Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-05-2015 01 Ran by Administrator at 2015-05-14 08:27:49 Run:1 Running from E:\programy\FRST Loaded Profiles: Administrator (Available profiles: Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {237a87b5-881c-4fd8-b80a-c3b471ff75d7}t; C:\WINDOWS\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}t.sys [55824 2015-03-26] () [File not signed] R1 {3788502c-c1e8-40a8-8914-655def81ee5b}Gt; C:\WINDOWS\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gt.sys [55824 2015-02-19] () [File not signed] R1 {72502b1b-b916-4994-814e-c516f9f681b2}Gt; C:\WINDOWS\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gt.sys [55824 2015-02-28] () [File not signed] R1 {8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt; C:\WINDOWS\System32\drivers\{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt.sys [55824 2015-02-22] () [File not signed] R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt; C:\WINDOWS\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt.sys [55824 2015-03-08] () [File not signed] R1 {97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt; C:\WINDOWS\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt.sys [55824 2015-03-02] () [File not signed] R1 {b4e11afe-4c35-4044-965f-6641cc18f62e}Gt; C:\WINDOWS\System32\drivers\{b4e11afe-4c35-4044-965f-6641cc18f62e}Gt.sys [55824 2015-02-19] () [File not signed] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150219 HKU\S-1-5-21-1801674531-1647877149-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://q.search-simple.com/?m=tab&affID=na" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1801674531-1647877149-1606980848-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_378592e5-7eef-4407-b0be-e1db2e810c3d&q={searchTerms} SearchScopes: HKU\S-1-5-21-1801674531-1647877149-1606980848-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_378592e5-7eef-4407-b0be-e1db2e810c3d&q={searchTerms} C:\Program Files\Enigma Software Group C:\Program Files\Pay-By-Ads C:\Program Files\Round World C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP C:\WINDOWS\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}t.sys C:\WINDOWS\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gt.sys C:\WINDOWS\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gt.sys C:\WINDOWS\System32\drivers\{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt.sys C:\WINDOWS\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt.sys C:\WINDOWS\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt.sys C:\WINDOWS\System32\drivers\{b4e11afe-4c35-4044-965f-6641cc18f62e}Gt.sys Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. {237a87b5-881c-4fd8-b80a-c3b471ff75d7}t => Unable to stop service {237a87b5-881c-4fd8-b80a-c3b471ff75d7}t => Service deleted successfully. {3788502c-c1e8-40a8-8914-655def81ee5b}Gt => Service deleted successfully. {72502b1b-b916-4994-814e-c516f9f681b2}Gt => Service deleted successfully. {8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt => Service deleted successfully. {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt => Service deleted successfully. {97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt => Service deleted successfully. {b4e11afe-4c35-4044-965f-6641cc18f62e}Gt => Service deleted successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1801674531-1647877149-1606980848-500\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. HKU\S-1-5-21-1801674531-1647877149-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1801674531-1647877149-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files\Pay-By-Ads => Moved successfully. C:\Program Files\Round World => Moved successfully. C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\WINDOWS\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}t.sys => Moved successfully. "C:\WINDOWS\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt.sys" => File/Directory not found. "C:\WINDOWS\System32\drivers\{b4e11afe-4c35-4044-965f-6641cc18f62e}Gt.sys" => File/Directory not found. ========= reg delete HKCU\Software\Google /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 211.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 08:28:55 ====