Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 04 Ran by Robert at 2013-09-14 18:13:05 Run:1 Running from C:\Users\Robert\Desktop\Wirus Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\jwr1wmqj6.ctrl C:\ProgramData\jw20wldlc.ctrl C:\ProgramData\jw20wldlc.pff C:\ProgramData\jwr1wmqj6.pff HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {A9DA9739-DA17-4DB1-84FD-133CD017666E} URL = http://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=4cc754eb000000000000001e3382cd86 BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Robert\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll No File CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\searchplugins\winamp-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\arccosine.xml FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru R3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x] U3 mbr; \??\C:\Users\Robert\AppData\Local\Temp\mbr.sys [x] Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** C:\ProgramData\jwr1wmqj6.ctrl => Moved successfully. C:\ProgramData\jw20wldlc.ctrl => Moved successfully. C:\ProgramData\jw20wldlc.pff => Moved successfully. C:\ProgramData\jwr1wmqj6.pff => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9DA9739-DA17-4DB1-84FD-133CD017666E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{A9DA9739-DA17-4DB1-84FD-133CD017666E} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => Key deleted successfully. HKCR\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => Key deleted successfully. C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\searchplugins\winamp-search.xml => Moved successfully. C:\Program Files\mozilla firefox\searchplugins\arccosine.xml => Moved successfully. C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash => Moved successfully. C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak => Moved successfully. C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru => Value deleted successfully. catchme => Service deleted successfully. ewusbnet => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_enumerator => Service deleted successfully. hwdatacard => Service deleted successfully. mdmxsdk => Service deleted successfully. mbr => Service not found. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====