Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015 Ran by Tomek at 2015-02-09 18:37:06 Run:1 Running from C:\Users\Tomek\Downloads\Nowy folder (2) Loaded Profiles: Tomek (Available profiles: Tomek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 IHProtect Service; C:\Program Files (x86)\STab\ProtectService.exe [158864 2014-11-10] (TODO: ) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-16] (Fuyu LIMITED) [File not signed] S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [X] S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [X] S2 TBPanel; No ImagePath S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X] S1 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X] Task: {1907D87C-BC71-4D1E-B4ED-6BF830D08B16} - System32\Tasks\{BDC2D8D5-810C-4A6D-A1EE-6EE6DADD6AE1} => E:\GTAIV_Patch_V2.exe Task: {497C164B-121B-43F0-98BB-C0E4D95C0EBB} - System32\Tasks\{C8626B99-FC13-4F31-92F4-A57D7AE241C9} => pcalua.exe -a D:\Programy\mp3DC220_www.INSTALKI.pl.exe -d D:\Programy Task: {4D00F012-78DA-4B49-A58F-7F0D4FAF0A8F} - System32\Tasks\AmiUpdXp => C:\Users\Tomek\AppData\Local\7310\a15287.exe <==== ATTENTION Task: {7433A507-37AD-44D0-B78A-3781A8FC4FD5} - System32\Tasks\{AF4A419C-F637-4CE8-9F58-F06E8BA3126B} => pcalua.exe -a "E:\Instal\GTA 4 EfLC\gta4_eflc_spolszczenie(www.ironsquad.pl).exe" -d "E:\Instal\GTA 4 EfLC" Task: {F24C54B6-8057-4945-9213-24E1420B8AD9} - System32\Tasks\{DC55E531-AC04-4C80-AE39-D83A8BD1AE7C} => pcalua.exe -a C:\Users\Tomek\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Tomek\AppData\Local\7310\a15287.exe <==== ATTENTION HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [ASRockOCTuner] => [X] HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [RGSC] => E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-3233527848-828038961-4074897931-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tomek\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKU\S-1-5-21-3233527848-828038961-4074897931-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1418761778&from=exp&uid=WDCXWD7501AALS-00J7B1_WD-WMATV166337663376&q={searchTerms} SearchScopes: HKU\S-1-5-21-3233527848-828038961-4074897931-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9D5F4F82-8B23-42B8-ACE6-61E59C3AD5E8}&mid=70881a8c5dfc47d39fe86d16b234493f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-06 11:58:11&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: youtubeadblocker -> {52a5d084-65f1-4902-9ae8-5fd4646bb132} -> C:\Program Files (x86)\youtubeadblocker\ul50tWOZZxYWeM.x64.dll () BHO: VVaUUdix -> {915b1d5f-504a-4856-99b6-40a0d063bc3e} -> C:\Program Files (x86)\VVaUUdix\QDLuwXOmL95Dnz.x64.dll () BHO-x32: Media Buzz -> {06fa1323-e27c-46c2-9b4e-c1f4e035242d} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ie\MediaBuzzV1mode2767.dll ()\ BHO-x32: Rich Media View -> {bf22bdc1-e4dc-47d4-8159-dd7bb6d11d5c} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ie\RichMediaViewV1release881.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode2767.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2767\ff FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release881.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release881\ff FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\nnxc2hsn.default-1413221507592\extensions\faststartff@gmail.com C:\Program Files (x86)\Google C:\Program Files (x86)\MediaBuzzV1 C:\Program Files (x86)\RichMediaViewV1 C:\Program Files (x86)\STab C:\Program Files (x86)\VVaUUdix C:\Program Files (x86)\Yandex.Traffic C:\Program Files (x86)\youtubeadblocker C:\ProgramData\{c457b742-fa38-e47d-c457-7b742fa3dd0b} C:\ProgramData\7791935601182018279 C:\ProgramData\APN C:\ProgramData\Google C:\ProgramData\WindowsMangerProtect C:\ProgramData\Microsoft\Windows\Start Menu\GoForFiles C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa C:\Users\Tomek\AppData\Local\TempjP1704.html C:\Users\Tomek\AppData\Local\TempXy1704.html C:\Users\Tomek\AppData\Local\user_data.ini C:\Users\Tomek\AppData\Local\7310 C:\Users\Tomek\AppData\Local\Google Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Tomek\AppData\Local CMD: dir /a C:\Users\Tomek\AppData\LocalLow CMD: dir /a C:\Users\Tomek\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. IHProtect Service => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. NetHttpService => Service deleted successfully. ServiceUpdater => Service deleted successfully. TBPanel => Service not found. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. huawei_wwanecm => Service deleted successfully. iSafeNetFilter => Service deleted successfully. nethfdrv => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1907D87C-BC71-4D1E-B4ED-6BF830D08B16}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1907D87C-BC71-4D1E-B4ED-6BF830D08B16}" => Key deleted successfully. C:\Windows\System32\Tasks\{BDC2D8D5-810C-4A6D-A1EE-6EE6DADD6AE1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BDC2D8D5-810C-4A6D-A1EE-6EE6DADD6AE1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{497C164B-121B-43F0-98BB-C0E4D95C0EBB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{497C164B-121B-43F0-98BB-C0E4D95C0EBB}" => Key deleted successfully. C:\Windows\System32\Tasks\{C8626B99-FC13-4F31-92F4-A57D7AE241C9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C8626B99-FC13-4F31-92F4-A57D7AE241C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D00F012-78DA-4B49-A58F-7F0D4FAF0A8F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D00F012-78DA-4B49-A58F-7F0D4FAF0A8F}" => Key deleted successfully. C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7433A507-37AD-44D0-B78A-3781A8FC4FD5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7433A507-37AD-44D0-B78A-3781A8FC4FD5}" => Key deleted successfully. C:\Windows\System32\Tasks\{AF4A419C-F637-4CE8-9F58-F06E8BA3126B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF4A419C-F637-4CE8-9F58-F06E8BA3126B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F24C54B6-8057-4945-9213-24E1420B8AD9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F24C54B6-8057-4945-9213-24E1420B8AD9}" => Key deleted successfully. C:\Windows\System32\Tasks\{DC55E531-AC04-4C80-AE39-D83A8BD1AE7C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC55E531-AC04-4C80-AE39-D83A8BD1AE7C}" => Key deleted successfully. C:\Windows\Tasks\AmiUpdXp.job => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => value deleted successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => value deleted successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC => value deleted successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-3233527848-828038961-4074897931-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-3233527848-828038961-4074897931-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52a5d084-65f1-4902-9ae8-5fd4646bb132} => Key not found. "HKCR\CLSID\{52a5d084-65f1-4902-9ae8-5fd4646bb132}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{915b1d5f-504a-4856-99b6-40a0d063bc3e} => Key not found. "HKCR\CLSID\{915b1d5f-504a-4856-99b6-40a0d063bc3e}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06fa1323-e27c-46c2-9b4e-c1f4e035242d} => Key not found. "HKCR\Wow6432Node\CLSID\{06fa1323-e27c-46c2-9b4e-c1f4e035242d}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf22bdc1-e4dc-47d4-8159-dd7bb6d11d5c} => Key not found. "HKCR\Wow6432Node\CLSID\{bf22bdc1-e4dc-47d4-8159-dd7bb6d11d5c}" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} => Value not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} => Value not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaBuzzV1mode2767.net => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@RichMediaViewV1release881.net => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. "C:\Program Files (x86)\Google" => File/Directory not found. C:\Program Files (x86)\MediaBuzzV1 => Moved successfully. C:\Program Files (x86)\RichMediaViewV1 => Moved successfully. C:\Program Files (x86)\STab => Moved successfully. "C:\Program Files (x86)\VVaUUdix" => File/Directory not found. "C:\Program Files (x86)\Yandex.Traffic" => File/Directory not found. "C:\Program Files (x86)\youtubeadblocker" => File/Directory not found. C:\ProgramData\{c457b742-fa38-e47d-c457-7b742fa3dd0b} => Moved successfully. C:\ProgramData\7791935601182018279 => Moved successfully. C:\ProgramData\APN => Moved successfully. "C:\ProgramData\Google" => File/Directory not found. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\GoForFiles => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa => Moved successfully. C:\Users\Tomek\AppData\Local\TempjP1704.html => Moved successfully. C:\Users\Tomek\AppData\Local\TempXy1704.html => Moved successfully. C:\Users\Tomek\AppData\Local\user_data.ini => Moved successfully. C:\Users\Tomek\AppData\Local\7310 => Moved successfully. C:\Users\Tomek\AppData\Local\Google => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Program Files 2015-01-15 19:34 . 2015-01-15 19:34 .. 2013-12-23 14:59 ASRock 2013-12-23 14:59 ASRock Utility 2013-12-23 14:54 ATI 2013-12-23 15:11 Common Files 2013-12-23 16:19 CPUID 2009-07-14 05:54 174 desktop.ini 2014-07-09 09:55 DIFX 2009-07-14 19:09 DVD Maker 2014-02-10 09:36 HP 2009-07-14 18:55 Internet Explorer 2009-07-14 19:09 Microsoft Games 2013-12-23 23:16 Microsoft Office 2015-01-15 19:34 Microsoft Xbox 360 Accessories 2009-07-14 06:32 MSBuild 2014-10-07 16:54 NVIDIA Corporation 2013-12-23 14:57 Realtek 2009-07-14 06:32 Reference Assemblies 2009-07-14 06:09 Uninstall Information 2009-07-14 18:55 Windows Defender 2009-07-14 19:09 Windows Journal 2009-07-14 18:55 Windows Mail 2009-07-14 18:55 Windows Media Player 2013-12-23 14:52 Windows NT 2009-07-14 18:55 Windows Photo Viewer 2009-07-14 06:32 Windows Portable Devices 2009-07-14 18:55 Windows Sidebar 2013-12-23 17:00 WinRAR 1 plik(¢w) 174 bajt¢w 28 katalog(¢w) 100ÿ747ÿ517ÿ952 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Program Files (x86) 2015-02-09 18:37 . 2015-02-09 18:37 .. 2014-10-07 16:55 AGEIA Technologies 2013-12-23 14:59 ASRock Utility 2013-12-23 16:27 AVG 2014-12-19 12:11 Battlelog Web Plugins 2014-10-10 17:17 Blueberry Consultants 2015-02-09 18:32 Common Files 2013-12-23 15:01 CyberLink 2013-12-23 16:24 DAEMON Tools Lite 2009-07-14 05:54 174 desktop.ini 2014-10-10 17:43 Docudesk 2014-02-23 22:18 EA Games 2013-12-23 18:43 ffdshow 2013-12-23 16:20 GRETECH 2013-12-23 16:21 Haali 2014-02-02 19:31 InstallShield Installation Information 2009-07-14 18:55 Internet Explorer 2014-09-09 20:03 ipla 2014-10-11 18:49 MediaPlayerV1 2014-10-11 18:49 MediaViewerV1 2014-10-11 18:49 MediaViewV1 2014-10-11 18:49 MediaWatchV1 2013-12-23 23:23 Microsoft Games for Windows - LIVE 2014-01-28 15:49 Microsoft Office 2014-10-07 15:40 Microsoft SDKs 2014-01-14 19:32 Microsoft Silverlight 2013-12-23 23:17 Microsoft Visual Studio 2014-10-07 15:47 Microsoft Visual Studio 11.0 2013-12-23 23:18 Microsoft Works 2013-12-23 23:17 Microsoft.NET 2015-01-26 23:13 Mozilla Firefox 2015-01-27 13:41 Mozilla Maintenance Service 2009-07-14 06:32 MSBuild 2014-10-07 16:55 NVIDIA Corporation 2015-02-09 16:48 Origin 2014-12-16 13:28 Origin Games 2014-07-09 09:54 PC Connectivity Solution 2014-01-06 14:04 PlayReady 2014-01-05 23:06 Real Alternative 2013-12-23 14:58 Realtek 2009-07-14 06:32 Reference Assemblies 2013-12-23 14:58 Temp 2009-07-14 05:57 Uninstall Information 2015-01-21 21:07 VVaudix 2009-07-14 18:55 Windows Defender 2009-07-14 18:55 Windows Mail 2009-07-14 18:55 Windows Media Player 2009-07-14 06:32 Windows NT 2009-07-14 18:55 Windows Photo Viewer 2009-07-14 06:32 Windows Portable Devices 2009-07-14 18:55 Windows Sidebar 2013-12-23 16:31 XFASTUSB 2015-02-05 17:31 Youtube Downloader HD 1 plik(¢w) 174 bajt¢w 53 katalog(¢w) 100ÿ747ÿ517ÿ952 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Program Files\Common Files 2013-12-23 15:11 . 2013-12-23 15:11 .. 2014-10-06 18:25 Microsoft Shared 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2009-07-14 18:55 System 0 plik(¢w) 0 bajt¢w 6 katalog(¢w) 100ÿ747ÿ513ÿ856 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Program Files (x86)\Common Files 2015-02-09 18:32 . 2015-02-09 18:32 .. 2015-02-09 18:28 Adobe 2013-12-23 15:00 Adobe AIR 2015-02-09 18:25 Config 2013-12-23 23:17 DESIGNER 2014-12-19 01:32 EAInstaller 2013-12-23 14:57 InstallShield 2014-03-05 19:16 LightScribe 2013-12-23 23:18 microsoft shared 2014-03-05 19:19 Nero 2014-02-03 16:41 Protexis 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2009-07-14 18:55 System 0 plik(¢w) 0 bajt¢w 15 katalog(¢w) 100ÿ747ÿ513ÿ856 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\ProgramData 2015-02-09 18:37 . 2015-02-09 18:37 .. 2015-02-09 18:28 Adobe 2009-07-14 06:08 Application Data [C:\ProgramData] 2014-11-06 20:12 AVG Security Toolbar 2014-12-11 11:19 Avg_Update_1214tb 2013-12-23 14:59 cFos 2013-12-23 16:23 Common Files 2014-02-03 16:41 Corel 2013-12-23 15:02 CyberLink 2013-12-23 23:09 DAEMON Tools Lite 2013-12-23 14:52 Dane aplikacji [C:\ProgramData] 2014-03-07 19:55 DatacardService 2009-07-14 06:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 06:08 Documents [C:\Users\Public\Documents] 2013-12-23 14:52 Dokumenty [C:\Users\Public\Documents] 2014-12-19 09:21 Electronic Arts 2009-07-14 06:08 Favorites [C:\Users\Public\Favorites] 2013-12-23 14:59 FNET 2014-01-02 11:24 Gadu-Gadu 10 2014-12-16 21:30 IHProtectUpDate 2014-07-09 09:53 Installations 2015-01-08 23:32 ipla 2014-03-05 19:20 LightScribe 2013-12-24 00:16 Logs 2014-02-16 16:53 LogSys 2013-12-23 14:52 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-02-09 18:31 MFAData 2014-01-06 14:04 Microsoft 2014-01-28 15:49 Microsoft Help 2013-12-23 16:53 Mozilla 2014-03-05 19:17 Nero 2015-01-02 13:51 Norton 2013-12-23 15:02 NortonInstaller 2014-10-11 18:49 1ÿ434 ntuser.pol 2015-02-09 18:33 NVIDIA 2014-10-07 16:55 NVIDIA Corporation 2014-11-08 19:12 OpenFM 2014-09-21 09:20 Oracle 2014-06-30 17:07 Orbit 2015-02-09 16:48 Origin 2014-10-07 15:42 Package Cache 2014-07-09 09:58 PC Suite 2014-03-07 19:13 PLAY ONLINE 2014-02-03 16:41 Protexis 2013-12-23 14:52 Pulpit [C:\Users\Public\Desktop] 2014-01-06 13:56 RDRM 2014-01-05 23:06 Real 2014-02-19 22:00 SAMSUNG 2013-12-24 00:19 SecuROM 2009-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-06-30 17:07 Steam 2014-06-21 08:18 Sun 2013-12-23 14:52 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2013-12-23 15:01 Temp 2009-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2013-12-23 14:52 Ulubione [C:\Users\Public\Favorites] 1 plik(¢w) 1ÿ434 bajt¢w 56 katalog(¢w) 100ÿ747ÿ509ÿ760 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Tomek\AppData\Local ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Users\Tomek\AppData\Local 2015-02-09 18:37 . 2015-02-09 18:37 .. 2015-02-09 18:28 Adobe 2014-01-13 19:09 cache 2013-12-23 14:59 cFos 2014-02-03 16:41 Corel PaintShop Pro 2015-02-09 18:29 CrashDumps 2014-02-02 19:21 CrashRpt 2013-12-23 15:02 Cyberlink 2013-12-23 14:52 Dane aplikacji [C:\Users\Tomek\AppData\Local] 2014-02-03 16:41 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-09 08:42 Diagnostics 2014-01-26 13:58 ElevatedDiagnostics 2014-12-19 09:20 ESN 2014-07-13 12:33 Facebook 2014-02-02 12:19 108ÿ872 GDIPFONTCACHEV1.DAT 2014-01-30 23:17 GHISLER 2013-12-23 14:52 Historia [C:\Users\Tomek\AppData\Local\Microsoft\Windows\History] 2015-02-09 18:33 7ÿ341ÿ910 IconCache.db 2014-12-31 21:36 id Software 2014-02-03 11:38 Lollipop 2013-12-23 18:23 Macromedia 2014-11-23 20:51 Microsoft 2014-01-29 19:31 Microsoft Games 2014-08-24 16:57 Microsoft Help 2013-12-23 16:54 Mozilla 2015-01-02 13:52 NPE 2014-02-19 12:01 NVIDIA 2014-10-07 16:56 NVIDIA Corporation 2014-12-06 15:16 OpenFM 2014-12-17 10:28 Origin 2013-12-23 18:43 Programs 2014-12-19 09:23 PunkBuster 2014-01-05 23:06 Real 2013-12-31 18:56 7ÿ598 Resmon.ResmonCfg 2013-12-27 09:52 Rockstar Games 2014-02-19 22:00 SAMSUNG 2014-02-03 10:02 SwvUpdater 2015-02-09 18:37 Temp 2013-12-23 14:52 Temporary Internet Files [C:\Users\Tomek\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2014-02-22 21:17 Unity 2014-02-23 16:38 VirtualStore 4 plik(¢w) 7ÿ461ÿ964 bajt¢w 38 katalog(¢w) 100ÿ747ÿ509ÿ760 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Tomek\AppData\LocalLow ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Users\Tomek\AppData\LocalLow 2015-02-09 18:29 . 2015-02-09 18:29 .. 2014-10-09 16:36 Adobe 2014-12-31 21:36 id Software 2014-01-14 19:32 Microsoft 2013-12-23 16:20 Sun 2014-11-13 09:13 Unity 0 plik(¢w) 0 bajt¢w 7 katalog(¢w) 100ÿ747ÿ509ÿ760 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Tomek\AppData\Roaming ========= Wolumin w stacji C to SYSTEM Numer seryjny woluminu: 9217-B728 Katalog: C:\Users\Tomek\AppData\Roaming 2015-02-09 18:31 . 2015-02-09 18:31 .. 2015-01-03 17:11 2K Sports 2014-12-05 15:45 Adobe 2014-02-16 16:53 Blueberry 2014-02-03 16:41 Corel 2014-02-18 21:19 Crystal Player 2013-12-23 23:09 DAEMON Tools Lite 2014-10-11 14:34 deskPDF 2014-10-10 18:48 deskPDF Editor 2014-12-06 15:18 Gadu-Gadu 10 2014-01-30 23:02 GHISLER 2014-12-16 21:27 GoforFiles 2013-12-23 16:20 GRETECH 2013-12-23 14:52 Identities 2015-01-13 16:47 ipla 2014-01-02 10:47 iSafe 2014-02-16 16:53 LogSys 2013-12-23 15:00 Macromedia 2009-07-14 19:09 Media Center Programs 2014-12-16 17:09 Microsoft 2013-12-23 16:54 Mozilla 2014-11-29 09:42 Nero 2014-07-09 09:58 Nokia 2014-07-13 12:34 NVIDIA 2014-12-06 15:16 OpenFM 2014-09-21 09:21 Oracle 2014-12-16 13:55 Origin 2014-07-09 09:55 PC Suite 2014-01-05 23:06 Real 2014-03-09 21:57 SAMSUNG 2013-12-31 17:04 SecuROM 2014-02-01 12:59 SourceTec 2014-01-23 17:20 TuneUp Software 2014-02-03 16:41 Ulead Systems 2015-02-09 18:34 uTorrent 2013-12-23 17:00 WinRAR 2014-02-05 09:42 Youtube Downloader HD 0 plik(¢w) 0 bajt¢w 38 katalog(¢w) 100ÿ747ÿ505ÿ664 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 5 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:38:34 ====