Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01 Ran by Grzegorz at 2015-01-28 17:41:14 Run:1 Running from C:\Documents and Settings\Grzegorz\Pulpit Loaded Profiles: Grzegorz (Available profiles: Grzegorz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: BootExecute: autocheck autochk * BootDefrag.exe S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X] S3 catchme; \??\C:\DOCUME~1\Grzegorz\USTAWI~1\Temp\catchme.sys [X] R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] U3 TlntSvr; No ImagePath HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1123561945-1580818891-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes C:\Documents and Settings\All Users\Menu Start\Programy\FlvPlayer C:\Documents and Settings\Grzegorz\Dane aplikacji\FoxTab C:\Documents and Settings\Grzegorz\Dane aplikacji\Opera Software C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\foxtab_speeddial.crx C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Google\Chrome C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Opera Software C:\Documents and Settings\NetworkService\Dane aplikacji\FoxTab C:\Program Files\Google\Chrome C:\Program Files\Mozilla Firefox\extensions C:\Program Files\Mozilla Firefox\plugins C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete HKCU\Software\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Google\Chrome /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. BootDefragDriver => Service deleted successfully. catchme => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. TlntSvr => Service deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1123561945-1580818891-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\FlvPlayer => Moved successfully. "C:\Documents and Settings\Grzegorz\Dane aplikacji\FoxTab" => File/Directory not found. C:\Documents and Settings\Grzegorz\Dane aplikacji\Opera Software => Moved successfully. "C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\foxtab_speeddial.crx" => File/Directory not found. C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Google\Chrome => Moved successfully. C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Dane aplikacji\Opera Software => Moved successfully. C:\Documents and Settings\NetworkService\Dane aplikacji\FoxTab => Moved successfully. C:\Program Files\Google\Chrome => Moved successfully. C:\Program Files\Mozilla Firefox\extensions => Moved successfully. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete HKCU\Software\Google\Chrome /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google\Chrome /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= EmptyTemp: => Removed 389.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:41:43 ====