Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-10-2014 01 Ran by acer at 2014-10-29 17:01:29 Run:1 Running from C:\Documents and Settings\acer\Moje dokumenty\Downloads\frst Loaded Profile: acer (Available profiles: acer & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: AV: AVG 7.5.524 (Disabled - Up to date) {41564737-3200-1071-989B-0000E87B4FB1} S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S1 rlbeozoo; \??\C:\WINDOWS\system32\drivers\rlbeozoo.sys [X] HKLM\...\Run: [LanzarL2007] => "C:\DOCUME~1\acer\USTAWI~1\Temp\{3D9203DD-D8EC-46E0-8602-AF489D348C5E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0015" HKLM\...\Run: [] => "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT" HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-21-1417001333-1202660629-725345543-1004\...\Run: [Tok-Cirrhatus] => "C:\Documents and Settings\acer\Ustawienia lokalne\Dane aplikacji\smss.exe" HKU\S-1-5-21-1417001333-1202660629-725345543-1004\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1417001333-1202660629-725345543-1004\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1417001333-1202660629-725345543-1004\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-1417001333-1202660629-725345543-1004\...\MountPoints2: {1c7b8a81-fff8-11e1-b83a-001c26c61ef3} - H:\DTLplus_Launcher.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=0ff47648-dc0f-11e1-b808-028037ec0200 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=0ff47648-dc0f-11e1-b808-028037ec0200 SearchScopes: HKLM - {6040A62C-FCC9-402B-823A-574CDF8AFD0F} URL = http://startsear.ch/?aff=2&src=sp&cf=0ff47648-dc0f-11e1-b808-028037ec0200&q={searchTerms} SearchScopes: HKCU - DefaultScope {6040A62C-FCC9-402B-823A-574CDF8AFD0F} URL = http://startsear.ch/?aff=2&src=sp&cf=0ff47648-dc0f-11e1-b808-028037ec0200&q={searchTerms} SearchScopes: HKCU - {6040A62C-FCC9-402B-823A-574CDF8AFD0F} URL = http://startsear.ch/?aff=2&src=sp&cf=0ff47648-dc0f-11e1-b808-028037ec0200&q={searchTerms} BHO: IE5BarLauncherBHO Class -> {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -> C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) Toolbar: HKLM - StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKCU - StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File FF Plugin: Web Components -> C:\Program Files\Web Components\npWebVideoPlugin.dll () FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CHR Extension: (LiveVDO plugin) - C:\Documents and Settings\acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp [2014-10-07] CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx [2011-10-27] DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software C:\Documents and Settings\All Users\Dane aplikacji\avg7 C:\Documents and Settings\All Users\Dane aplikacji\MSScanAppDataDir C:\Documents and Settings\All Users\Dane aplikacji\Panda Security C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 C:\Documents and Settings\acer\Dane aplikacji\AVG7 C:\Documents and Settings\acer\Pulpit\Continue PC Performer installation.lnk C:\Documents and Settings\acer\Pulpit\Nieużywane skróty pulpitu C:\Documents and Settings\acer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Program Files\mozilla firefox\plugins C:\Program Files\StartSearch plugin C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation C:\WINDOWS\pss\*.lnkStartup C:\WINDOWS\pss\*.lnkCommon Startup C:\WINDOWS\system32\Adobe\Director EmptyTemp: ***************** Processes closed successfully. AV: AVG 7.5.524 (Disabled - Up to date) {41564737-3200-1071-989B-0000E87B4FB1} => The item is protected. Make sure the software is uninstalled and its services are removed. NMIndexingService => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. rlbeozoo => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LanzarL2007 => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value deleted successfully. HKU\S-1-5-21-1417001333-1202660629-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. HKU\S-1-5-21-1417001333-1202660629-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-1417001333-1202660629-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully. HKU\S-1-5-21-1417001333-1202660629-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. "HKU\S-1-5-21-1417001333-1202660629-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c7b8a81-fff8-11e1-b83a-001c26c61ef3}" => Key deleted successfully. "HKCR\CLSID\{1c7b8a81-fff8-11e1-b83a-001c26c61ef3}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6040A62C-FCC9-402B-823A-574CDF8AFD0F}" => Key deleted successfully. "HKCR\CLSID\{6040A62C-FCC9-402B-823A-574CDF8AFD0F}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6040A62C-FCC9-402B-823A-574CDF8AFD0F}" => Key deleted successfully. "HKCR\CLSID\{6040A62C-FCC9-402B-823A-574CDF8AFD0F}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}" => Key not found. "HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} => Value not found. "HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully. "HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} => value deleted successfully. "HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}" => Key deleted successfully. "HKCR\CLSID\{33564D57-0000-0010-8000-00AA00389B71}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully. "HKCR\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" => Key deleted successfully.