Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01 Ran by Marzena at 2015-04-30 18:44:43 Run:1 Running from C:\Documents and Settings\Marzena\Pulpit\FRST Loaded Profiles: Marzena (Available profiles: Marzena & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [GEST] => ] HKU\S-1-5-21-1085031214-1960408961-682003330-1002\...\Run: [Clownfish] => [X] S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HomePage: Default -> hxxp://isearch.\u003C!--- Page(page_conn_problem_waiting)=[] --->\u003CHTML>\u003CHEAD>\u003CMETA HTTP-EQUIV=\ CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-03] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-03] SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420820123&from=cor&uid=WDCXWD1600AAJS-00L7A0_WD-WMAV3505620256202&q={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-1960408961-682003330-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420820123&from=cor&uid=WDCXWD1600AAJS-00L7A0_WD-WMAV3505620256202&q={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-1960408961-682003330-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420820123&from=cor&uid=WDCXWD1600AAJS-00L7A0_WD-WMAV3505620256202&q={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-1960408961-682003330-1002 -> {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 HKU\S-1-5-21-1085031214-1960408961-682003330-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html Toolbar: HKLM - No Name - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - No File C:\Documents and Settings\All Users\Dane aplikacji\0c3a7392-abfa-41f5-95a9-5e339ac76b7b C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software C:\Documents and Settings\All Users\Dane aplikacji\LogMeIn C:\Documents and Settings\All Users\Dane aplikacji\Nexon C:\Documents and Settings\Marzena\servers.def C:\Documents and Settings\Marzena\servers.def.lkg C:\Documents and Settings\Marzena\servers.def.vpx C:\Documents and Settings\Marzena\Dane aplikacji\AVAST Software C:\Documents and Settings\Marzena\Dane aplikacji\BANDISOFT C:\Documents and Settings\Marzena\Dane aplikacji\Mozilla C:\Documents and Settings\Marzena\Dane aplikacji\Skype\My Skype Received Files\Bandicam(1).lnk C:\Documents and Settings\Marzena\Dane aplikacji\Skype\My Skype Received Files\Bandicam.lnk C:\Documents and Settings\Marzena\Dane aplikacji\Skype\My Skype Received Files\EPSON Scan.lnk C:\Documents and Settings\Marzena\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Documents and Settings\Marzena\Ustawienia lokalne\Dane aplikacji\Mozilla C:\Program Files\AVAST Software C:\Program Files\Mozilla Firefox C:\Program Files\XTab C:\WINDOWS\jumpshot.com C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\system32\*.tmp C:\WINDOWS\system32\servers.def C:\WINDOWS\system32\servers.def.lkg C:\WINDOWS\system32\servers.def.vpx C:\WINDOWS\system32\Drivers\*.tmp CMD: dir /a "C:\Documents and Settings" Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GEST => value deleted successfully. HKU\S-1-5-21-1085031214-1960408961-682003330-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => value deleted successfully. EagleXNt => Service deleted successfully. C:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome HomePage deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully. Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot. "HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully. Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1085031214-1960408961-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1085031214-1960408961-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-1085031214-1960408961-682003330-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}" => Key deleted successfully. HKCR\CLSID\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} => Key not found. HKU\S-1-5-21-1085031214-1960408961-682003330-1002\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} => value deleted successfully. HKCR\CLSID\{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} => Key not found. C:\Documents and Settings\All Users\Dane aplikacji\0c3a7392-abfa-41f5-95a9-5e339ac76b7b => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-30 18:58:17)<= ==> ATTENTION: System is not rebooted. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-30 18:58:33)<= ==> ATTENTION: System is not rebooted. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-30 18:58:43)<= ==> ATTENTION: System is not rebooted.