Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01 Ran by Tomek at 2014-12-21 19:55:23 Run:1 Running from C:\Users\Tomek\Desktop Loaded Profile: Tomek (Available profiles: Tomek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 PennyBee; C:\Program Files\PennyBee\PennyBee.exe [50176 2014-10-23] () [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-11] (Fuyu LIMITED) [File not signed] U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X] Task: {5546CDE7-146D-4926-B7FB-BFF55BC2150D} - System32\Tasks\Opera D5 => C:\Program Files\Opera\launcher.exe Task: {57963B13-89CD-4F7D-8ED2-765B574B85EF} - System32\Tasks\Opera D1 => C:\Program Files\Opera\launcher.exe Task: {94E2F319-D480-450B-A33B-D8595CF64612} - System32\Tasks\Opera D6 => C:\Program Files\Opera\launcher.exe CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418322505&from=cor&uid=WDCXWD1600BEVS-60RST0_WD-WXCY0754784547845" HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2669564976-2020018048-883904723-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-2669564976-2020018048-883904723-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPMate C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension G:\AUTORUN.INF Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** Processes closed successfully. Restore point was successfully created. PennyBee => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. AppMgmt => Service deleted successfully. catchme => Service deleted successfully. HTCAND32 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5546CDE7-146D-4926-B7FB-BFF55BC2150D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5546CDE7-146D-4926-B7FB-BFF55BC2150D}" => Key deleted successfully. C:\Windows\System32\Tasks\Opera D5 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera D5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57963B13-89CD-4F7D-8ED2-765B574B85EF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57963B13-89CD-4F7D-8ED2-765B574B85EF}" => Key deleted successfully. C:\Windows\System32\Tasks\Opera D1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera D1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94E2F319-D480-450B-A33B-D8595CF64612}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E2F319-D480-450B-A33B-D8595CF64612}" => Key deleted successfully. C:\Windows\System32\Tasks\Opera D6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera D6" => Key deleted successfully. Chrome StartupUrls deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2669564976-2020018048-883904723-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-2669564976-2020018048-883904723-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}" => Key deleted successfully. HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPMate => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. Could not move "G:\AUTORUN.INF" => Scheduled to move on reboot. ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-21 20:02:10)<= "G:\AUTORUN.INF" => File could not move. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-21 23:19:25)<= G:\AUTORUN.INF => Is moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-21 23:19:36)<= G:\AUTORUN.INF => Is moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-21 23:20:22)<= G:\AUTORUN.INF => Is moved successfully.