Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01 Ran by E14S at 2014-02-11 17:55:38 Run:1 Running from C:\Users\E14S\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Reg: reg query HKCU\SOFTWARE\Policies\Google /s CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S3 catchme; \??\C:\ComboFix\catchme.sys [X] Task: {B0AD9849-3A13-40A2-90C7-8A0F31F29AFB} - \Program aktualizacji online firmy Adobe. No Task File Task: {BF32AE6C-197E-4F18-A7C6-D591A163778E} - System32\Tasks\{DE005111-69C8-4B9E-83E4-569D6DE7FB8B} => C:\Users\E14S\Desktop\her\SETUP.EXE C:\extensions.ini C:\extensions.sqlite C:\ProgramData\install_clap C:\Program Files (x86)\AmiExt C:\Program Files\Enigma Software Group C:\Users\E14S\AppData\Local\genienext C:\Users\E14S\AppData\Roaming\(18-00-2D-C9-9A-C1) C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: md C:\Users\E14S\Desktop\Upload CMD: md C:\Users\E14S\Desktop\Upload\system32 CMD: md C:\Users\E14S\Desktop\Upload\SysWOW64 CMD: xcopy /e C:\Windows\system32\GroupPolicy C:\Users\E14S\Desktop\Upload\system32 CMD: xcopy /e C:\Windows\SysWOW64\GroupPolicy C:\Users\E14S\Desktop\Upload\SysWOW64 ***************** ========= reg query HKCU\SOFTWARE\Policies\Google /s ========= ========= End of Reg: ========= HKCU\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. catchme => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0AD9849-3A13-40A2-90C7-8A0F31F29AFB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0AD9849-3A13-40A2-90C7-8A0F31F29AFB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe. => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF32AE6C-197E-4F18-A7C6-D591A163778E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF32AE6C-197E-4F18-A7C6-D591A163778E} => Key deleted successfully. C:\Windows\System32\Tasks\{DE005111-69C8-4B9E-83E4-569D6DE7FB8B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE005111-69C8-4B9E-83E4-569D6DE7FB8B} => Key deleted successfully. C:\extensions.ini => Moved successfully. C:\extensions.sqlite => Moved successfully. C:\ProgramData\install_clap => Moved successfully. C:\Program Files (x86)\AmiExt => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\E14S\AppData\Local\genienext => Moved successfully. C:\Users\E14S\AppData\Roaming\(18-00-2D-C9-9A-C1) => Moved successfully. C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= md C:\Users\E14S\Desktop\Upload ========= ========= End of CMD: ========= ========= md C:\Users\E14S\Desktop\Upload\system32 ========= ========= End of CMD: ========= ========= md C:\Users\E14S\Desktop\Upload\SysWOW64 ========= ========= End of CMD: ========= ========= xcopy /e C:\Windows\system32\GroupPolicy C:\Users\E14S\Desktop\Upload\system32 ========= C:\Windows\system32\GroupPolicy\GPT.INI C:\Windows\system32\GroupPolicy\Machine\Registry.pol Liczba skopiowanych plik¢w: 2. ========= End of CMD: ========= ========= xcopy /e C:\Windows\SysWOW64\GroupPolicy C:\Users\E14S\Desktop\Upload\SysWOW64 ========= C:\Windows\SysWOW64\GroupPolicy\gpt.ini Liczba skopiowanych plik¢w: 1. ========= End of CMD: ========= ==== End of Fixlog ====