Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by ewka at 2014-03-18 18:43:50 Run:1 Running from C:\Users\ewka\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {DE557D97-DBC9-4EB7-A4A9-4C37DB6D09C9} - \BrowserDefendert No Task File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {FF9858AD-FFBA-4360-B551-CB47AB646635} URL = Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File S3 btmaux; system32\DRIVERS\btmaux.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] C:\Program Files (x86)\mozilla firefox C:\Users\ewka\Downloads\eset_nod32_antivirus_live_installer_*.exe C:\Users\ewka\Downloads\Skype_instalator_sciagnij.exe C:\Users\ewka\AppData\Roaming\_MDLogs C:\Windows\system32\SET*.tmp Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE557D97-DBC9-4EB7-A4A9-4C37DB6D09C9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE557D97-DBC9-4EB7-A4A9-4C37DB6D09C9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF9858AD-FFBA-4360-B551-CB47AB646635} => Key deleted successfully. HKCR\CLSID\{FF9858AD-FFBA-4360-B551-CB47AB646635} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully. HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. btmaux => Service deleted successfully. catchme => Service deleted successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\Users\ewka\Downloads\eset_nod32_antivirus_live_installer_*.exe => Moved successfully. C:\Users\ewka\Downloads\Skype_instalator_sciagnij.exe => Moved successfully. C:\Users\ewka\AppData\Roaming\_MDLogs => Moved successfully. "C:\Windows\system32\SET*.tmp" => File/Directory not found. ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====