Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2014 Ran by Artur at 2014-12-03 23:11:16 Run:1 Running from C:\ Loaded Profile: Artur (Available profiles: Artur & Administrator) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKU\S-1-5-21-1645522239-1454471165-839522115-1003\...\Winlogon: [Shell] C:\Documents and Settings\Artur\Dane aplikacji\Other.res [173056 2010-12-09] (Avira Operations GmbH & Co. KG) <==== ATTENTION S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-1645522239-1454471165-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing. DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ...ZZZ.ZZ..ZZZ:1 AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.ZZZ..Z.ZZ:1 C:\Documents and Settings\Artur\Dane aplikacji\Other.res C:\Documents and Settings\Artur\Dane aplikacji\ArcaBit C:\Documents and Settings\Artur\Dane aplikacji\ArcaMicroScan C:\Documents and Settings\Artur\Dane aplikacji\AutoUpdate C:\Documents and Settings\Artur\Dane aplikacji\Igyz C:\Documents and Settings\Artur\Dane aplikacji\Kamerzysta C:\Documents and Settings\Artur\Dane aplikacji\Okope C:\Documents and Settings\Artur\Dane aplikacji\Opfyol C:\Program Files\Mozilla Firefox C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Onet.pl AutoUpdate" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** HKU\S-1-5-21-1645522239-1454471165-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. rpcapd => Service deleted successfully. InCDFs => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully. HKU\S-1-5-21-1645522239-1454471165-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}" => Key deleted successfully. "HKCR\CLSID\{31435657-9980-0010-8000-00AA00389B71}" => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key deleted successfully. "HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" => Key deleted successfully. "HKCR\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" => Key not found. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => Key deleted successfully. "HKU\S-1-5-21-1645522239-1454471165-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully. C:\3590F75ABA9E485486C100C1A9D4FF06ZZ...ZZZ.ZZ..ZZZ => ":1" ADS removed successfully. C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.ZZZ..Z.ZZ => ":1" ADS removed successfully. C:\Documents and Settings\Artur\Dane aplikacji\Other.res => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\ArcaBit => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\ArcaMicroScan => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\AutoUpdate => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\Igyz => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\Kamerzysta => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\Okope => Moved successfully. C:\Documents and Settings\Artur\Dane aplikacji\Opfyol => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Onet.pl AutoUpdate" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 1.7 GB temporary data. The system needed a reboot. ==== End of Fixlog ====