Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2014 01 Ran by Piotrek at 2014-01-03 17:03:59 Run:1 Running from C:\Documents and Settings\Piotrek\Moje dokumenty\Pobieranie Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-13] () HKCU\...\Run: [zASRockInstantBoot] - [x] HKCU\...\Run: [] - [x] HKCU\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Piotrek\Dane aplikacji\newnext.me\nengine.dll",EntryPoint -m l HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1388752541&from=cor&uid=ST3500320AS_9QM6M7VZXXXX9QM6M7VZ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1388752541&from=cor&uid=ST3500320AS_9QM6M7VZXXXX9QM6M7VZ&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1388752541&from=cor&uid=ST3500320AS_9QM6M7VZXXXX9QM6M7VZ SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1388752541&from=cor&uid=ST3500320AS_9QM6M7VZXXXX9QM6M7VZ&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1388752541&from=cor&uid=ST3500320AS_9QM6M7VZXXXX9QM6M7VZ&q={searchTerms} Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe C:\Program Files\Mobogenie C:\Documents and Settings\All Users\Dane aplikacji\AVG C:\Documents and Settings\All Users\Dane aplikacji\WPM C:\Documents and Settings\Piotrek\.android C:\Documents and Settings\Piotrek\daemonprocess.txt C:\Documents and Settings\Piotrek\Dane aplikacji\AVG C:\Documents and Settings\Piotrek\Dane aplikacji\aartemis C:\Documents and Settings\Piotrek\Dane aplikacji\newnext.me C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\cache C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\genienext C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Mobogenie C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files C:\Documents and Settings\Piotrek\Moje dokumenty\Mobogenie Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /s CMD: sc query winmgmt ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => Moved successfully. C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => Moved successfully. C:\Program Files\Mobogenie => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\WPM => Moved successfully. C:\Documents and Settings\Piotrek\.android => Moved successfully. C:\Documents and Settings\Piotrek\daemonprocess.txt => Moved successfully. C:\Documents and Settings\Piotrek\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\Piotrek\Dane aplikacji\aartemis => Moved successfully. C:\Documents and Settings\Piotrek\Dane aplikacji\newnext.me => Moved successfully. C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\cache => Moved successfully. C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\genienext => Moved successfully. C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Mobogenie => Moved successfully. C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files => Moved successfully. C:\Documents and Settings\Piotrek\Moje dokumenty\Mobogenie => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /s ========= ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt Type REG_DWORD 0x20 Start REG_DWORD 0x2 ErrorControl REG_DWORD 0x0 ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs DisplayName REG_SZ Instrumentacja zarządzania Windows DependOnService REG_MULTI_SZ RPCSS\0\0 DependOnGroup REG_MULTI_SZ \0 ObjectName REG_SZ LocalSystem FailureActions REG_BINARY 8051010000000000000000000200000041004D000100000060EA00000100000060EA0000 Description REG_SZ Dostarcza interfejs i model obiektowy w celu uzyskiwania dostępu do informacji zarządzania o systemie operacyjnym, urządzeniach, aplikacjach i usługach. Jeśli ta usługa zostanie zatrzymana, większość oprogramowania opartego na systemie Windows nie będzie działać właściwie. Jeśli ta usługa zostanie wyłączona, uruchomienie usług od niej zależnych nie powiedzie się. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll ServiceMain REG_SZ ServiceMain HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Enum 0 REG_SZ Root\LEGACY_WINMGMT\0000 Count REG_DWORD 0x1 NextInstance REG_DWORD 0x1 ========= End of Reg: ========= ========= sc query winmgmt ========= SERVICE_NAME: winmgmt TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 ========= End of CMD: ========= ==== End of Fixlog ====