Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014 Ran by Szkola at 2014-11-25 11:02:40 Run:1 Running from C:\Users\Szkola\Desktop\c Loaded Profile: Szkola (Available profiles: Szkola) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\bronstab.exe [47697 2010-08-13] () HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [x ] () HKU\S-1-5-21-2181966677-460633389-2470704602-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Szkola\AppData\Local\smss.exe [47697 2010-08-13] () HKU\S-1-5-21-2181966677-460633389-2470704602-1000\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-2181966677-460633389-2470704602-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-2181966677-460633389-2470704602-1000\...\Policies\Explorer: [NoFolderOptions] 1 Startup: C:\Users\Szkola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () S2 WebCake Desktop Updater; C:\Program Files\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-29] (cake bake) S2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [X] Task: {0923F066-1448-4230-AC37-301736557386} - System32\Tasks\QtraxPlayer => 2982869494.portal.qtrax.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2181966677-460633389-2470704602-1000 -> DefaultScope {B224AA02-F7C8-3A2B-859F-560B80767E4A} URL = http://kl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=876&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=PL&install_date=20130410&user_guid=F8119AAAEE254BDB8BCF5A34C9BA0A4D&machine_id=d33ffeb22ac337a48bdb644c92cb162a&browser=IE&os=win&os_version=6.1-x86-SP1&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-2181966677-460633389-2470704602-1000 -> {B224AA02-F7C8-3A2B-859F-560B80767E4A} URL = http://kl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=876&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=PL&install_date=20130410&user_guid=F8119AAAEE254BDB8BCF5A34C9BA0A4D&machine_id=d33ffeb22ac337a48bdb644c92cb162a&browser=IE&os=win&os_version=6.1-x86-SP1&iesrc={referrer:source} C:\Users\Szkola\AppData\Local\*.bin C:\Users\Szkola\AppData\Local\*.exe C:\Users\Szkola\AppData\Local\*.txt C:\Users\Szkola\AppData\Roaming\Systweak C:\Users\Szkola\Downloads\Niepotwierdzony*.crdownload C:\Windows\eksplorasi.exe C:\Windows\ShellNew\bronstab.exe C:\Windows\pss\Empty.pif.Startup C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup CMD: for /d %f in (C:\Users\Szkola\AppData\Local\*bron*) do rd /s /q "%f" Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Szkola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bron-Spizaetus" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tok-Cirrhatus" /f Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus => value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKU\S-1-5-21-2181966677-460633389-2470704602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. HKU\S-1-5-21-2181966677-460633389-2470704602-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-2181966677-460633389-2470704602-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully. HKU\S-1-5-21-2181966677-460633389-2470704602-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. C:\Users\Szkola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif => Moved successfully. WebCake Desktop Updater => Service deleted successfully. Updater Service for StartNow Toolbar => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0923F066-1448-4230-AC37-301736557386}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0923F066-1448-4230-AC37-301736557386}" => Key deleted successfully. C:\Windows\System32\Tasks\QtraxPlayer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. HKU\S-1-5-21-2181966677-460633389-2470704602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2181966677-460633389-2470704602-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B224AA02-F7C8-3A2B-859F-560B80767E4A}" => Key deleted successfully. "HKCR\CLSID\{B224AA02-F7C8-3A2B-859F-560B80767E4A}" => Key not found. C:\Users\Szkola\AppData\Local\*.bin => Moved successfully. C:\Users\Szkola\AppData\Local\*.exe => Moved successfully. C:\Users\Szkola\AppData\Local\*.txt => Moved successfully. C:\Users\Szkola\AppData\Roaming\Systweak => Moved successfully. C:\Users\Szkola\Downloads\Niepotwierdzony*.crdownload => Moved successfully. C:\Windows\eksplorasi.exe => Moved successfully. C:\Windows\ShellNew\bronstab.exe => Moved successfully. C:\Windows\pss\Empty.pif.Startup => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. ========= for /d %f in (C:\Users\Szkola\AppData\Local\*bron*) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Szkola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bron-Spizaetus" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tok-Cirrhatus" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 679.6 MB temporary data. The system needed a reboot. ==== End of Fixlog ====