20:37:47 ====