Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by Jasiu at 2015-07-16 22:51:10 Run:3 Running from C:\Users\Jasiu\Desktop\frst Loaded Profiles: Jasiu (Available Profiles: Jasiu) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Task: {244EA8EB-A876-41F7-A5A5-C60B279EBDC8} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe S2 RsMgrSvc; No ImagePath BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat No File RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Program Files (x86)\GUM4B64.tmp RemoveDirectory: C:\Program Files (x86)\Rising RemoveDirectory: C:\ProgramData\Rising RemoveDirectory: C:\RavBin CMD: del /q C:\Users\Jasiu\Downloads\tz51hegy.exe CMD: del /q C:\WINDOWS\SysWOW64\vpatch.dll Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v RSDTRAY /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v RavTRAY /f Hosts: EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{244EA8EB-A876-41F7-A5A5-C60B279EBDC8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{244EA8EB-A876-41F7-A5A5-C60B279EBDC8}" => key removed successfully C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}" => key removed successfully RsMgrSvc => Service removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully "HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully "C:\AdwCleaner" => removed successfully. "C:\FRST\Quarantine" => removed successfully. "C:\Program Files (x86)\GUM4B64.tmp" => removed successfully. "C:\Program Files (x86)\Rising" => removed successfully. "C:\ProgramData\Rising" => removed successfully. could not remove "C:\RavBin" => Scheduled to remove on reboot. ========= del /q C:\Users\Jasiu\Downloads\tz51hegy.exe ========= ========= End of CMD: ========= ========= del /q C:\WINDOWS\SysWOW64\vpatch.dll ========= ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v RSDTRAY /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v RavTRAY /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. EmptyTemp: => 10.7 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-16 22:58:46)<= C:\RavBin => removed successfully ==== End of Fixlog 22:58:47 ====