Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014 Ran by Damian at 2014-01-09 14:54:47 Run:1 Running from C:\Users\Damian\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe () C:\REGVIEW\regview.exe C:\REGVIEW C:\ProgramData\1274638726487231648723648726384.exe Startup: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url () Reg: reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKLM-x32\...\Run: [Windows System] - C:\Windows\System32\taskmgr.exe [255488 2009-04-06] (Microsoft Corporation) HKLM\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe HKCU\...\Winlogon: [Shell] Explorer.exe [2871808 2013-01-26] (Microsoft Corporation) HKCU\...\CurrentVersion\Windows: [Load] C:\REGVIEW\regview.exe HKU\NeroMediaHomeUser.4\...\Winlogon: [Shell] Explorer.exe [2871808 2013-01-26] (Microsoft Corporation) HKU\UpdatusUser\...\Winlogon: [Shell] Explorer.exe [2871808 2013-01-26] (Microsoft Corporation) Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options IFEO\avcenter.exe: [Debugger] louse.exe IFEO\avguard.exe: [Debugger] louse.exe IFEO\avp.exe: [Debugger] louse.exe IFEO\bdagent.exe: [Debugger] louse.exe IFEO\ccuac.exe: [Debugger] louse.exe IFEO\ComboFix.exe: [Debugger] louse.exe IFEO\egui.exe: [Debugger] louse.exe IFEO\hijackthis.exe: [Debugger] louse.exe IFEO\keyscrambler.exe: [Debugger] louse.exe IFEO\mbam.exe: [Debugger] louse.exe IFEO\MpCmdRun.exe: [Debugger] louse.exe IFEO\MSASCui.exe: [Debugger] louse.exe IFEO\MsMpEng.exe: [Debugger] louse.exe IFEO\msseces.exe: [Debugger] louse.exe IFEO\NIS.exe: [Debugger] louse.exe IFEO\spybotsd.exe: [Debugger] louse.exe IFEO\wireshark.exe: [Debugger] louse.exe IFEO\zlclient.exe: [Debugger] louse.exe U4 ClipSrv; U3 dmadmin; U3 ImapiService; U3 LiveUpdate; U4 NetDDE; U4 NetDDEdsdm; U3 ose; U3 RDSessMgr; U3 rpcapd; U4 TlntSvr; U3 WcwService; S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [x] U3 CiSvc; U3 mnmsrvc; S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [x] S3 rtlss; System32\Drivers\rtlss.sys [x] U2 TMAgent; HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56047018.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56047018.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avasdmft => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avas_service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avss_service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdifw => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpsec => ""="Driver" Task: {0B799F2C-6734-4E1D-A5BB-527B9348A61D} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe Task: {8D7D27E3-2002-4AE5-8E5F-14F5C1269C6D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe Task: {552AF4EA-E582-417B-8C20-9AD903590DFF} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Damian\AppData\Roaming\AntiBrowserSpy 2009 C:\Program Files (x86)\mozilla firefox Folder: C:\Program Files\Microsoft Folder: C:\Program Files (x86)\Microsoft Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies" /f Reg: reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKCU\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoSMHelp /f Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDesktop /f Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reg: reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reg: reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v CustomizeSearch /f Reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v SearchAssistant /f Reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v SearchURL /f ***************** [2552] C:\Windows\SysWOW64\wscript.exe => Process closed successfully. [2948] C:\REGVIEW\regview.exe => Process closed successfully. C:\REGVIEW => Moved successfully. C:\ProgramData\1274638726487231648723648726384.exe => Moved successfully. C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url => Moved successfully. ========= reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Windows System REG_SZ C:\REGVIEW\regview.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Disabled (Startup Manager) ========= End of Reg: ========= HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows System => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. HKU\NeroMediaHomeUser.4\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" => Key unlocked successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NIS.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully. ClipSrv => Service deleted successfully. dmadmin => Service deleted successfully. ImapiService => Service deleted successfully. LiveUpdate => Service deleted successfully. NetDDE => Service deleted successfully. NetDDEdsdm => Service deleted successfully. ose => Service deleted successfully. RDSessMgr => Service deleted successfully. rpcapd => Service deleted successfully. TlntSvr => Service deleted successfully. WcwService => Service deleted successfully. BprotectEx => Service deleted successfully. CiSvc => Service deleted successfully. mnmsrvc => Service deleted successfully. RTL8192cu => Service deleted successfully. rtlss => Service deleted successfully. TMAgent => Service deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\56047018.sys => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\56047018.sys => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avasdmft => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avas_service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avss_service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BsScanner => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdifw => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tpsec => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B799F2C-6734-4E1D-A5BB-527B9348A61D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B799F2C-6734-4E1D-A5BB-527B9348A61D} => Key deleted successfully. C:\Windows\System32\Tasks\Driver Booster Scan => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D7D27E3-2002-4AE5-8E5F-14F5C1269C6D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7D27E3-2002-4AE5-8E5F-14F5C1269C6D} => Key deleted successfully. C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{552AF4EA-E582-417B-8C20-9AD903590DFF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{552AF4EA-E582-417B-8C20-9AD903590DFF} => Key deleted successfully. C:\Windows\System32\Tasks\JetCleanLoginCheckUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JetCleanLoginCheckUpdate => Key deleted successfully. HKCU\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. C:\Users\Damian\AppData\Roaming\AntiBrowserSpy 2009 => Moved successfully. C:\Program Files (x86)\mozilla firefox => Moved successfully. ========================= Folder: C:\Program Files\Microsoft ======================== Directory Not Found ====== End of Folder: ====== ========================= Folder: C:\Program Files (x86)\Microsoft ======================== Directory Not Found ====== End of Folder: ====== ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Policies\Microsoft\Internet Explorer" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoSMHelp /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDesktop /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v CustomizeSearch /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v SearchAssistant /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main" /v SearchURL /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====