Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015 Ran by Michał at 2015-02-07 12:06:00 Run:1 Running from C:\Users\Michał\Downloads Loaded Profiles: Michał (Available profiles: Michał) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419852990&from=cor&uid=HitachiXHTS541060G9SA00_MPBCP0XGKJ30ZGKJ30ZGX" CHR Extension: (Hold Page) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\oneffdhofljmikcgfdanogcpiebjcmin [2014-12-31] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X] HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files\STOPzilla\SBRC.exe" HKU\S-1-5-21-2700525546-531602145-408075403-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-2700525546-531602145-408075403-1000\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe HKU\S-1-5-21-2700525546-531602145-408075403-1000\...\Run: [Napisy24.pl] => "C:\Program Files\Napisy24\Napisy24.exe" AutoStart HKU\S-1-5-21-2700525546-531602145-408075403-1000\...\MountPoints2: {35269662-47c2-11e4-af7e-0016419e83e0} - F:\LGAutoRun.exe C:\Program Files\STOPzilla C:\ProgramData\STOPzilla! C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome StartupUrls deleted successfully. C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\oneffdhofljmikcgfdanogcpiebjcmin => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. SBRE => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SBRegRebootCleaner => value deleted successfully. HKU\S-1-5-21-2700525546-531602145-408075403-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value deleted successfully. HKU\S-1-5-21-2700525546-531602145-408075403-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLPlayer WiFi Remote => value deleted successfully. HKU\S-1-5-21-2700525546-531602145-408075403-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Napisy24.pl => value deleted successfully. "HKU\S-1-5-21-2700525546-531602145-408075403-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35269662-47c2-11e4-af7e-0016419e83e0}" => Key deleted successfully. HKCR\CLSID\{35269662-47c2-11e4-af7e-0016419e83e0} => Key not found. C:\Program Files\STOPzilla => Moved successfully. C:\ProgramData\STOPzilla! => Moved successfully. C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 5.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 12:07:53 ====