Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-07-2013 Ran by ola at 2013-07-19 14:41:59 Run:1 Running from E:\ Boot Mode: Normal ============================================== C:\ProgramData\AudioCodec0 => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\ar-SA" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\bg-BG" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\fr-FR" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\hr-HR" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\pl-PL" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\ru-RU" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\sl-SI" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\tr-TR" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. ========= TAKEOWN /F C:\$Recycle.Bin /R /A /D T ========= POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-18" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1012" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\@" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\L" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\U" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$IXOZN5D.iso" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$R57G3E6" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$RXOZN5D.iso" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\desktop.ini" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\@" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\U" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L\00000004.@" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L\76603ac3" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$R57G3E6\Mahjong Garden Deluxe" nale¾y teraz do grupy administrator¢w. POWODZENIE: Plik (lub folder): "C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1012\desktop.ini" nale¾y teraz do grupy administrator¢w. ========= End of CMD: ========= ========= icacls C:\$Recycle.Bin /grant Wszyscy:F /T ========= przetworzono plik: C:\$Recycle.Bin przetworzono plik: C:\$Recycle.Bin\S-1-5-18 przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000 przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1012 przetworzono plik: C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444 przetworzono plik: C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\@ przetworzono plik: C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\L przetworzono plik: C:\$Recycle.Bin\S-1-5-18\$af1f7760278a7ea8294715d9e4fd5444\U przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444 przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$IXOZN5D.iso przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$R57G3E6 przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$RXOZN5D.iso przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\desktop.ini przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\@ przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\U przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L\00000004.@ przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$af1f7760278a7ea8294715d9e4fd5444\L\76603ac3 przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1000\$R57G3E6\Mahjong Garden Deluxe przetworzono plik: C:\$Recycle.Bin\S-1-5-21-960818227-1445388546-159826952-1012\desktop.ini Liczba plik¢w przetworzonych pomy˜lnie: 20; liczba plik¢w, kt¢rych przetwarzanie nie powiodˆo si©: 0. ========= End of CMD: ========= ========= rd /s /q C:\$Recycle.Bin ========= ========= End of CMD: ========= HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{4DB74D06-491C-440D-305E-012400990F3E} => Key not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ILO_Office_Manager => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Intense Registry Service => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Value deleted successfully. HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Key not found. HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully. HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F08C088-9738-4735-AE80-E25AB06A10FE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F08C088-9738-4735-AE80-E25AB06A10FE} => Key deleted successfully. C:\Windows\System32\Tasks\{91413173-A52D-40F1-B52C-1B86EB5F502F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91413173-A52D-40F1-B52C-1B86EB5F502F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F958386-2E3A-40EF-8167-486642E23EBC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F958386-2E3A-40EF-8167-486642E23EBC} => Key deleted successfully. C:\Windows\System32\Tasks\{3D56C988-F61B-4572-AB12-45C54E4C7221} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D56C988-F61B-4572-AB12-45C54E4C7221} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D158256-F72D-4122-930B-4399D75F76D5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D158256-F72D-4122-930B-4399D75F76D5} => Key deleted successfully. C:\Windows\System32\Tasks\{A873082B-C4C7-4C0E-8B87-93BBBDCCC27C} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A873082B-C4C7-4C0E-8B87-93BBBDCCC27C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90160A40-63D7-44EB-A5CD-A14CCBCDCC2D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90160A40-63D7-44EB-A5CD-A14CCBCDCC2D} => Key deleted successfully. C:\Windows\System32\Tasks\{EAD474E4-750B-4483-9A5B-7AFE5846A216} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EAD474E4-750B-4483-9A5B-7AFE5846A216} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D982DE9E-9B42-4F8A-8EC7-2C520B0715A2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D982DE9E-9B42-4F8A-8EC7-2C520B0715A2} => Key deleted successfully. C:\Windows\System32\Tasks\{0205DED2-5A7F-4E36-A051-C1766D85D4DC} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0205DED2-5A7F-4E36-A051-C1766D85D4DC} => Key deleted successfully. ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====