Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2015 Ran by ja at 2015-02-10 22:24:58 Run:1 Running from C:\Documents and Settings\ja\Moje dokumenty\AntyVir i podobne\FRST Loaded Profiles: ja (Available profiles: ja & Administrator & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: F-Secure Anti-Virus 2007 7.01 (Disabled) {D4747503-0346-49EB-9262-997542F79BF4} CustomCLSID: HKU\S-1-5-21-3955640507-3710774182-547434246-1006_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Conduit\Community Alerts\Alert.dll No (the data entry has 5 more characters). ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie URLSearchHook: [S-1-5-21-3955640507-3710774182-547434246-1006] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> Backup.Old.DefaultScope {CADA9BA8-2536-49B9-AE56-E750AB4E4510} SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {2938196A-B50E-0EF7-B9E2-66F5414F0DF7} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_enPL344 SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {34C9434B-387C-4037-A0DB-340B3007F4E1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} SearchScopes: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> {3F0F086F-7640-5F95-AD43-23EBDC85C2F7} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_enPL344 Toolbar: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File Toolbar: HKU\S-1-5-21-3955640507-3710774182-547434246-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird HKLM\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup HKLM\...\Run: [ISUSScheduler] => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Policies\Explorer: [ClassicShell] 0 HKU\S-1-5-21-3955640507-3710774182-547434246-1006\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-14] (Microsoft Corporation) <==== ATTENTION R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X] S3 Ad-Watch Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys [X] S3 Ad-Watch Registry Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys [X] S3 AthDfu; System32\Drivers\AthDfu.sys [X] S3 Atheros_btAudio; system32\drivers\btathsco.sys [X] S3 btatha2dp; system32\drivers\btatha2dp.sys [X] S3 btathPan; system32\DRIVERS\btathpan.sys [X] S3 BTATHPROT; system32\DRIVERS\btathprot.sys [X] S3 btathrcp; system32\DRIVERS\btathrcp.sys [X] S3 btathspp; system32\DRIVERS\btathspp.sys [X] S3 BTATHUSB; system32\DRIVERS\btathusb.sys [X] S3 btfilter; system32\DRIVERS\btfilter.sys [X] S3 NPF; system32\drivers\npf.sys [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 svcgdp; C:\Program Files\Software Plate\svcgdp.exe [X] C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software C:\Documents and Settings\All Users\Menu Start\Programy\ALLPlayer C:\Documents and Settings\All Users\Menu Start\Programy\PL-2303 USB-Serial Driver\Uninstaller.lnk C:\Documents and Settings\All Users\Menu Start\Programy\A-Men Technologies USB-Serial Driver\Uninstaller.lnk C:\Documents and Settings\ja\*save2pc.exe C:\Documents and Settings\ja\Dane aplikacji\skype.ini C:\Documents and Settings\ja\Menu Start\Audio Converter Audio Converter.lnk C:\Documents and Settings\ja\Menu Start\Audio Converter Uninstall Audio Converter.lnk C:\Documents and Settings\ja\Menu Start\Video Converter Uninstall Video Converter.lnk C:\Documents and Settings\ja\Menu Start\Video Converter Video Converter.lnk C:\Documents and Settings\ja\Menu Start\Programy\SpyShredder C:\Documents and Settings\ja\Moje dokumenty\Programy ODTWARZACZE\ALLConverter to *.lnk C:\Documents and Settings\ja\Moje dokumenty\Programy ODTWARZACZE\ALLPlayer V4.6.lnk C:\Documents and Settings\ja\Moje dokumenty\Programy ODTWARZACZE\Napi-projekt.lnk C:\Documents and Settings\ja\Moje dokumenty\Programy ODTWARZACZE\QuickTime Player.lnk C:\Documents and Settings\ja\Moje dokumenty\Programy ODTWARZACZE\FLV\flvconverter.exe.lnk C:\Documents and Settings\ja\Pulpit\Lengłydże\ANG...*.lnk C:\Documents and Settings\ja\Pulpit\MOJA GITARA\Skrót do Szkoła Gitary.lnk C:\Documents and Settings\ja\Pulpit\MUZ GIT\Skrót do 1996.Tata 2.lnk C:\Documents and Settings\ja\Pulpit\MUZ GIT\Skrót do Kult.lnk C:\Documents and Settings\ja\Pulpit\MUZ GIT\Олег Шабатовский\Детские песни\Skrót do голубой вагон.doc.lnk C:\Documents and Settings\ja\Pulpit\MUZ GIT\Anna German\Надежда\Skrót do Надежда мой компас земной (Аккорды, видеоразбор).webm.lnk C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Conduit C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome C:\Program Files\Audacity C:\Program Files\AVAST Software C:\Program Files\Common Files\Ahead C:\Program Files\Mozilla Firefox\extensions C:\Program Files\Mozilla Firefox\plugins C:\Program Files\NAPI-PROJEKT C:\Program Files\Sonic C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\System32\drivers\pavboot.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Google\Chrome /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALLUpdate" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DLA" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadu-Gadu" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VkontakteDJ" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.15)" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: sc config "Internet Manager. RunOuc" start= disabled EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} => The item is protected. Make sure the software is uninstalled and its services are removed. FW: F-Secure Anti-Virus 2007 7.01 (Disabled) {D4747503-0346-49EB-9262-997542F79BF4} => The item is protected. Make sure the software is uninstalled and its services are removed. "HKU\S-1-5-21-3955640507-3710774182-547434246-1006_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. Error setting Default URLSearchHook. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully. HKU\S-1-5-21-3955640507-3710774182-547434246-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully. "HKU\S-1-5-21-3955640507-3710774182-547434246-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2938196A-B50E-0EF7-B9E2-66F5414F0DF7}" => Key deleted successfully. HKCR\CLSID\{2938196A-B50E-0EF7-B9E2-66F5414F0DF7} => Key not found. "HKU\S-1-5-21-3955640507-3710774182-547434246-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34C9434B-387C-4037-A0DB-340B3007F4E1}" => Key deleted successfully. HKCR\CLSID\{34C9434B-387C-4037-A0DB-340B3007F4E1} => Key not found. "HKU\S-1-5-21-3955640507-3710774182-547434246-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F0F086F-7640-5F95-AD43-23EBDC85C2F7}" => Key deleted successfully. HKCR\CLSID\{3F0F086F-7640-5F95-AD43-23EBDC85C2F7} => Key not found. HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} => value deleted successfully. HKCR\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B} => Key not found. HKU\S-1-5-21-3955640507-3710774182-547434246-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully.