Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Piter at 2015-05-27 22:16:04 Run:1 Running from C:\Users\Piter\Desktop Loaded Profiles: Piter (Available Profiles: Piter) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {420F8883-31F8-4B1D-BBE1-C3FAF1D267C2} - System32\Tasks\Update\taskhost => C:\Users\Piter\AppData\Local\Temp\taskhost.exe <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3725198157-3711145802-2932217680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3725198157-3711145802-2932217680-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44364275.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44364275.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKU\S-1-5-21-3725198157-3711145802-2932217680-1000_Classes\CLSID\{AE021FCC-750B-CDC1-A5FA-E4D4D250DC1D} /s CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Piter\AppData\Local CMD: dir /a C:\Users\Piter\AppData\LocalLow CMD: dir /a C:\Users\Piter\AppData\Roaming CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420F8883-31F8-4B1D-BBE1-C3FAF1D267C2}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420F8883-31F8-4B1D-BBE1-C3FAF1D267C2}" => key Removed successfully C:\Windows\System32\Tasks\Update\taskhost => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\taskhost" => key Removed successfully "HKLM\SOFTWARE\Policies\Google" => key Removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully "HKU\S-1-5-21-3725198157-3711145802-2932217680-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully HKU\S-1-5-21-3725198157-3711145802-2932217680-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\44364275.sys" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\44364275.sys" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => key Removed successfully catchme => Service Removed successfully nvvad_WaveExtensible => Service Removed successfully VGPU => Service Removed successfully ========= reg delete HKCU\Software\Google /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= reg query HKU\S-1-5-21-3725198157-3711145802-2932217680-1000_Classes\CLSID\{AE021FCC-750B-CDC1-A5FA-E4D4D250DC1D} /s ========= HKEY_USERS\S-1-5-21-3725198157-3711145802-2932217680-1000_Classes\CLSID\{AE021FCC-750B-CDC1-A5FA-E4D4D250DC1D} (domyÅ›lny) REG_SZ CJLxxEVAEExCCVEEuErEVIQVEELCQmLEBAExBa HKEY_USERS\S-1-5-21-3725198157-3711145802-2932217680-1000_Classes\CLSID\{AE021FCC-750B-CDC1-A5FA-E4D4D250DC1D}\InprocServer32 (domyÅ›lny) REG_SZ ole32.dll HKEY_USERS\S-1-5-21-3725198157-3711145802-2932217680-1000_Classes\CLSID\{AE021FCC-750B-CDC1-A5FA-E4D4D250DC1D}\Version (domyÅ›lny) REG_SZ 1 ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Program Files 2015-05-18 22:09 . 2015-05-18 22:09 .. 2015-02-09 23:36 CCleaner 2015-04-04 00:45 Common Files 2009-07-14 06:54 174 desktop.ini 2015-02-09 22:58 DIFX 2011-04-12 15:32 DVD Maker 2015-05-18 22:10 GIMP 2 2015-02-18 23:38 HP 2015-02-09 23:32 Intel 2015-02-18 12:36 Internet Explorer 2015-04-04 01:07 KMSpico 2015-04-04 00:41 Microsoft Analysis Services 2011-04-12 15:32 Microsoft Games 2015-05-11 22:19 Microsoft Office 2015-02-10 01:10 Microsoft Silverlight 2015-04-04 00:45 Microsoft SQL Server 2015-04-20 01:32 Microsoft SQL Server Compact Edition 2015-04-20 01:32 Microsoft Synchronization Services 2015-04-04 00:45 Microsoft.NET 2009-07-14 07:32 MSBuild 2015-04-29 16:40 NVIDIA Corporation 2015-02-09 23:03 Realtek 2009-07-14 07:32 Reference Assemblies 2015-04-22 19:50 Rockstar Games 2015-05-21 10:48 SAMSUNG 2015-02-09 23:05 Synaptics 2015-04-29 16:27 TOSHIBA 2015-02-09 22:51 TOSHIBA CORPORATION 2009-07-14 07:09 Uninstall Information 2015-02-13 19:10 Windows Defender 2015-02-13 19:10 Windows Journal 2011-04-12 15:21 Windows Mail 2015-02-18 12:36 Windows Media Player 2015-02-09 22:41 Windows NT 2011-04-12 15:21 Windows Photo Viewer 2010-11-21 05:31 Windows Portable Devices 2011-04-12 15:21 Windows Sidebar 2015-02-09 23:43 WinRAR 1 plik(ów) 174 bajtów 38 katalog(ów) 57 861 017 600 bajtów wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Program Files (x86) 2015-05-09 11:13 . 2015-05-09 11:13 .. 2015-03-04 17:14 ABBYY FineReader 11 2015-02-09 23:44 Adobe 2015-02-09 23:41 AGEIA Technologies 2015-03-02 21:35 Anki 2015-02-09 23:17 Atheros 2015-02-09 23:01 Cisco 2015-05-26 17:46 Common Files 2015-02-10 00:26 DAEMON Tools Lite 2009-07-14 06:54 174 desktop.ini 2015-04-29 16:54 Driver Cleaner 2015-04-19 17:47 Geeks3D 2015-03-16 18:35 Google 2015-02-18 23:43 HP 2015-04-29 16:23 InstallShield Installation Information 2015-02-09 23:04 Intel 2015-02-18 12:36 Internet Explorer 2015-02-21 12:14 ipla 2015-03-29 00:07 Java 2015-02-09 22:52 JMicron 2015-02-09 23:47 K-Lite Codec Pack 2015-04-04 00:41 Microsoft Analysis Services 2015-05-11 22:13 Microsoft Office 2015-02-10 01:10 Microsoft Silverlight 2015-04-04 00:45 Microsoft SQL Server 2015-04-20 01:32 Microsoft SQL Server Compact Edition 2015-04-20 01:32 Microsoft Synchronization Services 2015-04-04 00:45 Microsoft.NET 2015-04-07 19:53 Mozilla Firefox 2015-04-08 15:44 Mozilla Maintenance Service 2009-07-14 07:32 MSBuild 2015-04-22 19:57 MSI Afterburner 2015-02-21 12:04 Nero 2015-04-04 00:10 Norton Internet Security 2015-04-04 00:32 NortonInstaller 2015-04-29 16:40 NVIDIA Corporation 2015-04-19 18:00 OCCTPT 2015-03-03 23:22 PIT Projekt 2014 2015-03-16 18:36 PLAY ONLINE 2015-02-21 12:22 PlayReady 2015-05-09 11:13 Pony World 3 2015-02-09 23:03 Realtek 2015-02-09 23:21 REALTEK PCIE Wireless LAN Driver 2009-07-14 07:32 Reference Assemblies 2015-02-21 00:58 Renesas Electronics 2015-04-20 00:57 RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2015-04-22 19:50 Rockstar Games 2015-04-22 16:05 Samsung 2015-04-15 18:58 Skype 2015-02-10 00:57 Sunrise Seven 2015-02-21 15:35 TeamViewer 2015-02-09 23:04 Temp 2015-04-29 16:27 TOSHIBA 2015-04-29 15:36 UEFI WinFlash 2009-07-14 06:57 Uninstall Information 2015-02-27 10:55 uTorrent 2015-02-09 23:42 VideoLAN 2015-02-13 19:10 Windows Defender 2011-04-12 15:21 Windows Mail 2015-02-20 23:54 Windows Media Player 2009-07-14 07:32 Windows NT 2011-04-12 15:21 Windows Photo Viewer 2010-11-21 05:31 Windows Portable Devices 2011-04-12 15:21 Windows Sidebar 1 plik(ów) 174 bajtów 64 katalog(ów) 57 861 013 504 bajtów wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Program Files\Common Files 2015-04-04 00:45 . 2015-04-04 00:45 .. 2015-05-11 22:20 DESIGNER 2015-05-11 22:19 Microsoft Shared 2009-07-14 05:20 Services 2009-07-14 05:20 SpeechEngines 2015-04-04 00:11 Symantec Shared 2012-05-20 20:43 System 0 plik(ów) 0 bajtów 8 katalog(ów) 57 861 017 600 bajtów wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Program Files (x86)\Common Files 2015-05-26 17:46 . 2015-05-26 17:46 .. 2015-03-04 17:12 ABBYY 2015-02-09 23:44 Adobe 2015-02-18 23:40 Hewlett-Packard 2015-02-18 23:40 HP 2015-02-09 23:03 InstallShield 2015-03-29 00:08 Java 2015-05-11 22:16 microsoft shared 2015-02-21 12:04 Nero 2015-02-09 22:57 postureAgent 2009-07-14 05:20 Services 2015-02-10 22:42 Skype 2009-07-14 05:20 SpeechEngines 2015-04-08 20:09 Symantec Shared 2012-05-20 20:43 System 0 plik(ów) 0 bajtów 16 katalog(ów) 57 861 017 600 bajtów wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\ProgramData 2015-05-26 18:27 . 2015-05-26 18:27 .. 2015-03-04 17:11 ABBYY 2015-02-13 00:48 Adobe 2009-07-14 07:08 Application Data [C:\ProgramData] 2015-02-09 23:17 Atheros 2015-02-10 00:08 DAEMON Tools Lite 2015-02-09 22:41 Dane aplikacji [C:\ProgramData] 2009-07-14 07:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 07:08 Documents [C:\Users\Public\Documents] 2015-02-09 22:41 Dokumenty [C:\Users\Public\Documents] 2015-02-21 00:57 Downloaded Installations 2015-02-10 23:39 EPSON 2009-07-14 07:08 Favorites [C:\Users\Public\Favorites] 2015-02-18 23:45 Hewlett-Packard 2015-02-18 23:48 HP 2015-02-18 23:42 HP Product Assistant 2015-03-05 23:34 1 787 hpzinstall.log 2015-02-21 15:43 ipla 2015-03-16 22:00 Kaspersky Lab 2015-02-09 22:41 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-04-29 16:52 Microsoft 2015-05-11 22:22 Microsoft Help 2015-02-10 00:30 Mozilla 2015-02-21 12:04 Nero 2015-04-04 00:10 Norton 2015-02-09 23:48 NortonInstaller 2015-03-16 18:42 262 144 ntuser.dat 2015-03-16 22:00 5 120 ntuser.dat.LOG1 2015-03-16 18:42 0 ntuser.dat.LOG2 2015-03-16 18:42 65 536 ntuser.dat{667141c5-cb40-11e4-8dc9-88ae1d59af13}.TM.blf 2015-03-16 18:42 524 288 ntuser.dat{667141c5-cb40-11e4-8dc9-88ae1d59af13}.TMContainer00000000000000000001.regtrans-ms 2015-03-16 18:42 524 288 ntuser.dat{667141c5-cb40-11e4-8dc9-88ae1d59af13}.TMContainer00000000000000000002.regtrans-ms 2015-03-16 18:42 65 536 ntuser.dat{667141dc-cb40-11e4-8dc9-88ae1d59af13}.TM.blf 2015-03-16 18:42 524 288 ntuser.dat{667141dc-cb40-11e4-8dc9-88ae1d59af13}.TMContainer00000000000000000001.regtrans-ms 2015-03-16 18:42 524 288 ntuser.dat{667141dc-cb40-11e4-8dc9-88ae1d59af13}.TMContainer00000000000000000002.regtrans-ms 2015-04-29 17:02 NVIDIA 2015-04-29 16:40 NVIDIA Corporation 2015-03-29 00:08 Oracle 2015-03-01 13:33 PIT Projekt 2014 2015-02-09 22:41 Pulpit [C:\Users\Public\Desktop] 2015-02-21 12:14 RDRM 2015-04-04 00:45 regid.1991-06.com.microsoft 2015-04-22 16:05 Samsung 2015-04-15 18:58 Skype 2009-07-14 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-02-10 01:14 Sun 2015-02-09 22:41 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2015-02-09 22:53 Toshiba 2015-02-09 22:41 Ulubione [C:\Users\Public\Favorites] 2015-02-09 22:57 vista32 2015-02-09 22:57 vista64 2015-02-18 23:46 WEBREG 2015-02-09 23:07 win7_32 2015-02-09 23:07 win7_64 2015-02-09 22:57 xp 10 plik(ów) 2 497 275 bajtów 47 katalog(ów) 57 861 013 504 bajtów wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Piter\AppData\Local ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Users\Piter\AppData\Local 2015-05-18 23:47 . 2015-05-18 23:47 .. 2015-03-04 17:11 ABBYY 2015-05-27 21:30 Adobe 2015-04-29 16:33 CrashDumps 2015-02-09 22:41 Dane aplikacji [C:\Users\Piter\AppData\Local] 2015-03-06 00:03 Downloaded Installations 2015-04-09 01:29 ElevatedDiagnostics 2015-03-01 17:01 EmieBrowserModeList 2015-03-01 17:01 EmieSiteList 2015-03-01 17:01 EmieUserList 2015-03-03 23:22 fontconfig 2015-04-04 01:07 111 904 GDIPFONTCACHEV1.DAT 2015-03-03 23:22 gegl-0.2 2015-03-16 18:35 Google 2015-03-14 12:38 gtk-2.0 2015-02-09 22:41 Historia [C:\Users\Piter\AppData\Local\Microsoft\Windows\History] 2015-02-19 00:06 HP 2015-05-27 21:57 3 073 892 IconCache.db 2015-02-10 00:38 Macromedia 2015-04-29 16:52 Microsoft 2015-02-10 00:27 Microsoft Help 2015-02-10 00:31 Mozilla 2015-04-29 16:40 NVIDIA 2015-04-29 16:39 NVIDIA Corporation 2015-04-19 18:03 OCCT_-_Ocbase_-_Adrien_Me 2015-02-09 23:41 Programs 2015-03-28 14:21 PunkBuster 2015-05-18 23:47 23 725 recently-used.xbel 2015-04-09 16:49 Rockstar Games 2015-04-20 22:02 Samsung 2015-02-10 22:42 Skype 2015-05-27 22:17 Temp 2015-02-09 22:41 Temporary Internet Files [C:\Users\Piter\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2015-02-09 22:53 Toshiba 2015-03-01 13:44 3 179 unins000.dat 2015-03-01 13:44 11 761 unins000.msg 2015-02-09 22:42 VirtualStore 5 plik(ów) 3 224 461 bajtów 33 katalog(ów) 57 861 009 408 bajtów wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Piter\AppData\LocalLow ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Users\Piter\AppData\LocalLow 2015-05-09 11:15 . 2015-05-09 11:15 .. 2015-02-11 21:32 Adobe 2015-02-10 01:11 Microsoft 2015-02-10 01:11 Sun 0 plik(ów) 0 bajtów 5 katalog(ów) 57 861 009 408 bajtów wolnych ========= End of CMD: ========= ========= dir /a C:\Users\Piter\AppData\Roaming ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 800D-BE44 Katalog: C:\Users\Piter\AppData\Roaming 2015-05-12 19:14 . 2015-05-12 19:14 .. 2015-03-04 17:16 ABBYY 2015-03-01 16:57 Adobe 2015-05-11 22:10 DAEMON Tools Lite 2015-02-19 00:06 HP 2015-02-09 22:50 InstallShield 2015-02-09 23:32 Intel 2015-02-21 15:18 ipla 2015-02-10 00:38 Macromedia 2015-04-20 22:17 Microsoft 2015-02-10 00:31 Mozilla 2015-02-21 12:05 Nero 2015-05-06 22:07 NVIDIA 2015-04-22 16:05 Samsung 2015-05-13 23:27 Skype 2015-04-29 16:35 TeamViewer 2015-04-29 15:48 toshiba 2015-05-26 17:39 uTorrent 2015-05-02 01:48 vlc 2015-02-10 23:37 WinRAR 0 plik(ów) 0 bajtów 21 katalog(ów) 57 861 009 408 bajtów wolnych ========= End of CMD: ========= ========= findstr /c:"[SR]" %windir%\logs\cbs\cbs.log ========= ========= End of CMD: ========= EmptyTemp: => Removed 462.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:19:02 ====