Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015 Ran by Krzysiek at 2015-01-12 19:56:49 Run:1 Running from C:\Users\Krzysiek\Desktop\FIX PC Loaded Profile: Krzysiek (Available profiles: Krzysiek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-20\...\Run: [Windows Service Manager] => "C:\ProgramData\Windows Service Manager0\iflmnkfrd.exe" HKU\S-1-5-20\...\RunOnce: [Windows Service Manager] => C:\ProgramData\Windows Service Manager0\iflmnkfrd.exe HKU\S-1-5-21-2480669067-1689513114-446732452-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2480669067-1689513114-446732452-1001\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2480669067-1689513114-446732452-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} Task: {16BDFAD8-5042-41EA-A662-A6943B880DB8} - System32\Tasks\{5781AA27-B10E-4DE0-8548-AE4238E09C73} => D:\DreamWorks Interactive\Neverhood\WAVistaWin7.exe Task: {4EDA69D1-0BE9-4C25-88B5-72745347B9F7} - \{945A746E-0F50-4F38-87B9-E59D39492DD1} No Task File <==== ATTENTION Task: {9DB5E208-BD34-4B69-8552-97D114CD0D84} - System32\Tasks\{44F63ECA-B9FC-4371-8D5D-C415CF4C8B0B} => Firefox.exe Task: {AB414B5B-CD0E-450E-B942-CADBB384742E} - System32\Tasks\{B268020A-114C-4E1C-B24D-0CC19A8CA59B} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.119.259/pl/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {DC58D260-BE6E-41DA-9A29-E7DA7770F128} - System32\Tasks\Windows Update Check - 0x0E5602E0 => C:\ProgramData\Windows <==== ATTENTION Task: {DC70EE41-3C9D-4694-B8E9-7A08B2CD7381} - \{A2A5BE56-9310-403E-9DD5-C17F3C780895} No Task File <==== ATTENTION Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe CustomCLSID: HKU\S-1-5-21-2480669067-1689513114-446732452-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Krzysiek\AppData\Local\Temp\Dc6b\temp\Drivers.exe No File S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S4 sptd; System32\Drivers\sptd.sys [X] C:\ProgramData\23405448 C:\ProgramData\TEMP C:\Users\Krzysiek\AppData\Local\70149b02515b3bb20dd492.47983420 C:\Users\Krzysiek\AppData\Local\{78653ff9-8e83-b9e7-b462-585b839647c5} C:\Windows\Installer\{78653ff9-8e83-b9e7-b462-585b839647c5} C:\Windows\onhax-temp Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\FDResPub /s CMD: dir /a C:\ProgramData EmptyTemp: ***************** Processes closed successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Service Manager => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Service Manager => value deleted successfully. HKU\S-1-5-21-2480669067-1689513114-446732452-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. "HKU\S-1-5-21-2480669067-1689513114-446732452-1001\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay1" => Key deleted successfully. HKCR\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay2" => Key deleted successfully. HKCR\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay3" => Key deleted successfully. HKCR\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay4" => Key deleted successfully. HKCR\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-2480669067-1689513114-446732452-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => Key deleted successfully. HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16BDFAD8-5042-41EA-A662-A6943B880DB8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16BDFAD8-5042-41EA-A662-A6943B880DB8}" => Key deleted successfully. C:\Windows\System32\Tasks\{5781AA27-B10E-4DE0-8548-AE4238E09C73} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5781AA27-B10E-4DE0-8548-AE4238E09C73}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EDA69D1-0BE9-4C25-88B5-72745347B9F7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EDA69D1-0BE9-4C25-88B5-72745347B9F7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{945A746E-0F50-4F38-87B9-E59D39492DD1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DB5E208-BD34-4B69-8552-97D114CD0D84}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DB5E208-BD34-4B69-8552-97D114CD0D84}" => Key deleted successfully. C:\Windows\System32\Tasks\{44F63ECA-B9FC-4371-8D5D-C415CF4C8B0B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44F63ECA-B9FC-4371-8D5D-C415CF4C8B0B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB414B5B-CD0E-450E-B942-CADBB384742E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB414B5B-CD0E-450E-B942-CADBB384742E}" => Key deleted successfully. C:\Windows\System32\Tasks\{B268020A-114C-4E1C-B24D-0CC19A8CA59B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B268020A-114C-4E1C-B24D-0CC19A8CA59B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC58D260-BE6E-41DA-9A29-E7DA7770F128}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC58D260-BE6E-41DA-9A29-E7DA7770F128}" => Key deleted successfully. C:\Windows\System32\Tasks\Windows Update Check - 0x0E5602E0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x0E5602E0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC70EE41-3C9D-4694-B8E9-7A08B2CD7381}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC70EE41-3C9D-4694-B8E9-7A08B2CD7381}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2A5BE56-9310-403E-9DD5-C17F3C780895}" => Key deleted successfully. C:\Windows\Tasks\DriverToolkit Autorun.job => Moved successfully. "HKU\S-1-5-21-2480669067-1689513114-446732452-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. huawei_wwanecm => Service deleted successfully. sptd => Service deleted successfully. C:\ProgramData\23405448 => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Krzysiek\AppData\Local\70149b02515b3bb20dd492.47983420 => Moved successfully. C:\Users\Krzysiek\AppData\Local\{78653ff9-8e83-b9e7-b462-585b839647c5} => Moved successfully. C:\Windows\Installer\{78653ff9-8e83-b9e7-b462-585b839647c5} => Moved successfully. C:\Windows\onhax-temp => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\FDResPub /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub DisplayName REG_SZ @%systemroot%\system32\fdrespub.dll,-100 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Description REG_SZ @%systemroot%\system32\fdrespub.dll,-101 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ RpcSs\0http ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\fdrespub.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub\Security Security REG_BINARY 01001488A4000000B0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020074000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D01020001010000000000050600000000001800FD0102000102000000000005200000002C020000010100000000000512000000010100000000000512000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub\ServiceData FirstStart REG_BINARY A004000000000000 ========= End of Reg: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: EE1F-69E6 Katalog: C:\ProgramData 2015-01-12 19:57 . 2015-01-12 19:57 .. 2012-07-31 12:14 036DFF98E54634B40000F269E56C3443 2012-07-30 16:34 036DFF98E54634B40000F269F875EF7E 2012-10-29 15:28 8floor 2014-02-13 15:45 Adobe 2011-10-29 15:02 Apple 2011-10-29 15:03 Apple Computer 2009-07-14 05:53 Application Data [C:\ProgramData] 2015-01-06 02:44 Applications 2012-11-10 15:51 Arizona Rose 2011-11-23 19:44 Cateia Games 2012-08-04 19:09 CrioGames 2012-07-24 18:19 CropBusters 2012-04-10 19:07 DAEMON Tools Pro 2011-10-06 23:52 Dane aplikacji [C:\ProgramData] 2014-02-08 23:20 DataCardService 2015-01-05 11:46 DESkey 2009-07-14 05:53 Desktop [C:\Users\Public\Desktop] 2009-07-14 05:53 Documents [C:\Users\Public\Documents] 2011-10-06 23:52 Dokumenty [C:\Users\Public\Documents] 2014-12-18 09:53 0 DP45977C.lfl 2011-11-22 16:56 DreamFarm_pl 2012-11-03 16:19 Dress-up-pups 2009-07-14 05:53 Favorites [C:\Users\Public\Favorites] 2011-10-07 11:48 Gadu-Gadu 10 2011-12-03 10:48 GameHouse 2012-11-28 12:20 GG 2012-05-22 17:03 HipSoft 2012-11-10 15:15 InstallMate 2014-10-20 17:56 Intel 2012-12-02 18:32 Intenium 2011-12-04 11:00 JuliettesFashionEmpire 2015-01-12 19:03 Kaspersky Lab 2012-01-18 16:01 Maximize Games 2012-10-21 19:51 McAfee 2011-12-10 19:35 MediaArt 2011-10-06 23:52 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2012-07-27 16:12 Merscom 2015-01-09 09:10 Microsoft 2014-12-10 13:32 Microsoft Help 2012-07-14 11:32 Mozilla 2015-01-08 00:14 Nokia 2015-01-12 15:30 NVIDIA 2014-04-14 09:56 NVIDIA Corporation 2012-07-04 15:43 OpenFM 2014-11-08 13:15 Oracle 2013-12-15 16:50 Orbit 2015-01-05 11:41 Package Cache 2011-11-24 14:18 Particles 2014-02-07 11:36 PLAY ONLINE 2012-05-07 18:56 Playrix Entertainment 2012-04-03 21:05 PogoDGC 2011-10-06 23:52 Pulpit [C:\Users\Public\Desktop] 2012-11-03 08:07 RDRM 2012-03-17 21:43 rionix 2014-10-20 17:57 Roaming 2013-11-24 15:43 Skype 2012-03-13 16:48 SpookyMall 2013-11-17 23:07 Squeezebox 2009-07-14 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-04-25 09:02 Steam 2011-10-07 10:23 Sun 2014-01-09 10:51 SystemRequirementsLab 2011-10-06 23:52 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2012-03-06 19:51 TheFallTrilogyEp2 2011-10-07 10:25 TuneUp Software 2011-10-06 23:52 Ulubione [C:\Users\Public\Favorites] 2012-05-25 17:36 WeatherLord 2013-12-15 21:17 Windows Service Manager0 2011-10-07 10:23 {24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-10-29 15:04 {429CAD59-35B1-4DBC-BB6D-1DB246563521} 1 plik(¢w) 0 bajt¢w 72 katalog(¢w) 5ÿ566ÿ169ÿ088 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 234.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 19:57:44 ====