Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014 Ran by Mateusz at 2014-04-24 17:48:32 Run:1 Running from C:\Users\Mateusz\Downloads\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=8EDA40618600A03A&affID=123627&tsp=4998 URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Task: {0DCB969C-6645-4005-96EB-383A1ADF89B6} - System32\Tasks\{F4162B61-D7D7-4075-8899-E9B671A17880} => C:\Users\Mateusz\Downloads\WindowsWebSecurity.exe Task: {288E1496-0806-47A0-971B-45D30F70DD4A} - System32\Tasks\EPUpdater => C:\Users\Mateusz\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: {2D8FA311-5B55-487E-BC46-46F7B612FC20} - System32\Tasks\{AF8F183E-BDFC-43C0-AD1C-DF0B7760097B} => D:\gry\Zoo Tycoon 2\zt.exe Task: {3EE540CE-C918-4E53-8CD5-E72476F7C7E8} - System32\Tasks\{CFD49367-78E8-4B74-AF81-8DE45AEE1F75} => D:\gry\TrackMania Nations ESWC\TmNationsESWCLauncher.exe HKU\S-1-5-21-3359626670-3115670540-1001017649-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sptd S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2011-07-01] (B.H.A Corporation) S3 cpuz130; \??\C:\Users\Mateusz\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X] S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] AlternateDataStreams: C:\ProgramData\TEMP:036B9593 C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\Alcohol Soft C:\ProgramData\Media Center Programs\gu.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bitRipper C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eDonkey2000 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DVD Ripper C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logiccode\Cd Autoplay Gen C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rejestracja użytkownika drukarki Canon MP550 series C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle C:\Users\Mateusz\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} C:\Users\Mateusz\AppData\Roaming\DAEMON Tools Lite C:\Users\Mateusz\AppData\Roaming\Temp C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk C:\Users\Mateusz\Desktop\programy\Audacity.lnk C:\Users\Mateusz\Desktop\programy\EA Download Manager.lnk C:\Users\Mateusz\Desktop\programy\Free M4a to MP3 Converter.lnk C:\Users\Mateusz\Desktop\programy\Gadu-Gadu 10.lnk C:\Users\Mateusz\Desktop\programy\Live Update 5.lnk C:\Users\Mateusz\Desktop\programy\Mozilla Firefox.lnk C:\Users\Mateusz\Desktop\programy\Uruchom grę ArcaniA - Gothic 4 English VO.lnk C:\Users\Mateusz\Desktop\programy\Vegas Pro 9.0 (64-bit).lnk C:\Users\Mateusz\Desktop\programy\µTorrent.lnk C:\Windows\SysWOW64\drivers\ASPI32.SYS C:\Windows\SysWow64\Drivers\cdrbsdrv.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALLUpdate" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f CMD: sc delete ASPI CMD: dir /a "C:\Program Files" ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully. HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully. HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DCB969C-6645-4005-96EB-383A1ADF89B6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DCB969C-6645-4005-96EB-383A1ADF89B6} => Key deleted successfully. C:\Windows\System32\Tasks\{F4162B61-D7D7-4075-8899-E9B671A17880} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4162B61-D7D7-4075-8899-E9B671A17880} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{288E1496-0806-47A0-971B-45D30F70DD4A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{288E1496-0806-47A0-971B-45D30F70DD4A} => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D8FA311-5B55-487E-BC46-46F7B612FC20} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D8FA311-5B55-487E-BC46-46F7B612FC20} => Key deleted successfully. C:\Windows\System32\Tasks\{AF8F183E-BDFC-43C0-AD1C-DF0B7760097B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF8F183E-BDFC-43C0-AD1C-DF0B7760097B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EE540CE-C918-4E53-8CD5-E72476F7C7E8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EE540CE-C918-4E53-8CD5-E72476F7C7E8} => Key deleted successfully. C:\Windows\System32\Tasks\{CFD49367-78E8-4B74-AF81-8DE45AEE1F75} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFD49367-78E8-4B74-AF81-8DE45AEE1F75} => Key deleted successfully. HKU\S-1-5-21-3359626670-3115670540-1001017649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully. "HKLM\SYSTEM\CurrentControlSet\Services\sptd" => Key unlocked successfully. cdrbsdrv => Service deleted successfully. cpuz130 => Service deleted successfully. MSI_MSIBIOS_010507 => Service deleted successfully. NTIOLib_1_0_4 => Service deleted successfully. sptd => Service deleted successfully. C:\ProgramData\TEMP => ":036B9593" ADS removed successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Program Files (x86)\Alcohol Soft => Moved successfully. C:\ProgramData\Media Center Programs\gu.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bitRipper => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eDonkey2000 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DVD Ripper => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logiccode\Cd Autoplay Gen => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rejestracja użytkownika drukarki Canon MP550 series => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle => Moved successfully. C:\Users\Mateusz\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} => Moved successfully. C:\Users\Mateusz\AppData\Roaming\DAEMON Tools Lite => Moved successfully. C:\Users\Mateusz\AppData\Roaming\Temp => Moved successfully. C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk => Moved successfully. C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Audacity.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\EA Download Manager.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Free M4a to MP3 Converter.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Gadu-Gadu 10.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Live Update 5.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Mozilla Firefox.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Uruchom grę ArcaniA - Gothic 4 English VO.lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\Vegas Pro 9.0 (64-bit).lnk => Moved successfully. C:\Users\Mateusz\Desktop\programy\µTorrent.lnk => Moved successfully. C:\Windows\SysWOW64\drivers\ASPI32.SYS => Moved successfully. C:\Windows\SysWow64\Drivers\cdrbsdrv.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALLUpdate" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= sc delete ASPI ========= [SC] DeleteService SUKCES ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 8EDA-2B89 Katalog: C:\Program Files 2014-04-23 20:23