Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013 Ran by Asia at 2013-09-24 16:05:39 Run:1 Running from C:\Users\Asia\Desktop\sprawdzanie kompa Boot Mode: Normal ============================================== Content of fixlist: ***************** U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\ \...\???\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [AS2014] - C:\ProgramData\XnVXnUa3\XnVXnUa3.exe HKLM\...\Run: [AS2014] - C:\ProgramData\XnVXnUa3\XnVXnUa3.exe HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\XnVXnUa3\XnVXnUa3.exe -sm, BHO-x32: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files (x86)\Smart Suggestor\SmartSuggestor.dll (Think Tank Labs, LLC) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] DeleteJunctionsInDirectory: C:\Program Files\Windows Defender C:\Program Files (x86)\Google\Desktop C:\Users\Asia\AppData\Local\Google\Desktop C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro C:\Users\Asia\AppData\Roaming\sp_data.sys C:\ProgramData\Trend Micro C:\Windows\system32\AutoRunFilter.ini C:\Windows\system32\ServiceFilter.ini C:\Windows\system32\TmInstall.log C:\Windows\SysWOW64\TmInstall.log Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{520BD054-EEEE-487c-84E8-D5B2DFFE5C18}" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{520BD054-EEEE-487c-84E8-D5B2DFFE5C18}" /f ***************** *etadpug => Service deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DB536AF2-E422-402d-B7FD-887297F1A198} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\pl-PL" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files (x86)\Google\Desktop" directory move: Could not move "C:\Program Files (x86)\Google\Desktop" directory. => Scheduled to move on reboot. C:\Users\Asia\AppData\Local\Google\Desktop => Moved successfully. C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro => Moved successfully. C:\Users\Asia\AppData\Roaming\sp_data.sys => Moved successfully. C:\ProgramData\Trend Micro => Moved successfully. C:\Windows\system32\AutoRunFilter.ini => Moved successfully. C:\Windows\system32\ServiceFilter.ini => Moved successfully. C:\Windows\system32\TmInstall.log => Moved successfully. C:\Windows\SysWOW64\TmInstall.log => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{520BD054-EEEE-487c-84E8-D5B2DFFE5C18}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{520BD054-EEEE-487c-84E8-D5B2DFFE5C18}" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= =========== Result of Scheduled Files to move =========== C:\Program Files (x86)\Google\Desktop => Moved successfully. ==== End of Fixlog ====