Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01 Ran by Mateusz at 2014-02-11 00:08:26 Run:1 Running from C:\Users\Mateusz\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [42687 ] () <=== ATTENTION HKU\S-1-5-21-3316585062-3970624614-868040292-1001\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-3316585062-3970624614-868040292-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-3316585062-3970624614-868040292-1001\...\Policies\Explorer: [NoFolderOptions] 1 CMD: for /d %f in (C:\Users\Mateusz\AppData\Local\*Bron*) do rd /s /q "%f" C:\Windows\eksplorasi.exe C:\Users\Mateusz\AppData\Local\*.exe C:\Users\Mateusz\AppData\Local\*.txt C:\Users\Mateusz\AppData\Local\*Bron* C:\Users\Mateusz\AppData\Roaming\mozilla C:\Users\Mateusz\Downloads\65044c197af55b5f827e7245ea635d42 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig" /s ***************** HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKU\S-1-5-21-3316585062-3970624614-868040292-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully. HKU\S-1-5-21-3316585062-3970624614-868040292-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully. HKU\S-1-5-21-3316585062-3970624614-868040292-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully. ========= for /d %f in (C:\Users\Mateusz\AppData\Local\*Bron*) do rd /s /q "%f" ========= ========= End of CMD: ========= C:\Windows\eksplorasi.exe => Moved successfully. C:\Users\Mateusz\AppData\Local\*.exe => Moved successfully. C:\Users\Mateusz\AppData\Local\*.txt => Moved successfully. C:\Users\Mateusz\AppData\Local\*Bron* => Moved successfully. C:\Users\Mateusz\AppData\Roaming\mozilla => Moved successfully. C:\Users\Mateusz\Downloads\65044c197af55b5f827e7245ea635d42 => Moved successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mateusz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif path REG_SZ C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif backup REG_SZ C:\Windows\pss\Empty.pif.Startup location REG_SZ C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup backupExtension REG_SZ .Startup command REG_SZ C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif item REG_SZ Empty YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x2 DAY REG_DWORD 0xa HOUR REG_DWORD 0x14 MINUTE REG_DWORD 0xc SECOND REG_DWORD 0xc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bron-Spizaetus key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ Bron-Spizaetus hkey REG_SZ HKLM command REG_SZ "C:\Windows\ShellNew\sempalong.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x2 DAY REG_DWORD 0xa HOUR REG_DWORD 0x14 MINUTE REG_DWORD 0xc SECOND REG_DWORD 0xc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Skype hkey REG_SZ HKCU command REG_SZ "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x2 DAY REG_DWORD 0xa HOUR REG_DWORD 0x14 MINUTE REG_DWORD 0x8 SECOND REG_DWORD 0x19 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tok-Cirrhatus key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Tok-Cirrhatus hkey REG_SZ HKCU command REG_SZ "C:\Users\Mateusz\AppData\Local\smss.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x2 DAY REG_DWORD 0xa HOUR REG_DWORD 0x14 MINUTE REG_DWORD 0xc SECOND REG_DWORD 0xc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ uTorrent hkey REG_SZ HKCU command REG_SZ "C:\Users\Mateusz\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x2 DAY REG_DWORD 0xa HOUR REG_DWORD 0x14 MINUTE REG_DWORD 0x8 SECOND REG_DWORD 0x19 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state startup REG_DWORD 0x2 ========= End of Reg: ========= ==== End of Fixlog ====