Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01 Ran by Kuba i Michał at 2015-02-27 13:14:41 Run:1 Running from D:\Documents and Settings\Kuba i Michał\Pulpit Loaded Profiles: Kuba i Michał & bot & Administrator (Available profiles: Kuba i Michał & bot & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: StartMenuInternet: (HKLM) Opera - D:\Program Files\Opera\Opera.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=SAMSUNGXHD252HJ_S17HJ1KQA00137&ts=1381579882 ProxyServer: [.DEFAULT] => 203.160.1.94:80 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141118 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKU\S-1-5-21-1078081533-299502267-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKLM -> URL http://startsear.ch/?aff=2&src=sp&cf=b365d94a-2514-11e2-be72-00e04c100ab8&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078081533-299502267-839522115-1003 -> URL http://startsear.ch/?aff=2&src=sp&cf=b365d94a-2514-11e2-be72-00e04c100ab8&q={searchTerms} SearchScopes: HKU\S-1-5-21-1078081533-299502267-839522115-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={3183B199-3464-49BF-A85F-F7D21EEA8723}&mid=e9e8e12cc64447d08430d1a90af4e34b-0d067dae5e7e84af70bb79418a28c71df2b2738c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-11-06 18:15:46&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms} Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1078081533-299502267-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Plugin: @gamersfirst.com/LiveLauncher -> H:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll No File FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - H:\Program Files\Spyware Doctor\BDT\FireFox FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - D:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - D:\Program Files\PDF Architect\FFPDFArchitectExt FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird CustomCLSID: HKU\S-1-5-21-1078081533-299502267-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path D:\Documents and Settings\All Users\Dane aplikacji\TEMP D:\Program Files\Mozilla Firefoxavg-secure-search.xml D:\Program Files\Mozilla Firefox\extensions D:\Program Files\Mozilla Firefox\plugins D:\Documents and Settings\bot\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\FlashGet 2.0.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\ots24.net Galaxia.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\SjBoy ChingLish.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk D:\Documents and Settings\Kuba i Michał\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension D:\WINDOWS\pss\20Dollars2Surf.lnkCommon Startup D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup D:\WINDOWS\pss\BTTray.lnkCommon Startup D:\WINDOWS\pss\Game Alarm.lnkStartup D:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup D:\WINDOWS\pss\runjar.batStartup D:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup D:\WINDOWS\pss\Xfire.lnkStartup Hosts: Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^20Dollars2Surf.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^Game Alarm.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^runjar.bat" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^tmonitor.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^WinCE3.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^Xfire.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BtTray" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPLA!" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LG LinkAir" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RDReminder" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => Value was restored successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1078081533-299502267-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. HKU\S-1-5-21-1078081533-299502267-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. "HKU\S-1-5-21-1078081533-299502267-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found. HKU\S-1-5-21-1078081533-299502267-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. "HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher" => Key deleted successfully. "HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com => value deleted successfully. HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. "HKU\S-1-5-21-1078081533-299502267-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully. D:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. D:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully. D:\Program Files\Mozilla Firefox\extensions => Moved successfully. D:\Program Files\Mozilla Firefox\plugins => Moved successfully. D:\Documents and Settings\bot\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\FlashGet 2.0.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\ots24.net Galaxia.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\SjBoy ChingLish.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk => Moved successfully. D:\Documents and Settings\Kuba i Michał\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences => Moved successfully. D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. D:\WINDOWS\pss\20Dollars2Surf.lnkCommon Startup => Moved successfully. D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup => Moved successfully. D:\WINDOWS\pss\BTTray.lnkCommon Startup => Moved successfully. D:\WINDOWS\pss\Game Alarm.lnkStartup => Moved successfully. D:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup => Moved successfully. D:\WINDOWS\pss\runjar.batStartup => Moved successfully. D:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup => Moved successfully. D:\WINDOWS\pss\Xfire.lnkStartup => Moved successfully. Hosts was reset successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^20Dollars2Surf.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^Game Alarm.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^runjar.bat" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^tmonitor.exe" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^WinCE3.exe" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^Kuba i Michał^Menu Start^Programy^Autostart^Xfire.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BtTray" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPLA!" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LG LinkAir" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RDReminder" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 334.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 13:17:11 ====