Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014 Ran by Primus Girrafus at 2014-12-20 11:23:44 Run:2 Running from C:\Documents and Settings\Primus Girrafus\Pulpit\programy Loaded Profile: Primus Girrafus (Available profiles: Primus Girrafus) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\uTorrent\uTorrent.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\eMule\emule.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKU\S-1-5-21-776561741-1935655697-839522115-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} S2 ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys [X] S3 catchme; \??\C:\DOCUME~1\PRIMUS~1\USTAWI~1\Temp\catchme.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software C:\Documents and Settings\Primus Girrafus\Doctor Web C:\Documents and Settings\Primus Girrafus\Dane aplikacji\TuneUp Software C:\Documents and Settings\Primus Girrafus\Ustawienia lokalne\Dane aplikacji\nsf40.tmp C:\Program Files\TuneUp Utilities 2013 C:\WINNT\system32\config\Doctor Web.evt C:\WINNT\system32\config\TuneUp.evt CMD: sc config Eventlog start= auto Reg: reg add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Local Page" /t REG_SZ /d C:\WINNT\System32\blank.htm /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /v Tabs /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reboot: ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. "HKU\S-1-5-21-776561741-1935655697-839522115-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully. ATE_PROCMON => Service deleted successfully. catchme => Service deleted successfully. pccsmcfd => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software => Moved successfully. C:\Documents and Settings\Primus Girrafus\Doctor Web => Moved successfully. C:\Documents and Settings\Primus Girrafus\Dane aplikacji\TuneUp Software => Moved successfully. C:\Documents and Settings\Primus Girrafus\Ustawienia lokalne\Dane aplikacji\nsf40.tmp => Moved successfully. C:\Program Files\TuneUp Utilities 2013 => Moved successfully. Could not move "C:\WINNT\system32\config\Doctor Web.evt" => Scheduled to move on reboot. Could not move "C:\WINNT\system32\config\TuneUp.evt" => Scheduled to move on reboot. ========= sc config Eventlog start= auto ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= reg add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Local Page" /t REG_SZ /d C:\WINNT\System32\blank.htm /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /v Tabs /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-20 11:27:21)<= "C:\WINNT\system32\config\Doctor Web.evt" => File could not move. "C:\WINNT\system32\config\TuneUp.evt" => File could not move. ==== End of Fixlog ====