Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014 Ran by amx at 2014-11-20 14:33:54 Run:1 Running from C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\frst Loaded Profile: amx (Available profiles: amx & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Run: [XegdUhfug] => regsvr32.exe "C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\XegdUhfug\XegdUhfug.dat" HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [1033728 2004-08-03] (Microsoft Corporation) <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 cdrbsvsd; No ImagePath S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\01e58235-010d-43b1-8340-277d43a75321 C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Babylon C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\lI13602NbMlK13602 C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\XegdUhfug C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ciqapo C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DSite C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DVDVideoSoft C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ebintu C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ekes C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\FaceGen C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Kiobf C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\mystartsearch C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\NetMedia Providers C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\pdfforge C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Xirrus C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ytixoz C:\Program Files\mozilla firefox\plugins Hosts: Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B} /f CMD: dir /a "C:\Documents and Settings" EmptyTemp: ***************** Processes closed successfully. C:\Windows\explorer.exe => No running process found HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKU\S-1-5-21-1547161642-117609710-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\XegdUhfug => value deleted successfully. HKU\S-1-5-21-1547161642-117609710-725345543-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key deleted successfully. "HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}" => Key deleted successfully. "HKCR\CLSID\{33564D57-0000-0010-8000-00AA00389B71}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}" => Key deleted successfully. "HKCR\CLSID\{41564D57-9980-0010-8000-00AA00389B71}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" => Key deleted successfully. "HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" => Key not found. BlueletAudio => Service deleted successfully. BlueletSCOAudio => Service deleted successfully. BT => Service deleted successfully. BTHidEnum => Service deleted successfully. BTHidMgr => Service deleted successfully. catchme => Service deleted successfully. cdrbsvsd => Service deleted successfully. VComm => Service deleted successfully. VcommMgr => Service deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\01e58235-010d-43b1-8340-277d43a75321 => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\lI13602NbMlK13602 => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\XegdUhfug => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ciqapo => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DSite => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DVDVideoSoft => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ebintu => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ekes => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\FaceGen => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Kiobf => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\mystartsearch => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\NetMedia Providers => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\pdfforge => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Xirrus => Moved successfully. C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ytixoz => Moved successfully. C:\Program Files\mozilla firefox\plugins => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B} /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= dir /a "C:\Documents and Settings" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 2CE9-7A75 Katalog: C:\Documents and Settings 2014-10-21 23:29 . 2014-10-21 23:29 .. 2011-08-20 20:16 Administrator 2014-10-21 23:29 Administrator.X-628658B1E9874 2007-08-14 14:25 All Users 2014-10-31 01:31 All Users.WINDOWS 2014-11-20 00:11 amx.X-628658B1E9874 2009-04-16 11:48 AMX~1~X-6 2010-02-26 13:13 Default User 2009-11-28 23:50 Default User.WINDOWS 2008-10-01 07:29 LocalService 2009-04-07 16:12 LocalService.NT AUTHORITY 2014-02-12 19:59 LocalService.ZARZ¤DZANIE NT 2008-10-01 07:29 NetworkService 2008-11-05 00:57 NetworkService.NT AUTHORITY 2014-02-12 19:59 NetworkService.ZARZ¤DZANIE NT 2009-04-23 23:02 User 0 plik(¢w) 0 bajt¢w 17 katalog(¢w) 7ÿ104ÿ032ÿ768 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 779.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ====