Anonim / 3 lata, 2 miesiące temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Ania at 2014-10-07 14:47:07 Run:1
Running from C:\Users\Ania\Downloads
Loaded Profile: Ania (Available profiles: Ania)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3377700808-3834137938-1829102649-1001\...\Run: [Yahoo! Search] => C:\Users\Ania\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F52B1D4F-05F3-4CB3-AE62-E372E65CDAA4} URL = 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
C:\AdwCleaner
C:\Program Files (x86)\ClearThink
C:\Program Files (x86)\Mega Browse
Task: {00D72122-28A1-4193-B6D0-954324D85F6B} - System32\Tasks\PennyBee => C:\Users\Ania\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {20691260-CCFD-423D-84AC-5F7EDB94F4DA} - System32\Tasks\Yahoo! Search Udpater => C:\Users\Ania\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe
Task: C:\WINDOWS\Tasks\PennyBee.job => C:\Users\Ania\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-3377700808-3834137938-1829102649-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F52B1D4F-05F3-4CB3-AE62-E372E65CDAA4}" => Key deleted successfully.
"HKCR\CLSID\{F52B1D4F-05F3-4CB3-AE62-E372E65CDAA4}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ewusbnet => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Program Files (x86)\ClearThink => Moved successfully.
C:\Program Files (x86)\Mega Browse => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D72122-28A1-4193-B6D0-954324D85F6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D72122-28A1-4193-B6D0-954324D85F6B}" => Key deleted successfully.
C:\Windows\System32\Tasks\PennyBee => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20691260-CCFD-423D-84AC-5F7EDB94F4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20691260-CCFD-423D-84AC-5F7EDB94F4DA}" => Key deleted successfully.
C:\Windows\System32\Tasks\Yahoo! Search Udpater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Udpater" => Key deleted successfully.
C:\WINDOWS\Tasks\PennyBee.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====