Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2015 01 Ran by bb at 2015-04-20 16:27:56 Run:1 Running from C:\Documents and Settings\bb\Pulpit Loaded Profiles: bb (Available profiles: bb & UpdatusUser) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [!@#$%^&*] => C:\Documents and Settings\bb\Dane aplikacji\startup\sys.exe [512000 2015-04-17] (Acronis) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [eg5XuyfZ0ykrIxsvQ] => c:\documents and settings\bb\dane aplikacji\eg5xuyfz0ykrixsvq\eg5xuyfz0ykrixsvq.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [2Z0ofjLEZs8cgcCVr] => c:\documents and settings\bb\dane aplikacji\2z0ofjlezs8cgccvr\2z0ofjlezs8cgccvr.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [3Vn1VN1ivAWgwrF3Dd2FZ] => c:\documents and settings\bb\dane aplikacji\3vn1vn1ivawgwrf3dd2fz\3vn1vn1ivawgwrf3dd2fz.exe [638816 2009-03-08] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [pgJv7QIqye34HnxVFQp2AvU] => c:\documents and settings\bb\dane aplikacji\pgjv7qiqye34hnxvfqp2avu\pgjv7qiqye34hnxvfqp2avu.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [kSar2vrcUkqx] => c:\documents and settings\bb\dane aplikacji\ksar2vrcukqx\ksar2vrcukqx.exe [889976 2015-04-07] (Opera Software) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [C2DMmTRHdH4] => c:\documents and settings\bb\dane aplikacji\c2dmmtrhdh4\c2dmmtrhdh4.exe [638816 2009-03-08] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension S3 MSICDSetup; \??\E:\CDriver.sys [X] C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk C:\Documents and Settings\All Users\Pulpit\Opera.lnk C:\Documents and Settings\bb\Dane aplikacji\2Z0ofjLEZs8cgcCVr C:\Documents and Settings\bb\Dane aplikacji\3Vn1VN1ivAWgwrF3Dd2FZ C:\Documents and Settings\bb\Dane aplikacji\C2DMmTRHdH4 C:\Documents and Settings\bb\Dane aplikacji\eg5XuyfZ0ykrIxsvQ C:\Documents and Settings\bb\Dane aplikacji\kSar2vrcUkqx C:\Documents and Settings\bb\Dane aplikacji\pgJv7QIqye34HnxVFQp2AvU C:\Documents and Settings\bb\Dane aplikacji\startup C:\Documents and Settings\bb\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Documents and Settings\bb\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk C:\Documents and Settings\bb\Moje dokumenty\SafePCRepair.exe C:\WINDOWS\avastSS.scr C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\system32\Drivers\*.tmp Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** Processes closed successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\!@#$%^&* => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\eg5XuyfZ0ykrIxsvQ => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\2Z0ofjLEZs8cgcCVr => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\3Vn1VN1ivAWgwrF3Dd2FZ => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\pgJv7QIqye34HnxVFQp2AvU => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\kSar2vrcUkqx => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\C2DMmTRHdH4 => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. MSICDSetup => Service deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk => Moved successfully. "C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk" => File/Directory not found. C:\Documents and Settings\All Users\Pulpit\Opera.lnk => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\2Z0ofjLEZs8cgcCVr => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\3Vn1VN1ivAWgwrF3Dd2FZ => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\C2DMmTRHdH4 => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\eg5XuyfZ0ykrIxsvQ => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\kSar2vrcUkqx => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\pgJv7QIqye34HnxVFQp2AvU => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\startup => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Moved successfully. C:\Documents and Settings\bb\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk => Moved successfully. C:\Documents and Settings\bb\Moje dokumenty\SafePCRepair.exe => Moved successfully. "C:\WINDOWS\avastSS.scr" => File/Directory not found. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. "C:\WINDOWS\system32\Drivers\*.tmp" => File/Directory not found. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog 16:27:57 ====