Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by ASD at 2015-07-15 18:22:10 Run:4 Running from C:\Documents and Settings\ASD\Pulpit Loaded Profiles: ASD (Available Profiles: ASD & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: (Microsoft Corporation) C:\WINDOWS\explorer.exe CustomCLSID: HKU\S-1-5-21-329068152-117609710-1801674531-1004_Classes\CLSID\{0B35E520-7E16-4FCE-8543-A65972F817AA}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\{ECEFC883-CB1D-4EA1-819B-7A12A9D4E645}\certmgr.dll (Microsoft Corporation) R2 yksvc; RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [X] S3 catchme; \??\C:\DOCUME~1\ASD\USTAWI~1\Temp\catchme.sys [X] U3 TlntSvr; No ImagePathHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-329068152-117609710-1801674531-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = http://www.msn.com/access/allinone.asp HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Strona początkowa = http://www.microsoft.com/msoffice/ C:\Documents and Settings\All Users\Dane aplikacji\{ECEFC883-CB1D-4EA1-819B-7A12A9D4E645} C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. C:\WINDOWS\explorer.exe [268] C:\WINDOWS\explorer.exe => process closed successfully. "HKU\S-1-5-21-329068152-117609710-1801674531-1004_Classes\CLSID\{0B35E520-7E16-4FCE-8543-A65972F817AA}" => key removed successfully. yksvc => Service removed successfully. catchme => Service removed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-329068152-117609710-1801674531-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main\\Strona wyszukiwania => value removed successfully. HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main\\Strona początkowa => value removed successfully. "C:\Documents and Settings\All Users\Dane aplikacji\{ECEFC883-CB1D-4EA1-819B-7A12A9D4E645}" => File/Folder not found. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => moved successfully. ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => 35.1 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 18:22:27 ====