Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2013 Ran by lupus at 2013-12-06 13:54:58 Run:1 Running from D:\Pobrane Boot Mode: Normal ============================================== Content of fixlist: ***************** R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-31] (Wsys Co., Ltd.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=46366&st=home&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46366&st=chrome&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46366&st=chrome&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46366&st=chrome&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=46366&st=home&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46366&st=chrome&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q= URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1377935966 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q={searchTerms} SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST3802110A_5LRB3AZWXXXX5LRB3AZW&ts=1380226898&type=default&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=46366&st=bs&tid=3871&ver=3.2&ts=1369686336076&tguid=46366-3871-1369686336076-E5FEA52DD0EF37EF20ACE92FA3689FCA&q={searchTerms} BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - D:\AllPlayer\ALLPlayer\Iplex\IplexToALLPlayer.dll No File Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File HKCU\...\Run: [ALLUpdate] - "D:\AllPlayer\ALLPlayer\ALLUpdate.exe" "sleep" IFEO\sidebar.exe: [Debugger] C:\Program Files (x86)\Windows Sidebar\Sidebar32.exe S1 EIO64; system32\DRIVERS\EIO64.sys [x] Task: {D0456A97-E09F-4240-A488-FA62FE0137C8} - System32\Tasks\FoxTab => C:\Users\lupus\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE Task: {EA284826-687E-41AE-9523-756AED7CA94D} - System32\Tasks\{6D578D0D-3AEF-4E21-A4C6-4C609B2EEBF4} => C:\Program Files\Microsoft Security Client\msseces.exe Task: C:\Windows\Tasks\FoxTab.job => C:\Users\lupus\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE C:\ProgramData\eSafe C:\Users\lupus\AppData\Local\Temp\85444uninstall.exe C:\Users\lupus\AppData\Local\Temp\Sqlite3.dll C:\Users\lupus\AppData\Roaming\lupus-wchelper.dll C:\Users\lupus\AppData\Roaming\CCF36FA5 C:\Users\lupus\AppData\Roaming\svchost C:\Users\lupus\AppData\Roaming\Shareaza C:\Program Files (x86)\BonanzaDealsLive C:\Program Files (x86)\BonanzaDeals C:\Program Files (x86)\mozilla firefox C:\Program Files (x86)\Windows Sidebar\Sidebar32.exe Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f ***************** WsysSvc => Service deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key deleted successfully. HKCR\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully. HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sidebar.exe => Key deleted successfully. EIO64 => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0456A97-E09F-4240-A488-FA62FE0137C8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0456A97-E09F-4240-A488-FA62FE0137C8} => Key deleted successfully. C:\Windows\System32\Tasks\FoxTab => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA284826-687E-41AE-9523-756AED7CA94D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA284826-687E-41AE-9523-756AED7CA94D} => Key deleted successfully. C:\Windows\System32\Tasks\{6D578D0D-3AEF-4E21-A4C6-4C609B2EEBF4} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D578D0D-3AEF-4E21-A4C6-4C609B2EEBF4} => Key deleted successfully. C:\Windows\Tasks\FoxTab.job => Moved successfully. C:\ProgramData\eSafe => Moved successfully. C:\Users\lupus\AppData\Local\Temp\85444uninstall.exe => Moved successfully. C:\Users\lupus\AppData\Local\Temp\Sqlite3.dll => Moved successfully. C:\Users\lupus\AppData\Roaming\lupus-wchelper.dll => Moved successfully. C:\Users\lupus\AppData\Roaming\CCF36FA5 => Moved successfully. C:\Users\lupus\AppData\Roaming\svchost => Moved successfully. C:\Users\lupus\AppData\Roaming\Shareaza => Moved successfully. C:\Program Files (x86)\BonanzaDealsLive => Moved successfully. C:\Program Files (x86)\BonanzaDeals => Moved successfully. C:\Program Files (x86)\mozilla firefox => Moved successfully. C:\Program Files (x86)\Windows Sidebar\Sidebar32.exe => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needs a manual reboot. ==== End of Fixlog ====