Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014 Ran by user at 2014-12-05 20:01:46 Run:1 Running from D:\Programy\Na awarie z kompem Loaded Profile: user (Available profiles: user) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKU\S-1-5-21-1308830828-1798495019-3460747243-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKU\S-1-5-21-1308830828-1798495019-3460747243-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274&q={searchTerms} SearchScopes: HKU\S-1-5-21-1308830828-1798495019-3460747243-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8B6E0B60-5379-4105-946E-455943DAAEB7}&mid=8a82eb747f3b47d0a582d16f5e2fd441-85df8d4512f1eaf88b037167303c81c209679137&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-12 18:13:15&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hyowgsfq.default\extensions\faststartff@gmail.com CHR HomePage: Default -> www.wp.pl/?src01=dp220140831 CHR DefaultSearchKeyword: Default -> webssearches CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1417644035&from=cvs&uid=WDCXWD1600JS-22MHB0_WD-WCANM460727407274 U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-03] (Cherished Technololgy LIMITED) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\...\Policies\Explorer: [NoDrives] 8388608 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" C:\Program Files (x86)\Mozilla Firefox\extensions C:\Program Files (x86)\Przyspiesz Komputer C:\Program Files (x86)\SupTab C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przyspiesz Komputer C:\ProgramData\IePluginServices C:\ProgramData\WindowsMangerProtect C:\Users\user\AppData\Local\Akamai C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\user\AppData\Roaming\dlg C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage C:\Users\user\AppData\Roaming\Systweak C:\Users\user\AppData\Roaming\VOPackage C:\Users\user\AppData\Roaming\webssearches C:\Users\user\Documents\PCSpeedUp C:\Windows\grep.exe C:\Windows\MBR.exe C:\Windows\PEV.exe C:\Windows\sed.exe C:\Windows\zip.exe C:\Windows\SysWow64\unrar.dll CMD: netsh advfirewall reset Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Unable to remove or repair shortcut agument. The shortcut could be damaged. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. Chrome HomePage deleted successfully. Chrome DefaultSearchKeyword deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully. AppMgmt => Service deleted successfully. IePluginServices => Service deleted successfully. EagleX64 => Service deleted successfully. HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully. HKU\S-1-5-21-1308830828-1798495019-3460747243-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => value deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => Moved successfully. "C:\Program Files (x86)\Przyspiesz Komputer" => File/Directory not found. C:\Program Files (x86)\SupTab => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przyspiesz Komputer" => File/Directory not found. C:\ProgramData\IePluginServices => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. "C:\Users\user\AppData\Local\Akamai" => File/Directory not found. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\user\AppData\Roaming\dlg => Moved successfully. "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage" => File/Directory not found. C:\Users\user\AppData\Roaming\Systweak => Moved successfully. "C:\Users\user\AppData\Roaming\VOPackage" => File/Directory not found. "C:\Users\user\AppData\Roaming\webssearches" => File/Directory not found. "C:\Users\user\Documents\PCSpeedUp" => File/Directory not found. C:\Windows\grep.exe => Moved successfully. C:\Windows\MBR.exe => Moved successfully. C:\Windows\PEV.exe => Moved successfully. C:\Windows\sed.exe => Moved successfully. C:\Windows\zip.exe => Moved successfully. C:\Windows\SysWow64\unrar.dll => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ====