Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014 Ran by Acer at 2014-12-14 20:11:04 Run:1 Running from D:\Software\@Security\@odsyfianie Loaded Profile: Acer (Available profiles: Acer) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKLM - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> No File Path FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Plugins\ocr@babylon.com C:\Documents and Settings\Acer\ytb.exe C:\Documents and Settings\Default User\ytb.exe C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CMD: type "C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\user.js" Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DBAB667-A486-421e-AFE4-CF07DD0088E5} => value deleted successfully. "HKCR\CLSID\{1DBAB667-A486-421e-AFE4-CF07DD0088E5}" => Key not found. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}" => Key deleted successfully. "HKU\S-1-5-21-57989841-630328440-1801674531-1002_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => Value not found. HKLM\Software\Mozilla\Firefox\Extensions\\ocr@babylon.com => Value not found. C:\Documents and Settings\Acer\ytb.exe => Moved successfully. C:\Documents and Settings\Default User\ytb.exe => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= type "C:\Documents and Settings\Acer\Dane aplikacji\Mozilla\Firefox\Profiles\erzan1k9.default\user.js" ========= user_pref("network.http.max-persistent-connections-per-server", 4); user_pref("nglayout.initialpaint.delay", 600); user_pref("content.notify.interval", 600000); user_pref("content.max.tokenizing.time", 1800000); user_pref("content.switch.threshold", 600000); ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====