Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015 01 Ran by hh at 2015-01-16 17:44:54 Run:1 Running from C:\Documents and Settings\hh\Pulpit\je Loaded Profiles: hh & UpdatusUser (Available profiles: hh & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {8fb4e628-35c6-4275-89be-ce3462febcc4}Gt; C:\WINDOWS\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gt.sys [55832 2014-12-26] (StdLib) R1 {f17a6425-9752-4042-9063-36eef24d8b77}Gt; C:\WINDOWS\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gt.sys [55832 2014-12-26] (StdLib) R2 Update Faster Light; C:\Program Files\Faster Light\updateFasterLight.exe [524536 2014-12-27] () R2 Util Faster Light; C:\Program Files\Faster Light\bin\utilFasterLight.exe [524536 2014-12-27] () HKLM\...\Run: [Winlogon] => C:\Documents and Settings\hh\Dane aplikacji\winlogon.exe [864256 2014-06-29] () HKU\S-1-5-21-1004336348-2025429265-725345543-1003\...\Run: [SoftonicAssistant] => C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] () HKU\S-1-5-21-1004336348-2025429265-725345543-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1004336348-2025429265-725345543-1003\...\Run: [Winlogon] => C:\Documents and Settings\hh\Dane aplikacji\winlogon.exe [864256 2014-06-29] () HKU\S-1-5-21-1004336348-2025429265-725345543-1003\...\Winlogon: [Shell] C:\Documents and Settings\hh\Dane aplikacji\winlogon.exe [864256 2014-06-29] () <==== ATTENTION IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\MSASCui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe BHO: Faster Light 1.0.0.6 -> {950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} -> C:\Program Files\Faster Light\FasterLightbho.dll (Faster Light) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Documents and Settings\All Users\Menu Start\Programy\Tux Paint C:\Documents and Settings\hh\Dane aplikacji\*.exe C:\Documents and Settings\hh\Dane aplikacji\msconfig.ini C:\Documents and Settings\hh\Moje dokumenty\*(*)-dp*.exe C:\Documents and Settings\hh\Moje dokumenty\*downloader*.exe C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\WINDOWS\*.tmp C:\WINDOWS\system32\Windows System C:\WINDOWS\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gt.sys C:\WINDOWS\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gt.sys C:\WINDOWS\system32\Drivers\wpnfd_1_10_0_5.sys C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh firewall reset EmptyTemp: ***************** Processes closed successfully. {8fb4e628-35c6-4275-89be-ce3462febcc4}Gt => Service not found. {f17a6425-9752-4042-9063-36eef24d8b77}Gt => Service not found. Update Faster Light => Service not found. Util Faster Light => Service not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => value deleted successfully. HKU\S-1-5-21-1004336348-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SoftonicAssistant => value deleted successfully. HKU\S-1-5-21-1004336348-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKU\S-1-5-21-1004336348-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => value deleted successfully. HKU\S-1-5-21-1004336348-2025429265-725345543-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} => Key not found. HKCR\CLSID\{950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} => Key not found. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Tux Paint => Moved successfully. C:\Documents and Settings\hh\Dane aplikacji\*.exe => Moved successfully. C:\Documents and Settings\hh\Dane aplikacji\msconfig.ini => Moved successfully. C:\Documents and Settings\hh\Moje dokumenty\*(*)-dp*.exe => Moved successfully. C:\Documents and Settings\hh\Moje dokumenty\*downloader*.exe => Moved successfully. C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Documents and Settings\hh\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\WINDOWS\*.tmp => Moved successfully. C:\WINDOWS\system32\Windows System => Moved successfully. "C:\WINDOWS\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gt.sys" => File/Directory not found. C:\WINDOWS\system32\Drivers\wpnfd_1_10_0_5.sys => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= netsh firewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 17:45:45 ====