Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014 Ran by admin at 2014-09-17 14:26:54 Run:2 Running from C:\rosita\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_20\bin\jusched.exe" DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda) R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [214592 2014-08-08] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40768 2014-08-08] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [68288 2014-08-08] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [37696 2014-08-08] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Program Files\Elex-tech\YAC\iSafeNetFilter.sys [55464 2014-08-06] (Elex do Brasil Participações Ltda) C:\appstoredl C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy C:\Documents and Settings\All Users\Menu Start\YAC.lnk C:\Documents and Settings\All Users\Menu Start\Programy\YAC C:\Documents and Settings\All Users\Pulpit\YAC.lnk C:\Documents and Settings\admin\Dane aplikacji\computer software market C:\Documents and Settings\admin\Dane aplikacji\isafeYAC App Store C:\Documents and Settings\admin\Dane aplikacji\eCyber C:\Documents and Settings\admin\Dane aplikacji\iSafe C:\Documents and Settings\admin\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\YAC.lnk C:\Documents and Settings\admin\Start Menu\Programs\Browser Manager C:\Program Files\Elex-tech C:\Program Files\Spybot - Search & Destroy C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\tor /s ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key Deleted successfully. "HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully. iSafeService => Service deleted successfully. iSafeKrnl => Service stopped successfully. iSafeKrnl => Service deleted successfully. iSafeKrnlBoot => Service deleted successfully. iSafeKrnlKit => Service stopped successfully. iSafeKrnlKit => Service deleted successfully. iSafeKrnlR3 => Service stopped successfully. iSafeKrnlR3 => Service deleted successfully. iSafeNetFilter => Unable to stop service iSafeNetFilter => Service deleted successfully. C:\appstoredl => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy => Moved successfully. C:\Documents and Settings\All Users\Menu Start\YAC.lnk => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\YAC => Moved successfully. C:\Documents and Settings\All Users\Pulpit\YAC.lnk => Moved successfully. C:\Documents and Settings\admin\Dane aplikacji\computer software market => Moved successfully. C:\Documents and Settings\admin\Dane aplikacji\isafeYAC App Store => Moved successfully. C:\Documents and Settings\admin\Dane aplikacji\eCyber => Moved successfully. C:\Documents and Settings\admin\Dane aplikacji\iSafe => Moved successfully. C:\Documents and Settings\admin\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\YAC.lnk => Moved successfully. C:\Documents and Settings\admin\Start Menu\Programs\Browser Manager => Moved successfully. C:\Program Files\Elex-tech => Moved successfully. C:\Program Files\Spybot - Search & Destroy => Moved successfully. C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys => Moved successfully. ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\tor /s ========= ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tor Type REG_DWORD 0x10 Start REG_DWORD 0x2 ErrorControl REG_DWORD 0x0 ImagePath REG_EXPAND_SZ "C:\Program Files\Tor\tor.exe" --nt-service "-ControlPort" "9051" DisplayName REG_SZ Tor Win32 Service ObjectName REG_SZ NT AUTHORITY\LocalService Description REG_SZ Provides an anonymous Internet communication system HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tor\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tor\Enum 0 REG_SZ Root\LEGACY_TOR\0000 Count REG_DWORD 0x1 NextInstance REG_DWORD 0x1 ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====