Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Tadek at 2013-10-19 17:16:33 Run:1
Running from F:\vir
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{7966a5fb-d22f-80fd-46e9-8d6d4533e422}\ \ \???\{7966a5fb-d22f-80fd-46e9-8d6d4533e422}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
HKLM\...\Run: [NPSStartup] - [x]
HKCU\...\Run: [NETIANET] - D:\netianet.exe
HKCU\...\Run: [NTRedirect] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Tadek\Dane aplikacji\BabSolution\Shared\enhancedNT.dll",Run
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [AS2014] - C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3.exe [578712 2013-10-17] ()
MountPoints2: {1198a5ce-8743-11de-a5f2-000e50f26a08} - G:\n0euybx.exe
AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ 2013-10-01] ()
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=842D0015F2CC72F1&affID=119357&tt=070813_wt4&tsp=4972
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [x]
C:\Program Files\Google
C:\Documents and Settings\Tadek\Ustawienia lokalne\Dane aplikacji\Google
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3
C:\Documents and Settings\All Users\Dane aplikacji\Babylon
C:\Documents and Settings\Tadek\Dane aplikacji\BabSolution
C:\Documents and Settings\Tadek\Dane aplikacji\Babylon
C:\Documents and Settings\Tadek\Dane aplikacji\File Scout
C:\Documents and Settings\Tadek\Pulpit\Antivirus Security Pro.lnk
C:\Documents and Settings\Tadek\Pulpit\Antivirus Security Pro support.url
C:\Documents and Settings\Tadek\Menu Start\Programy\Antivirus Security Pro
C:\WINDOWS\Tasks\EPUpdater.job
C:\WINDOWS\Tasks\1-Click Maintenance.job
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f
*****************

*etadpug => Service deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NETIANET => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1198a5ce-8743-11de-a5f2-000e50f26a08} => Key deleted successfully.
HKCR\CLSID\{1198a5ce-8743-11de-a5f2-000e50f26a08} => Key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
PCAMPR5 => Service deleted successfully.

"C:\Program Files\Google" directory move:

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe => Moved successfully.
Could not move "C:\Program Files\Google" directory. => Scheduled to move on reboot.


"C:\Documents and Settings\Tadek\Ustawienia lokalne\Dane aplikacji\Google" directory move:

Could not move "C:\Documents and Settings\Tadek\Ustawienia lokalne\Dane aplikacji\Google" directory. => Scheduled to move on reboot.


"C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3" directory move:

Could not move "C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3aawsSggg.in" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3aawsSggg.lg" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3rg => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\serv.bat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3" directory. => Scheduled to move on reboot.

C:\Documents and Settings\All Users\Dane aplikacji\Babylon => Moved successfully.
C:\Documents and Settings\Tadek\Dane aplikacji\BabSolution => Moved successfully.
C:\Documents and Settings\Tadek\Dane aplikacji\Babylon => Moved successfully.
C:\Documents and Settings\Tadek\Dane aplikacji\File Scout => Moved successfully.
C:\Documents and Settings\Tadek\Pulpit\Antivirus Security Pro.lnk => Moved successfully.
C:\Documents and Settings\Tadek\Pulpit\Antivirus Security Pro support.url => Moved successfully.
C:\Documents and Settings\Tadek\Menu Start\Programy\Antivirus Security Pro => Moved successfully.
C:\WINDOWS\Tasks\EPUpdater.job => Moved successfully.
C:\WINDOWS\Tasks\1-Click Maintenance.job => Moved successfully.

========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


=========== Result of Scheduled Files to move ===========

"C:\Program Files\Google" => Directory could not move.
C:\Documents and Settings\Tadek\Ustawienia lokalne\Dane aplikacji\Google => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3aawsSggg.in => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3\gXlpUnr3aawsSggg.lg => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\gXlpUnr3 => Moved successfully.

==== End of Fixlog ====