Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01 Ran by User at 2014-01-09 00:29:15 Run:1 Running from C:\Documents and Settings\User\Pulpit Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** HKLM\...\Run: [dtmcfg] - C:\WINDOWS\system32\dtmcfg\dtmcfg.exe [1304576 2010-05-31] (Dyzmond Software) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=876&systemid=2&apn_uid=2313075238934124&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms} SearchScopes: HKCU - {12503EC9-CD77-4F88-A9DF-6B4CA6E603FC} URL = http://www.idg.pl?q={searchTerms} SearchScopes: HKCU - {41DEC4D4-99C4-4CE4-82A5-CC113490CA15} URL = http://www.idg.pl?q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=876&systemid=2&apn_uid=2313075238934124&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms} CHR HKLM\...\Chrome\Extension: [aaaapkgbncoppllbmlhjinokkjioaelp] - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\APN\GoogleCRXs\aaaapkgbncoppllbmlhjinokkjioaelp_7.14.1.0.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION NETSVC: cqoujr -> No Registry Path. R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies) U0 bjso; C:\Windows\System32\drivers\maxdyhc.sys [54016 2014-01-07] () U0 hsccce; C:\Windows\System32\drivers\antgjxek.sys [54016 2014-01-07] () S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x] S3 BT; system32\DRIVERS\btnetdrv.sys [x] S3 BTCOM; system32\DRIVERS\btcomport.sys [x] S3 BTCOMBUS; System32\Drivers\btcombus.sys [x] S3 Btcsrusb; System32\Drivers\btcusb.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 dump_wmimmc; \??\C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [x] S3 FXDrv32; \??\E:\FXDrv32.sys [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] S3 VComm; system32\DRIVERS\VComm.sys [x] S3 VcommMgr; System32\Drivers\VcommMgr.sys [x] C:\WINDOWS\vtimer C:\WINDOWS\system32\ipconfig_results.txt C:\WINDOWS\system32\dtmcfg C:\WINDOWS\system32\drivers\avgtpx86.sys C:\WINDOWS\system32\Drivers\maxdyhc.sys C:\WINDOWS\system32\Drivers\antgjxek.sys C:\Program Files\SecurityKISS Tunnel C:\Program Files\SmartTweak C:\Program Files\Spybot - Search & Destroy C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll C:\Documents and Settings\All Users\Dane aplikacji\Common Files C:\Documents and Settings\All Users\Dane aplikacji\Datamngr C:\Documents and Settings\All Users\Dane aplikacji\dtmcfg C:\Documents and Settings\All Users\Dane aplikacji\G DATA C:\Documents and Settings\All Users\Dane aplikacji\GFI Software C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software C:\Documents and Settings\LocalService\Dane aplikacji\Ad-Aware Antivirus C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak C:\Documents and Settings\MasterAdmin\7zS572.tmp C:\Documents and Settings\MasterAdmin\7zS56F.tmp C:\Documents and Settings\User\.android C:\Documents and Settings\User\daemonprocess.txt C:\Documents and Settings\User\Dane aplikacji\Ad-Aware Antivirus C:\Documents and Settings\User\Dane aplikacji\TuneUp Software C:\Documents and Settings\User\Dane aplikacji\VDownloader C:\Documents and Settings\User\Moje dokumenty\Mobogenie C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\cache C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\genienext C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mobogenie Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders Reg: reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders /v SecurityProviders /t REG_SZ /d "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: sc config ERSvc start= disabled CMD: sc config helpsvc start= disabled CMD: md "C:\Documents and Settings\User\Pulpit\Upload" CMD: xcopy /e "C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}" "C:\Documents and Settings\User\Pulpit\Upload" CMD: rundll32 wbemupgd, UpgradeRepository CMD: for %i in (C:\WINDOWS\system32\wbem\*.dll) do regsvr32 -s %i ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\dtmcfg => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12503EC9-CD77-4F88-A9DF-6B4CA6E603FC} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{12503EC9-CD77-4F88-A9DF-6B4CA6E603FC} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41DEC4D4-99C4-4CE4-82A5-CC113490CA15} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{41DEC4D4-99C4-4CE4-82A5-CC113490CA15} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\aaaapkgbncoppllbmlhjinokkjioaelp => Key deleted successfully. "C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\APN\GoogleCRXs\aaaapkgbncoppllbmlhjinokkjioaelp_7.14.1.0.crx" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs cqoujr => Value deleted successfully. avgtp => Service deleted successfully. bjso => Service not found. hsccce => Service not found. BlueletAudio => Service deleted successfully. BT => Service deleted successfully. BTCOM => Service deleted successfully. BTCOMBUS => Service deleted successfully. Btcsrusb => Service deleted successfully. catchme => Service deleted successfully. dump_wmimmc => Service deleted successfully. FXDrv32 => Service deleted successfully. SBRE => Service deleted successfully. VComm => Service deleted successfully. VcommMgr => Service deleted successfully. C:\WINDOWS\vtimer => Moved successfully. C:\WINDOWS\system32\ipconfig_results.txt => Moved successfully. C:\WINDOWS\system32\dtmcfg => Moved successfully. C:\WINDOWS\system32\drivers\avgtpx86.sys => Moved successfully. "C:\WINDOWS\system32\Drivers\maxdyhc.sys" => File/Directory not found. "C:\WINDOWS\system32\Drivers\antgjxek.sys" => File/Directory not found. "C:\Program Files\SecurityKISS Tunnel" => File/Directory not found. C:\Program Files\SmartTweak => Moved successfully. "C:\Program Files\Spybot - Search & Destroy" => File/Directory not found. C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Common Files => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Datamngr => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\dtmcfg => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\G DATA => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\GFI Software => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software => Moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\Ad-Aware Antivirus => Moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software => Moved successfully. C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak => Moved successfully. C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak => Moved successfully. C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak => Moved successfully. C:\Documents and Settings\MasterAdmin\7zS572.tmp => Moved successfully. C:\Documents and Settings\MasterAdmin\7zS56F.tmp => Moved successfully. C:\Documents and Settings\User\.android => Moved successfully. C:\Documents and Settings\User\daemonprocess.txt => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\Ad-Aware Antivirus => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\TuneUp Software => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\VDownloader => Moved successfully. "C:\Documents and Settings\User\Moje dokumenty\Mobogenie" => File/Directory not found. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\cache => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\genienext => Moved successfully. "C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mobogenie" => File/Directory not found. ========= reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders ========= ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, UdfadbaHbiht.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SaslProfiles HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest ========= End of Reg: ========= ========= reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders /v SecurityProviders /t REG_SZ /d "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= sc config ERSvc start= disabled ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= sc config helpsvc start= disabled ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= md "C:\Documents and Settings\User\Pulpit\Upload" ========= ========= End of CMD: ========= ========= xcopy /e "C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}" "C:\Documents and Settings\User\Pulpit\Upload" ========= C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\chrome.manifest C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\install.rdf C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\components\DatamngrHlpFF.xpt C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\DnsBHO.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\Error404BHO.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\MainBHO.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\NewTabBHO.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\overlay.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\overlay.xul C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\RelatedSearch.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\RequestPreserver.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\SearchBHO.js C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\q33d5r4n.default\Extensions\{5E2BBC9D-7272-2F81-F889-122C992270EF}\content\SettingManager.js Liczba skopiowanych plikw: 13. ========= End of CMD: ========= ========= rundll32 wbemupgd, UpgradeRepository ========= ========= End of CMD: ========= ========= for %i in (C:\WINDOWS\system32\wbem\*.dll) do regsvr32 -s %i ========= ========= End of CMD: ========= The system needs a manual reboot. ==== End of Fixlog ====