Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014 01 Ran by CRISS at 2014-09-30 09:42:53 Run:2 Running from D:\Pobrane\FRST Loaded Profile: CRISS (Available profiles: CRISS) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-10] (GFI Software) Task: {273F7D11-6A49-48F8-8DF6-778FC8729828} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\Ad-Aware Antivirus\AdAwareLauncher.exe Task: {51A4E61F-02ED-4033-B5F9-98468306877E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION Task: {91DD9FAB-CE54-48D6-89A4-B36A45DF5BAC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1611168523-4051905444-464354362-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {A5D8CFF0-6402-4F4F-9BC4-3CA3909AA2F3} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe Task: {E1DCB0FD-0AB0-43E6-8885-A3F409B4FADE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1611168523-4051905444-464354362-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {E5D1D3C0-A6AF-4243-9DB6-4E30AC8EF5B6} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385306098&from=slbnew&uid=SAMSUNGXHE502IJ_S1MTJ1LS700206&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1385306098&from=slbnew&uid=SAMSUNGXHE502IJ_S1MTJ1LS700206&q={searchTerms} CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-16] C:\Program Files\Mozilla Firefox C:\Program Files\TornTV.com C:\Users\CRISS\AppData\Roaming\Mozilla C:\Windows\System32\drivers\gfibto.sys Reg: reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d kbdclass /f Reg: reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d mouclass /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter" /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f EmptyTemp: ***************** Processes closed successfully. gfibto => Service stopped successfully. gfibto => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{273F7D11-6A49-48F8-8DF6-778FC8729828}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{273F7D11-6A49-48F8-8DF6-778FC8729828}" => Key deleted successfully. C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51A4E61F-02ED-4033-B5F9-98468306877E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A4E61F-02ED-4033-B5F9-98468306877E}" => Key deleted successfully. C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91DD9FAB-CE54-48D6-89A4-B36A45DF5BAC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91DD9FAB-CE54-48D6-89A4-B36A45DF5BAC}" => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1611168523-4051905444-464354362-1000 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1611168523-4051905444-464354362-1000" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5D8CFF0-6402-4F4F-9BC4-3CA3909AA2F3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5D8CFF0-6402-4F4F-9BC4-3CA3909AA2F3}" => Key deleted successfully. C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1DCB0FD-0AB0-43E6-8885-A3F409B4FADE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1DCB0FD-0AB0-43E6-8885-A3F409B4FADE}" => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1611168523-4051905444-464354362-1000 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-1611168523-4051905444-464354362-1000" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5D1D3C0-A6AF-4243-9DB6-4E30AC8EF5B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5D1D3C0-A6AF-4243-9DB6-4E30AC8EF5B6}" => Key deleted successfully. C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully. AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} => The item is protected. Make sure the software is uninstalled and its services are removed. AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} => The item is protected. Make sure the software is uninstalled and its services are removed. FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} => The item is protected. Make sure the software is uninstalled and its services are removed. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully. "https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa" => File/Directory not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\dchlnpcodkpfdpacogkljefecpegganj" => Key deleted successfully. C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\hakdifolhalapjijoafobooafbilfakh" => Key deleted successfully. C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\hghkgaeecgjhjkannahfamoehjmkjail" => Key deleted successfully. C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh" => Key deleted successfully. C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje" => Key deleted successfully. "C:\Program Files\TornTV.com\torn2_10.crx" => File/Directory not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman" => Key deleted successfully. C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx => Moved successfully. "C:\Program Files\Mozilla Firefox" => File/Directory not found. "C:\Program Files\TornTV.com" => File/Directory not found. C:\Users\CRISS\AppData\Roaming\Mozilla => Moved successfully. C:\Windows\System32\drivers\gfibto.sys => Moved successfully. ========= reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d kbdclass /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d mouclass /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= EmptyTemp: => Removed 63.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====