Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2014 Ran by Magdalena at 2014-09-05 16:42:47 Run:1 Running from C:\Users\Magdalena\Desktop Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** R2 rpcsync; C:\windows\system32\rpcsync.exe [81408 2013-06-19] () [File not signed] HKLM\...\Run: [] => [X] GroupPolicyUsers\S-1-5-21-1624614489-1438924107-3198493719-1002\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=1&src=sp&cf=1046d46c-c77f-11e1-a336-0024548346dd&q={searchTerms} BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Extension: No Name - C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\7rnlhl31.default\extensions\plugin@yontoo.com.xpi [] CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx [] S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] Task: {02285EE3-3512-4AD5-BFC1-9FFCE0363747} - System32\Tasks\{5F62850B-BD3D-43C9-A111-2644E32C06EA} => Chrome.exe Task: {02960220-2F5C-42F4-B9E9-DDCD22677AB0} - System32\Tasks\ReclaimerUpdateXML_piotr => C:\Users\piotr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {1078469C-FE65-4574-BE2E-1D6FD3726996} - System32\Tasks\{2763F6BE-209B-42EF-8D9F-BAB76D9D4EE9} => C:\Program Files\Sunflower\ANNO1602\player.exe Task: {159B0197-6AD7-4EDC-B6E4-627BF3F78284} - System32\Tasks\{120F7474-A17A-4F0C-94B8-147DE88DEBA2} => c:\program files\opera\opera.exe [2013-02-12] (Opera Software) Task: {26232A1C-A362-4077-8167-7B87A4E5691F} - System32\Tasks\systems => C:\Users\Magdalena\AppData\Roaming\rjeep.exe Task: {35007E14-3461-4217-8E1D-1A93F38DD9F3} - System32\Tasks\{8408AC31-7EEC-451B-8DD7-B45B46599CA8} => C:\Program Files\Sunflower\ANNO1602\player.exe Task: {3D1696AF-2082-4FC0-B13C-21123A49CFFE} - System32\Tasks\{DA585B9B-882C-4596-AD8E-238F58303647} => Chrome.exe Task: {4B0625EE-AAE2-4F4C-8266-5C8B6B86F54C} - System32\Tasks\fbagent => C:\Users\Magdalena\AppData\Roaming\din.exe Task: {879FCB0C-BB4D-4BC9-942E-908011628779} - System32\Tasks\{6F01CAA6-3A8A-4087-9E52-FDC3308CBA7E} => C:\Users\Magdalena\Desktop\SketchUp.exe Task: {953C71AB-9D52-4EA4-A10A-5730D2331CFD} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{F575893D-455C-49F0-A3B1-B4457AA35A40}.exe Task: {A5058CAC-72E8-4E77-8254-AAD425DC3C14} - System32\Tasks\{2758BA8E-A19B-41E3-8B9E-ECC6A690A31E} => Chrome.exe Task: {C8DFC4DA-B2D3-4AE9-8EB1-111E8CDDBF71} - System32\Tasks\RNUpgradeHelperResumePrompt_piotr => C:\Users\piotr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {E2920D46-15D2-4F3A-9635-918495960855} - System32\Tasks\{40E6C741-3884-4E01-817A-26F09B33BF25} => Chrome.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{F575893D-455C-49F0-A3B1-B4457AA35A40}.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\ReclaimerUpdateFiles_piotr.job => C:\Users\piotr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: C:\windows\Tasks\ReclaimerUpdateXML_piotr.job => C:\Users\piotr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_piotr.job => C:\Users\piotr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" C:\ProgramData\Avg_Update_0814tb C:\ProgramData\Temp C:\windows\system32\rpcsync.exe Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: del /q C:\windows\system32\sqlite3.dll CMD: netsh advfirewall reset EmptyTemp: ***************** rpcsync => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. C:\windows\system32\GroupPolicyUsers\S-1-5-21-1624614489-1438924107-3198493719-1002\User => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully. "HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\7rnlhl31.default\extensions\plugin@yontoo.com.xpi => not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\bildoibdboopgomcbiplincneeicgipj" => Key deleted successfully. "C:\Program Files\StartSearch plugin\startsplg.crx" => File/Directory not found. vToolbarUpdater18.1.9 => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02285EE3-3512-4AD5-BFC1-9FFCE0363747}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02285EE3-3512-4AD5-BFC1-9FFCE0363747}" => Key deleted successfully. C:\Windows\System32\Tasks\{5F62850B-BD3D-43C9-A111-2644E32C06EA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F62850B-BD3D-43C9-A111-2644E32C06EA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02960220-2F5C-42F4-B9E9-DDCD22677AB0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02960220-2F5C-42F4-B9E9-DDCD22677AB0}" => Key deleted successfully. C:\Windows\System32\Tasks\ReclaimerUpdateXML_piotr => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReclaimerUpdateXML_piotr" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1078469C-FE65-4574-BE2E-1D6FD3726996}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1078469C-FE65-4574-BE2E-1D6FD3726996}" => Key deleted successfully. C:\Windows\System32\Tasks\{2763F6BE-209B-42EF-8D9F-BAB76D9D4EE9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2763F6BE-209B-42EF-8D9F-BAB76D9D4EE9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{159B0197-6AD7-4EDC-B6E4-627BF3F78284}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{159B0197-6AD7-4EDC-B6E4-627BF3F78284}" => Key deleted successfully. C:\Windows\System32\Tasks\{120F7474-A17A-4F0C-94B8-147DE88DEBA2} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{120F7474-A17A-4F0C-94B8-147DE88DEBA2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26232A1C-A362-4077-8167-7B87A4E5691F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26232A1C-A362-4077-8167-7B87A4E5691F}" => Key deleted successfully. C:\Windows\System32\Tasks\systems => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\systems" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35007E14-3461-4217-8E1D-1A93F38DD9F3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35007E14-3461-4217-8E1D-1A93F38DD9F3}" => Key deleted successfully. C:\Windows\System32\Tasks\{8408AC31-7EEC-451B-8DD7-B45B46599CA8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8408AC31-7EEC-451B-8DD7-B45B46599CA8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D1696AF-2082-4FC0-B13C-21123A49CFFE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1696AF-2082-4FC0-B13C-21123A49CFFE}" => Key deleted successfully. C:\Windows\System32\Tasks\{DA585B9B-882C-4596-AD8E-238F58303647} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA585B9B-882C-4596-AD8E-238F58303647}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B0625EE-AAE2-4F4C-8266-5C8B6B86F54C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B0625EE-AAE2-4F4C-8266-5C8B6B86F54C}" => Key deleted successfully. C:\Windows\System32\Tasks\fbagent => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fbagent" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{879FCB0C-BB4D-4BC9-942E-908011628779}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{879FCB0C-BB4D-4BC9-942E-908011628779}" => Key deleted successfully. C:\Windows\System32\Tasks\{6F01CAA6-3A8A-4087-9E52-FDC3308CBA7E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F01CAA6-3A8A-4087-9E52-FDC3308CBA7E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{953C71AB-9D52-4EA4-A10A-5730D2331CFD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{953C71AB-9D52-4EA4-A10A-5730D2331CFD}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5058CAC-72E8-4E77-8254-AAD425DC3C14}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5058CAC-72E8-4E77-8254-AAD425DC3C14}" => Key deleted successfully. C:\Windows\System32\Tasks\{2758BA8E-A19B-41E3-8B9E-ECC6A690A31E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2758BA8E-A19B-41E3-8B9E-ECC6A690A31E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8DFC4DA-B2D3-4AE9-8EB1-111E8CDDBF71}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8DFC4DA-B2D3-4AE9-8EB1-111E8CDDBF71}" => Key deleted successfully. C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_piotr => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNUpgradeHelperResumePrompt_piotr" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2920D46-15D2-4F3A-9635-918495960855}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2920D46-15D2-4F3A-9635-918495960855}" => Key deleted successfully. C:\Windows\System32\Tasks\{40E6C741-3884-4E01-817A-26F09B33BF25} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{40E6C741-3884-4E01-817A-26F09B33BF25}" => Key deleted successfully. C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\windows\Tasks\ReclaimerUpdateFiles_piotr.job => Moved successfully. C:\windows\Tasks\ReclaimerUpdateXML_piotr.job => Moved successfully. C:\windows\Tasks\RNUpgradeHelperLogonPrompt_piotr.job => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService" => Key deleted successfully. C:\ProgramData\Avg_Update_0814tb => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\windows\system32\rpcsync.exe => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= del /q C:\windows\system32\sqlite3.dll ========= ========= End of CMD: ========= ========= netsh advfirewall reset ========= Wyst¥piˆ bˆ¥d podczas pr¢by kontaktowania si© z usˆug¥ zapory systemu Windows. Upewnij si©, ¾e usˆuga jest uruchomiona, i pon¢w ¾¥danie. ========= End of CMD: ========= EmptyTemp: => Removed 5.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ====