REKLAMA

Fixlog.txt

SURFVOX jak to usunąć... meczę sie od rana... ;/

Proszę :) jeszcze nie sprawdzałem czy ok od razu wkleiłem


Pobierz plik - link do postu

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Dell at 2014-07-09 13:03:28 Run:4
Running from D:\Downloads\Nowy folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {0BB26B77-C23F-4EAF-8C57-828A3CFD05A7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000UA = & gt; C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-29] (Facebook Inc.)
Task: {15C689CD-2DD6-4008-B486-A23F9EC83E5E} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File & lt; ==== ATTENTION
Task: {1F22A632-4AC7-4E07-AEC3-34044D4B6227} - \QtraxPlayer No Task File & lt; ==== ATTENTION
Task: {2CC977B2-7360-47EB-B2F3-4C2612D3BF05} - \Program aktualizacji online firmy Adobe. No Task File & lt; ==== ATTENTION
Task: {AE54CC68-9B34-4624-B086-083EBD87004A} - \EPUpdater No Task File & lt; ==== ATTENTION
Task: {BAB9E0A8-6A2D-4802-8AF3-92E468A29C28} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File & lt; ==== ATTENTION
Task: {C3F787F3-AF93-4091-BDC4-594FD2503956} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000Core = & gt; C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-29] (Facebook Inc.)
Task: {C89426E8-7F13-4694-89B9-4806E1A612F1} - \BackgroundContainer Startup Task No Task File & lt; ==== ATTENTION
Task: {D650A12E-6199-4BDD-9B25-3E0D0BD1F01F} - \BonanzaDealsUpdate No Task File & lt; ==== ATTENTION
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:zc4EuKtsUqRny82DUXUUcNoKJein
AlternateDataStreams: C:\ProgramData\Microsoft:gfBPtYpp9ISFHaAodNtiElZkSbF
AlternateDataStreams: C:\ProgramData\Microsoft:gZZOtaYdeo5GKylpzNSS0fR
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4
AlternateDataStreams: C:\Users\Dell\AppData\Local\eGDX1A8ooUu:P5gnD0QiFkn8NpLz8oZPa
AlternateDataStreams: C:\Users\Dell\AppData\Local\Temporary Internet Files:0Z8W6xw3B0UTnvChSABSZrLJxc
() C:\ProgramData\Cpu\system32.exe
HKLM\...\Run: [CPU] = & gt; c:\programdata\cpu\cpu.bat [134 2013-11-24] ()
Winlogon\Notify\WB: E:\PROGRAMY\WidowsBlinds\fast64.dll [X]
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\...\Run: [Facebook Update] = & gt; C:\Users\Dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-29] (Facebook Inc.)
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\...\Run: [nvxasync] = & gt; C:\Users\Dell\AppData\Roaming\nvxasync\nvxasync.exe [76777472 2014-07-07] ()
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\nvxasync.exe & lt; ==== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {88C1E10F-8EBC-475D-B117-90CF59D430F3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms} & SearchSource=4 & ctid=CT3289075 & CUI=UN20818129958770232 & UM=1
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
CHR HomePage: hxxp://www.default-search.net?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=hmp
CHR StartupUrls: " hxxp://www.default-search.net?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=hmp "
CHR DefaultSearchKeyword: default-search.net
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: http://www.default-search.net/search?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=ds & p={searchTerms}
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-07-09 11:16 - 2014-07-09 11:16 - 00000000 _RSHD () C:\ProgramData\nvxasync
2014-07-07 20:01 - 2014-07-07 20:01 - 00000000 _RSHD () C:\Users\Dell\AppData\Roaming\nvxasync
2014-07-09 11:34 - 2013-07-29 20:29 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000UA.job
2014-07-08 20:34 - 2013-07-29 20:29 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000Core.job

==== End of Fixlog ====
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BB26B77-C23F-4EAF-8C57-828A3CFD05A7}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB26B77-C23F-4EAF-8C57-828A3CFD05A7}' = & gt; Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000UA = & gt; Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000UA' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15C689CD-2DD6-4008-B486-A23F9EC83E5E}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C689CD-2DD6-4008-B486-A23F9EC83E5E}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F22A632-4AC7-4E07-AEC3-34044D4B6227}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F22A632-4AC7-4E07-AEC3-34044D4B6227}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CC977B2-7360-47EB-B2F3-4C2612D3BF05}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CC977B2-7360-47EB-B2F3-4C2612D3BF05}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe.' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE54CC68-9B34-4624-B086-083EBD87004A}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE54CC68-9B34-4624-B086-083EBD87004A}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAB9E0A8-6A2D-4802-8AF3-92E468A29C28}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAB9E0A8-6A2D-4802-8AF3-92E468A29C28}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3F787F3-AF93-4091-BDC4-594FD2503956}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F787F3-AF93-4091-BDC4-594FD2503956}' = & gt; Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000Core = & gt; Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000Core' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C89426E8-7F13-4694-89B9-4806E1A612F1}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C89426E8-7F13-4694-89B9-4806E1A612F1}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D650A12E-6199-4BDD-9B25-3E0D0BD1F01F}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D650A12E-6199-4BDD-9B25-3E0D0BD1F01F}' = & gt; Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate' = & gt; Key deleted successfully.
C:\Program Files\Common Files\Microsoft Shared = & gt; " :zc4EuKtsUqRny82DUXUUcNoKJein " ADS removed successfully.
C:\ProgramData\Microsoft = & gt; " :gfBPtYpp9ISFHaAodNtiElZkSbF " ADS removed successfully.
C:\ProgramData\Microsoft = & gt; " :gZZOtaYdeo5GKylpzNSS0fR " ADS removed successfully.
C:\ProgramData\Nalpeiron = & gt; " :user.ns1 " ADS removed successfully.
C:\ProgramData\Nalpeiron = & gt; " :user.ns2 " ADS removed successfully.
C:\ProgramData\Nalpeiron = & gt; " :user.ns3 " ADS removed successfully.
C:\ProgramData\Nalpeiron = & gt; " :user.ns4 " ADS removed successfully.
C:\Users\Dell\AppData\Local\eGDX1A8ooUu = & gt; " :P5gnD0QiFkn8NpLz8oZPa " ADS removed successfully.
" C:\Users\Dell\AppData\Local\Temporary Internet Files " = & gt; " :0Z8W6xw3B0UTnvChSABSZrLJxc " ADS not found.
[2476] C:\ProgramData\Cpu\system32.exe = & gt; Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPU = & gt; value deleted successfully.
'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB' = & gt; Key deleted successfully.
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update = & gt; value deleted successfully.
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync = & gt; value deleted successfully.
HKU\S-1-5-21-2807089585-1247443018-2231508370-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell = & gt; value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page = & gt; Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope = & gt; Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88C1E10F-8EBC-475D-B117-90CF59D430F3}' = & gt; Key deleted successfully.
'HKCR\CLSID\{88C1E10F-8EBC-475D-B117-90CF59D430F3}'= & gt; Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} = & gt; value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'= & gt; Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} = & gt; value deleted successfully.
'HKCR\Wow6432Node\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}'= & gt; Key not found.
CHR HomePage: hxxp://www.default-search.net?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=hmp == & gt; The Chrome " Settings " can be used to fix the entry.
CHR StartupUrls: " hxxp://www.default-search.net?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=hmp " == & gt; The Chrome " Settings " can be used to fix the entry.
CHR DefaultSearchKeyword: default-search.net == & gt; The Chrome " Settings " can be used to fix the entry.
CHR DefaultSearchProvider: default-search.net == & gt; The Chrome " Settings " can be used to fix the entry.
CHR DefaultSearchURL: http://www.default-search.net/search?sid=476 & aid=114 & itype=a & ver=12302 & tm=309 & src=ds & p={searchTerms} == & gt; The Chrome " Settings " can be used to fix the entry.
catchme = & gt; Service deleted successfully.
C:\ProgramData\nvxasync = & gt; Moved successfully.
C:\Users\Dell\AppData\Roaming\nvxasync = & gt; Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000UA.job = & gt; Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2807089585-1247443018-2231508370-1000Core.job = & gt; Moved successfully.

==== End of Fixlog ====