Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by q at 2015-04-16 15:08:22 Run:1
Running from C:\Documents and Settings\q\Moje dokumenty\Downloads
Loaded Profiles: q (Available profiles: q & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
(Microsoft Corporation) C:\Windows\explorer.exe
HKLM\...\Run: [Generic Host Process] => [X]
HKLM\...\Run: [jemaka] => C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka\jemaka.exe [425516 2015-04-06] (MercantileLegitimiseNeutralised)
HKLM\...\Run: [NetworkInformer] => C:\Documents and Settings\q\Ustawienia lokalne\Temp\temp2934336138.exe [1575348 2015-04-10] () <===== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\dpasydb: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\dpasydb.dll ()
Winlogon\Notify\dpasysq: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\dpasysq.dll ()
Winlogon\Notify\hcxpipd: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hcxpipd.dll ()
Winlogon\Notify\hcxtgtd: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hcxtgtd.dll ()
Winlogon\Notify\hgacxpp: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hgacxpp.dll ()
Winlogon\Notify\sydpasq: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\sydpasq.dll ()
Winlogon\Notify\tgtdyhn: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\tgtdyhn.dll ()
Winlogon\Notify\ysfvvsq: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\ysfvvsq.dll ()
Winlogon\Notify\ysvsqfv: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\ysvsqfv.dll ()
HKLM\...\Policies\Explorer\Run: [jemaka] => C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka\jemaka.exe [425516 2015-04-06] ( (MercantileLegitimiseNeutralised))
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [hgacxpp] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hgacxpp.dll",hgacxpp
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [hcxpipd] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hcxpipd.dll",hcxpipd
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [hcxtgtd] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\hcxtgtd.dll",hcxtgtd
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [tgtdyhn] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\tgtdyhn.dll",tgtdyhn
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [dpasydb] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\dpasydb.dll",dpasydb
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [sydpasq] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\sydpasq.dll",sydpasq
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [dpasysq] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\dpasysq.dll",dpasysq
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [ysfvvsq] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\ysfvvsq.dll",ysfvvsq
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\...\Run: [ysvsqfv] => rundll32 "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\ysvsqfv.dll",ysvsqfv
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?trackid=sp-006
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll No File
Toolbar: HKLM - No Name - {bd0c8f87-2da0-4449-a726-b978ae8db32c} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
CHR Extension: (Bflix extension) - C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2012-01-14]
CHR HKLM\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files\BFlix\BFlix.crx [2011-12-19]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter_lte; \??\C:\WINDOWS\system32\drivers\massfilter_lte.sys [X]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]
C:\WINDOWS\system32\drivers\avgtpx86.sys
C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3}
C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
C:\Documents and Settings\All Users\Dane aplikacji\Norton
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
C:\Documents and Settings\NetworkService\Dane aplikacji\McAfee
C:\Documents and Settings\q\Dane aplikacji\~uTorrentPartFile_4985C65.dat
C:\Documents and Settings\q\Dane aplikacji\eXcEl3rator.txt
C:\Documents and Settings\q\Dane aplikacji\Metric - Synthetica.log
C:\Documents and Settings\q\Dane aplikacji\njyhik9iaa
C:\Documents and Settings\q\Dane aplikacji\nyjuikoitg
C:\Documents and Settings\q\Dane aplikacji\AVAST Software
C:\Documents and Settings\q\Dane aplikacji\Ieie
C:\Documents and Settings\q\Dane aplikacji\MsDtc
C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\*.dll
C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\setup.exe
C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka
C:\Program Files\DDownTango5aToolbar
C:\Program Files\Mozilla Firefox\plugins
C:\Program Files\Spybot - Search & Destroy 2
C:\WINDOWS\zyjcxd.hcr
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: attrib -r -h -s C:\HELP_DECRYPT.* /s
CMD: del /q /s C:\HELP_DECRYPT.*
EmptyTemp:
*****************

Processes closed successfully.
C:\Windows\explorer.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Generic Host Process => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\jemaka => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NetworkInformer => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpasydb" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpasysq" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hcxpipd" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hcxtgtd" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgacxpp" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sydpasq" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tgtdyhn" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ysfvvsq" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ysvsqfv" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\jemaka => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\hgacxpp => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\hcxpipd => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\hcxtgtd => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\tgtdyhn => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\dpasydb => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\sydpasq => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\dpasysq => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ysfvvsq => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ysvsqfv => value deleted successfully.
HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay1" => Key deleted successfully.