Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-01-2015 Ran by berger at 2015-01-06 13:52:32 Run:1 Running from C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Nowy folder Loaded Profile: berger (Available profiles: berger) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CMD: rundll32 wbemupgd, UpgradeRepository CMD: netsh firewall reset Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKU\S-1-5-18\Software\Classes /f Reg: reg delete HKU\S-1-5-19\Software\Classes /f Reg: reg delete HKU\S-1-5-20\Software\Classes /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt"/f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies /f Reg: reg delete HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies /f HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION! DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab FF Keyword.URL: hxxp://www.google.com.my/search?q= FF DefaultSearchEngine: Google Default FF SearchPlugin: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\searchplugins\google-default.xml FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll No File S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X] R3 ALSysIO; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\ALSysIO.sys [X] S3 cpuz135; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\cpuz135\cpuz135_x32.sys [X] S3 cpuz136; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\cpuz136\cpuz136_x32.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] Task: C:\WINDOWS\Tasks\AVG_SYS_TASK.job => C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1 C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ALLPlayer C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG 0214c Campaign C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG2014 C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ClearCookiesEasy C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\F-Secure C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\HitmanPro C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\IObit C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\MFAData C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\PITy C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Simply Super Software C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\VSO C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Powertoys for Windows XP\Tweak UI.lnk C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\AVG 0214c Campaign C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\AVG2014 C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\BinarySense C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\BITS C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\ClearCookiesEasy C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\CrystalIdea Software C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashGet C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashGetBHO C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashgetSetup C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\HD Tune Pro C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\IObit C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\KRyLack Archive Password Recovery C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\OpenOffice.org C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Podatnik.info C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\SolidDocuments C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Thunderbird C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\TuneUp Software RemoveDirectory: C:\Documents and Settings\All Users RemoveDirectory: C:\Documents and Settings\All Users.WINDOWS1 RemoveDirectory: C:\Documents and Settings\berger RemoveDirectory: C:\Documents and Settings\berger.XP-75CF98363E2C\Recent(2) RemoveDirectory: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(2) RemoveDirectory: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(3) RemoveDirectory: C:\Documents and Settings\Default User RemoveDirectory: C:\Documents and Settings\Default User.WINDOWS1 CMD: dir /a "C:\Documents and Settings" CMD: dir /a "C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji" EmptyTemp: ***************** Processes closed successfully. ========= rundll32 wbemupgd, UpgradeRepository ========= ========= End of CMD: ========= ========= netsh firewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKU\S-1-5-18\Software\Classes /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKU\S-1-5-19\Software\Classes /f ========= Error: Odmowa dostÄ™pu. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-20\Software\Classes /f ========= Error: Odmowa dostÄ™pu. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt"/f ========= Permanently delete the registry key Software\Microsoft\Internet Explorer\MenuExt/f (Y/N)? BÅ‚Ä…d: system nie może odnaleźć okreÅ›lonego klucza rejestru lub wartoÅ›ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Classes\exefile => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully. "HKCR\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully. Firefox Keyword.URL deleted successfully. Firefox DefaultSearchEngine deleted successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\searchplugins\google-default.xml => Moved successfully. "HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin" => Key deleted successfully. LiveUpdateSvc => Service deleted successfully. ALSysIO => Service stopped successfully. ALSysIO => Service deleted successfully. cpuz135 => Service deleted successfully. cpuz136 => Service deleted successfully. gdrv => Service deleted successfully. C:\WINDOWS\Tasks\AVG_SYS_TASK.job => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\188F1432-103A-4ffb-80F1-36B633C5C9E1 => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ALLPlayer => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG 0214c Campaign => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG2014 => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ClearCookiesEasy => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\F-Secure => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\HitmanPro => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\IObit => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\MFAData => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\PITy => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Simply Super Software => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\VSO => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Powertoys for Windows XP\Tweak UI.lnk => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\AVG 0214c Campaign => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\AVG2014 => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\BinarySense => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\BITS => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\ClearCookiesEasy => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\CrystalIdea Software => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashGet => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashGetBHO => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\FlashgetSetup => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\HD Tune Pro => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\IObit => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\KRyLack Archive Password Recovery => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\OpenOffice.org => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Podatnik.info => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\SolidDocuments => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Thunderbird => Moved successfully. C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\TuneUp Software => Moved successfully. "C:\Documents and Settings\All Users" => removed successfully. "C:\Documents and Settings\All Users.WINDOWS1" => removed successfully. "C:\Documents and Settings\berger" => removed successfully. "C:\Documents and Settings\berger.XP-75CF98363E2C\Recent(2)" => removed successfully. "C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(2)" => removed successfully. "C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(3)" => removed successfully. "C:\Documents and Settings\Default User" => removed successfully. "C:\Documents and Settings\Default User.WINDOWS1" => removed successfully. ========= dir /a "C:\Documents and Settings" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 9CB4-4292 Katalog: C:\Documents and Settings 2015-01-06 13:53 . 2015-01-06 13:53 .. 2014-03-15 21:06 Administrator 2012-11-21 17:01 14ÿ134 All Users.bak 2014-12-27 14:02 All Users.WINDOWS 2015-01-06 13:53 berger.XP-75CF98363E2C 2012-04-18 14:49 berger.XP-D04B6DBB4E3B 2012-04-18 16:40 BERGER~2~XP- 2012-02-28 21:46 Capo 2012-04-18 16:29 Default User.WINDOWS 2012-04-18 13:46 LocalService 2012-04-18 14:44 LocalService.ZARZ¤DZANIE NT 2014-12-26 20:45 LocalService.ZARZ¤DZANIE NT.000 2012-04-18 13:46 NetworkService 2012-04-18 14:44 NetworkService.ZARZ¤DZANIE NT 2014-12-26 20:45 NetworkService.ZARZ¤DZANIE NT.000 1 plik(¢w) 14ÿ134 bajt¢w 15 katalog(¢w) 25ÿ292ÿ730ÿ368 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 9CB4-4292 Katalog: C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji 2014-07-11 21:15 . 2014-07-11 21:15 .. 2012-10-27 19:38 2K Games 2014-12-11 16:06 Adobe 2014-06-05 13:52 Anvil Studio 2012-04-18 17:34 Apple 2013-04-22 00:21 Apple Computer 2013-03-20 20:55 Applian 2014-03-15 17:21 Avg2014 2013-04-18 17:32 DICOMViewer 2014-01-27 17:35 Downloaded Installations 2012-11-11 12:45 F-Secure 2014-03-08 19:39 42ÿ984 GDIPFONTCACHEV1.DAT 2013-01-24 12:47 Google 2012-08-02 21:45 Help 2015-01-05 23:55 7ÿ462ÿ316 IconCache.db 2012-05-23 19:22 Identities 2012-05-24 20:22 Jaksta_Technologies_Pty_L 2014-03-25 14:01 LastPass 2014-02-09 17:01 MFAData 2015-01-05 14:16 Microsoft 2012-04-18 17:11 Mozilla 2012-07-06 11:22 OCCT 2013-05-08 14:53 OCCT_-_Ocbase_-_Adrien_Me 2013-01-24 12:55 Opera 2012-04-18 20:14 Real 2012-07-31 18:38 Sun 2012-08-12 22:24 Temp 2012-04-18 17:49 Thunderbird 2012-11-11 12:43 Wirtualny Dysk 2 plik(¢w) 7ÿ505ÿ300 bajt¢w 28 katalog(¢w) 25ÿ292ÿ726ÿ272 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 138.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 13:53:32 ====