Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014 Ran by Właściciel at 2014-09-30 19:45:40 Run:1 Running from C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Moje dokumenty\Downloads Loaded Profile: Właściciel (Available profiles: Właściciel) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {3de9eb9c-a833-42cb-b66f-841b954aebef}Gt; C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}Gt.sys [55224 2014-04-24] (StdLib) R1 {3de9eb9c-a833-42cb-b66f-841b954aebef}t; C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys [55864 2014-09-24] (StdLib) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-12-13] (AVG Technologies) R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-13] (AVG Secure Search) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S2 Update BringStar; "C:\Program Files\BringStar\updateBringStar.exe" [X] HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2471448 2013-12-13] () HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKU\S-1-5-21-448539723-2111687655-1801674531-1003\...\Run: [Odkurzacz-MCD] => C:\Documents and Settings\Bukasz.AUKASZ\Pulpit\odk_mcd.exe HKU\S-1-5-21-448539723-2111687655-1801674531-1003\...\Run: [RGSC] => C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\WACICI~1\DANEAP~1\BabMaint.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goglle.com.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No File Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll No File CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2013-01-15] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx [2013-12-13] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG Secure Search C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OnlineUpdate C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Dane aplikacji\Mozilla C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Dane aplikacji\systweak C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Pulpit\Wyczyść rejestr za darmo!.lnk C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Ustawienia lokalne\Dane aplikacji\*.exe C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Ustawienia lokalne\Dane aplikacji\Mozilla C:\Program Files\Mozilla Firefox C:\Program Files\AVG Secure Search C:\Program Files\AnyProtectEx C:\Program Files\Common Files\AVG Secure Search C:\Program Files\BringStar C:\Program Files\MarkSoft C:\Program Files\GUM134.tmp C:\Program Files\*.tmp C:\WINDOWS\jumpshot.com C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\system32\roboot.exe C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}Gt.sys C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys C:\WINDOWS\system32\drivers\avgtpx86.sys RemoveDirectory: C:\Documents and Settings\TEMP RemoveDirectory: C:\Documents and Settings\łukasz RemoveDirectory: C:\Documents and Settings\łukasz.ŁUKASZ Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Hosts: EmptyTemp: ***************** Processes closed successfully. {3de9eb9c-a833-42cb-b66f-841b954aebef}Gt => Unable to stop service {3de9eb9c-a833-42cb-b66f-841b954aebef}Gt => Service deleted successfully. {3de9eb9c-a833-42cb-b66f-841b954aebef}t => Unable to stop service {3de9eb9c-a833-42cb-b66f-841b954aebef}t => Service deleted successfully. avgtp => Service stopped successfully. avgtp => Service deleted successfully. vToolbarUpdater17.2.0 => Service deleted successfully. ewusbnet => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_cdcecm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. hwdatacard => Service deleted successfully. Update BringStar => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully. HKU\S-1-5-21-448539723-2111687655-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Odkurzacz-MCD => value deleted successfully. HKU\S-1-5-21-448539723-2111687655-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC => value deleted successfully. C:\WINDOWS\Tasks\EPUpdater.job => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => value deleted successfully. "HKCR\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found. "HKCR\PROTOCOLS\Handler\viprotocol" => Key deleted successfully. "HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje" => Key deleted successfully. C:\Program Files\DealPly\DealPly.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG Secure Search => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OnlineUpdate => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Dane aplikacji\Mozilla => Moved successfully. C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Dane aplikacji\systweak => Moved successfully. C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Pulpit\Wyczyść rejestr za darmo!.lnk => Moved successfully. C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Ustawienia lokalne\Dane aplikacji\*.exe => Moved successfully. C:\Documents and Settings\Właściciel.DOM-4FFD9B055B7.010\Ustawienia lokalne\Dane aplikacji\Mozilla => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Program Files\AVG Secure Search => Moved successfully. C:\Program Files\AnyProtectEx => Moved successfully. C:\Program Files\Common Files\AVG Secure Search => Moved successfully. C:\Program Files\BringStar => Moved successfully. C:\Program Files\MarkSoft => Moved successfully. C:\Program Files\GUM134.tmp => Moved successfully. C:\Program Files\*.tmp => Moved successfully. C:\WINDOWS\jumpshot.com => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\WINDOWS\system32\roboot.exe => Moved successfully. C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}Gt.sys => Moved successfully. C:\WINDOWS\System32\drivers\{3de9eb9c-a833-42cb-b66f-841b954aebef}t.sys => Moved successfully. C:\WINDOWS\system32\drivers\avgtpx86.sys => Moved successfully. "C:\Documents and Settings\TEMP" => removed successfully. "C:\Documents and Settings\łukasz" => removed successfully.