Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04 Ran by user at 2014-01-20 20:59:08 Run:1 Running from C:\Users\user\Desktop\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [x] AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll => File Not Found SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyEtA0FyByB0C0ByB0FyD0CtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1626845989 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyEtA0FyByB0C0ByB0FyD0CtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1626845989 SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} SearchScopes: HKLM-x32 - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyEtA0FyByB0C0ByB0FyD0CtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1626845989 SearchScopes: HKCU - Backup.Old.DefaultScope {E3062F69-6D00-4743-A0A9-A8BB52C4AD6D} SearchScopes: HKCU - {2938DCB1-22E7-FA29-D40C-48C2B1A63147} URL = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=639 SearchScopes: HKCU - {E3062F69-6D00-4743-A0A9-A8BB52C4AD6D} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyCzz0AtA0CyEtA0FyByB0C0ByB0FyD0CtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1626845989 CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx [2013-12-12] R2 qtypesvc; C:\Program Files (x86)\QType\QtypeSvc.exe [310864 2013-01-31] (337 Technology Limited.) U3 DfSdkS; Task: {0B732EEB-B5E5-4140-BA67-C22A80A2F540} - System32\Tasks\{4E4E6FE0-5C35-45CD-ACE0-C219A829A03B} => C:\Program Files (x86)\iSpy\iSpy\iSpy.exe Task: {1F72A18B-3C19-47F3-B660-44CF4DAA7C14} - \RunAsStdUser No Task File Task: {8A10B497-92EF-4709-9E8B-ACEA9410384C} - System32\Tasks\0 => Chrome.exe <==== ATTENTION Task: {A1B20308-5CCA-4803-B16B-58FDA9E46405} - \BitGuard No Task File Task: {CBF1CD19-6F11-4787-B23A-F65088D01A19} - System32\Tasks\Microsoft\Windows\RVLKL\RVLKL => C:\ProgramData\rvlkl\rvlkl.exe Task: {CC5AA1D6-6393-4396-8C86-AF51E4C7CB64} - \BonanzaDealsUpdate No Task File Task: {E23CB431-B274-4E46-8E61-AFF257999BF1} - System32\Tasks\{BAAB022E-F2D2-43DB-B22D-8F35170FE09C} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain C:\Program Files (x86)\Mozilla Firefox C:\Users\user\AppData\Roaming\iSpy C:\Users\user\AppData\Roaming\iSpyServer C:\Users\user\AppData\Roaming\_MDLogs Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktop /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktopChanges /f Reg: reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /s CMD: copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences" C:\Users\user\Desktop ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. "c:\\progra~3\\browse~1\\261339~1.144\\{c16c1~1\\browse~1.dll" => Value Data removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully. HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2938DCB1-22E7-FA29-D40C-48C2B1A63147} => Key deleted successfully. HKCR\CLSID\{2938DCB1-22E7-FA29-D40C-48C2B1A63147} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E3062F69-6D00-4743-A0A9-A8BB52C4AD6D} => Key deleted successfully. HKCR\CLSID\{E3062F69-6D00-4743-A0A9-A8BB52C4AD6D} => Key not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb => Key deleted successfully. "C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx" => File/Directory not found. qtypesvc => Service deleted successfully. DfSdkS => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B732EEB-B5E5-4140-BA67-C22A80A2F540} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B732EEB-B5E5-4140-BA67-C22A80A2F540} => Key deleted successfully. C:\Windows\System32\Tasks\{4E4E6FE0-5C35-45CD-ACE0-C219A829A03B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E4E6FE0-5C35-45CD-ACE0-C219A829A03B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F72A18B-3C19-47F3-B660-44CF4DAA7C14} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F72A18B-3C19-47F3-B660-44CF4DAA7C14} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A10B497-92EF-4709-9E8B-ACEA9410384C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A10B497-92EF-4709-9E8B-ACEA9410384C} => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1B20308-5CCA-4803-B16B-58FDA9E46405} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1B20308-5CCA-4803-B16B-58FDA9E46405} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBF1CD19-6F11-4787-B23A-F65088D01A19} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBF1CD19-6F11-4787-B23A-F65088D01A19} => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\RVLKL\RVLKL => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RVLKL\RVLKL => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC5AA1D6-6393-4396-8C86-AF51E4C7CB64} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC5AA1D6-6393-4396-8C86-AF51E4C7CB64} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E23CB431-B274-4E46-8E61-AFF257999BF1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E23CB431-B274-4E46-8E61-AFF257999BF1} => Key deleted successfully. C:\Windows\System32\Tasks\{BAAB022E-F2D2-43DB-B22D-8F35170FE09C} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BAAB022E-F2D2-43DB-B22D-8F35170FE09C} => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Users\user\AppData\Roaming\iSpy => Moved successfully. C:\Users\user\AppData\Roaming\iSpyServer => Moved successfully. C:\Users\user\AppData\Roaming\_MDLogs => Moved successfully. ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktop /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoActiveDesktopChanges /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /s ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun REG_DWORD 0x91 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableLockWorkstation REG_DWORD 0x0 DisableTaskMgr REG_DWORD 0x0 DisableChangePassword REG_DWORD 0x0 ========= End of Reg: ========= ========= copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences" C:\Users\user\Desktop ========= Liczba skopiowanych plik¢w: 1. ========= End of CMD: ========= The system needs a manual reboot. ==== End of Fixlog ====