Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01 Ran by Górski at 2014-08-18 16:37:09 Run:1 Running from C:\Documents and Settings\Górski\Moje dokumenty\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{71E10EB2-A610-46E9-B7A2-DD2DA785E39D}.exe Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{101F3DD6-CD60-4D64-9E90-BBEB10B19039}.exe Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-21-1644491937-117609710-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes" /f HKU\S-1-5-21-1644491937-117609710-682003330-1003\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Documents and Settings\Górski\Dane aplikacji\csrss.exe C:\Documents and Settings\Górski\Dane aplikacji\csrss.exe HKU\S-1-5-21-1644491937-117609710-682003330-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-1644491937-117609710-682003330-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe C:\Program Files\AVG Secure Search SearchScopes: HKCU - {C0C4A29C-2EA9-400D-A152-10F819F9C204} URL = http://start.funmood...q={searchTerms} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\RelevantKnowledge\firefox FF Extension: RelevantKnowledge - C:\Program Files\RelevantKnowledge\firefox C:\Program Files\RelevantKnowledge CHR HomePage: hxxp://isearch.avg.com/?cid={D58B11E0-ADCF-4AC1-8CC5-12EA05654816}&mid=7bded0560b924db4bb9e2db061844bb9-de27ce43eb7d342c27ac43ca021e07458ef1e393&lang=pl&ds=xn011&pr=sa&d=2013-01-31%2009:46:05&v=13.3.0.17&sap=hp CHR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1406548088&from=cor&uid=WDCXWD5000AAKS-22A7B0_WD-WCASY210110801108" CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X] C:\WINDOWS\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys C:\Documents and Settings\All Users\Dane aplikacji\2308189059 C:\Program Files\Deal Keeper C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ajnu36l8.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\alujhc_9.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\AVG.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\bzmoxrkm.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.11.1.7324-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.0.7335-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.1.7342-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.1.7351-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.13.0.7366-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.13.0.7376-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.14.0.7387-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.14.1.7394-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.15.0.7430-x86.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\fg2flycz.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\gwunstal.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\hpzmsi01.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\hpzscr01.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ICReinstall_Opera 12.16.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\mirc722.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\NEventMessages.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\NOSEventMessages.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\npp.6.6.3.Installer.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SCC.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Shockwave_Installer_Slim.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SRLDetectionLibrary7297182879069303379.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\swt-win32-3349.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\swt-win32-3740.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ueinuj-7.dll C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\uninst1.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Update_89A.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\xmlUpdater.exe C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\_89A.exe Shortcut: C:\Documents and Settings\Górski\Menu Start\Programy\YaTQA.lnk -> E:\Program Files\YaTQA\yatqa.exe (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\config.xml.LNK -> C:\Documents and Settings\Górski\Moje dokumenty\Downloads\config.xml (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI06.488.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI06.488 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI16.064.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI16.064 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI43.024.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI43.024 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI47.152.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI47.152 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI49.024.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI49.024 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI51.064.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI51.064 (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\specyfikacja.doc.LNK -> C:\Documents and Settings\Górski\Pulpit\MARCIN\PROJEKT PANEL!\specyfikacja.doc (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\straz pozarna.jpg.LNK -> C:\Documents and Settings\Górski\Pulpit\straz pozarna.jpg (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\system binarny.xls.LNK -> C:\Documents and Settings\Górski\Pulpit\system binarny.xls (No File) Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Temp.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp () Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\USB DISK (G).LNK -> G:\ (No File) Reboot: ***************** C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1644491937-117609710-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= HKU\S-1-5-21-1644491937-117609710-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Host-process Windows (Rundll32.exe) => value deleted successfully. "C:\Documents and Settings\Górski\Dane aplikacji\csrss.exe" => File/Directory not found. HKU\S-1-5-21-1644491937-117609710-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => value deleted successfully. HKU\S-1-5-21-1644491937-117609710-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_HP => value deleted successfully. "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" => File/Directory not found. "C:\Program Files\AVG Secure Search" => File/Directory not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C4A29C-2EA9-400D-A152-10F819F9C204}" => Key not found. "HKCR\CLSID\{C0C4A29C-2EA9-400D-A152-10F819F9C204}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} => value deleted successfully. FF Extension: RelevantKnowledge - C:\Program Files\RelevantKnowledge\firefox => not found. C:\Program Files\RelevantKnowledge => Moved successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. adiusbaw => Service deleted successfully. C:\WINDOWS\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\2308189059 => Moved successfully. C:\Program Files\Deal Keeper => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ajnu36l8.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\alujhc_9.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\AVG.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\bzmoxrkm.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.11.1.7324-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.0.7335-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.1.7342-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.12.1.7351-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.13.0.7366-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.13.0.7376-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.14.0.7387-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.14.1.7394-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\EslWireSetup-1.15.0.7430-x86.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\fg2flycz.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ggdrive-menu.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ggdrive-overlay.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\gwunstal.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\hpzmsi01.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\hpzscr01.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ICReinstall_Opera 12.16.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\installstats.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\mirc722.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\NEventMessages.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\NOSEventMessages.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\npp.6.6.3.Installer.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SCC.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Shockwave_Installer_Slim.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SkypeSetup.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\SRLDetectionLibrary7297182879069303379.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\swt-win32-3349.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\swt-win32-3740.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\ueinuj-7.dll => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\uninst1.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Update_89A.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\xmlUpdater.exe => Moved successfully. C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\_89A.exe => Moved successfully. Shortcut: C:\Documents and Settings\Górski\Menu Start\Programy\YaTQA.lnk -> E:\Program Files\YaTQA\yatqa.exe (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\config.xml.LNK -> C:\Documents and Settings\Górski\Moje dokumenty\Downloads\config.xml (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI06.488.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI06.488 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI16.064.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI16.064 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI43.024.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI43.024 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI47.152.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI47.152 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI49.024.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI49.024 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Rar$DI51.064.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp\Rar$DI51.064 (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\specyfikacja.doc.LNK -> C:\Documents and Settings\Górski\Pulpit\MARCIN\PROJEKT PANEL!\specyfikacja.doc (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\straz pozarna.jpg.LNK -> C:\Documents and Settings\Górski\Pulpit\straz pozarna.jpg (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\system binarny.xls.LNK -> C:\Documents and Settings\Górski\Pulpit\system binarny.xls (No File) => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\Temp.LNK -> C:\Documents and Settings\Górski\Ustawienia lokalne\Temp () => Error: No automatic fix found for this entry. Shortcut: C:\Documents and Settings\Górski\Dane aplikacji\Microsoft\Office\Niedawny\USB DISK (G).LNK -> G:\ (No File) => Error: No automatic fix found for this entry. The system needed a reboot. ==== End of Fixlog ====