Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02 Ran by Adaś at 2014-05-29 00:33:57 Run:1 Running from C:\Users\Adaś\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2066428769-1742790634-616578676-1000\...\Run: [zyrhxgyrtk] => wscript.exe //B "C:\Users\Adaś\AppData\Roaming\zyrhxgyrtk..vbs" <===== ATTENTION Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF user.js: detected! => C:\Users\Adaś\AppData\Roaming\Mozilla\Firefox\Profiles\5j5b6fbs.default\user.js FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Temp C:\Program Files\Enigma Software Group C:\Program Files (x86)\AVG SafeGuard toolbar C:\Program Files (x86)\Spybot - Search & Destroy 2 C:\Program Files (x86)\WiseEnhance C:\ProgramData\AVG Security Toolbar C:\ProgramData\Spybot - Search & Destroy C:\Users\Adaś\AppData\Roaming\zyrhxgyrtk..vbs C:\Users\Adaś\AppData\Roaming\ESET C:\Users\Adaś\Downloads\Malwarebytes-AntiMalware(13117).exe C:\Users\Adaś\Downloads\Spybot-Search-Destroy(12546).exe C:\Users\Adaś\Downloads\SpyHunter-Installer.exe C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP C:\Windows\System32\Tasks\Safer-Networking Reg: reg query "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig" /s Reboot: ***************** HKU\S-1-5-21-2066428769-1742790634-616578676-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zyrhxgyrtk => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. C:\Users\Adaś\AppData\Roaming\Mozilla\Firefox\Profiles\5j5b6fbs.default\user.js => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. esgiguard => Service deleted successfully. C:\Temp => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully. C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully. C:\Program Files (x86)\WiseEnhance => Moved successfully. C:\ProgramData\AVG Security Toolbar => Moved successfully. C:\ProgramData\Spybot - Search & Destroy => Moved successfully. "C:\Users\Adaś\AppData\Roaming\zyrhxgyrtk..vbs" => File/Directory not found. C:\Users\Adaś\AppData\Roaming\ESET => Moved successfully. C:\Users\Adaś\Downloads\Malwarebytes-AntiMalware(13117).exe => Moved successfully. C:\Users\Adaś\Downloads\Spybot-Search-Destroy(12546).exe => Moved successfully. C:\Users\Adaś\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. C:\Windows\System32\Tasks\Safer-Networking => Moved successfully. ========= reg query "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\331BigDog key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ 331BigDog hkey REG_SZ HKLM command REG_SZ C:\Program Files (x86)\USB Camera\VM331STI.EXE inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x2 SECOND REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA hkey REG_SZ HKLM command REG_SZ 1 inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x11 MINUTE REG_DWORD 0x38 SECOND REG_DWORD 0x1c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ Adobe ARM hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x11 MINUTE REG_DWORD 0x38 SECOND REG_DWORD 0x1c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ BDRegion hkey REG_SZ HKLM command REG_SZ C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x8 HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x36 SECOND REG_DWORD 0x1b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ DAEMON Tools Lite hkey REG_SZ HKCU command REG_SZ "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x3 DAY REG_DWORD 0x1b HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x23 SECOND REG_DWORD 0x9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Google Update hkey REG_SZ HKCU command REG_SZ "C:\Users\Ada˜\AppData\Local\Google\Update\GoogleUpdate.exe" /c inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x8 HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x36 SECOND REG_DWORD 0x1b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ LogMeIn Hamachi Ui hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x8 HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x36 SECOND REG_DWORD 0x1b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD9LanguageShortcut key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ PDVD9LanguageShortcut hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x8 HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x36 SECOND REG_DWORD 0x1b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ QuickTime Task hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x3 DAY REG_DWORD 0x1b HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x23 SECOND REG_DWORD 0x9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl9 key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ RemoteControl9 hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x8 HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x36 SECOND REG_DWORD 0x1b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ SDTray hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x16 SECOND REG_DWORD 0x33 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Companion key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Sony Ericsson PC Companion hkey REG_SZ HKCU command REG_SZ "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x3 DAY REG_DWORD 0x1b HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x23 SECOND REG_DWORD 0x9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ Sony Ericsson PC Suite hkey REG_SZ HKCU command REG_SZ "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x3 DAY REG_DWORD 0x1b HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x23 SECOND REG_DWORD 0x9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynLenovoGestureMgr key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ SynLenovoGestureMgr hkey REG_SZ HKLM command REG_SZ %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x2 SECOND REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ SynTPEnh hkey REG_SZ HKLM command REG_SZ %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x2 SECOND REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run item REG_SZ vProt hkey REG_SZ HKLM command REG_SZ "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" inimapping REG_SZ 0 YEAR REG_DWORD 0x7de MONTH REG_DWORD 0x5 DAY REG_DWORD 0x1c HOUR REG_DWORD 0x12 MINUTE REG_DWORD 0x2 SECOND REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state services REG_DWORD 0x0 startup REG_DWORD 0x2 ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====