Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Mariusz at 2015-07-24 10:20:45 Run:2
Running from C:\Users\OEM\Desktop
Loaded Profiles: Mariusz (Available Profiles: Mariusz & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://zivlingamer.org&& exit 
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f
Reg: reg delete HKU\S-1-5-21-2817337505-1868514402-3568713921-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /vNextLive /f
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
HKLM-x32\...\Run: [LManager] => [X]
HKU\S-1-5-21-2817337505-1868514402-3568713921-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe"
C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
C:\WINDOWS\Minidump\*.dmp
C:\Users\OEM\AppData\Roaming\b6205f20.dat
CustomCLSID: HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> D:\AUTOCAD14\AutoCAD 2014\acad.exe No File
CustomCLSID: HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> D:\AUTOCAD14\AutoCAD 2014\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> D:\AUTOCAD14\AutoCAD 2014\acad.exe /Automation No File
Task: {17413630-87A8-4E84-80EC-15AEC88580E5} - System32\Tasks\{9690880B-A15B-400E-8CBE-368E89D53E24} => pcalua.exe -a I:\Launch.exe -d I:\
Task: {2A72E292-A4D9-4644-842E-21F60CF0EEDF} - System32\Tasks\Origin => C:\Users\OEM\AppData\Roaming\Origin\update.vbe <==== ATTENTION
C:\Users\OEM\AppData\Roaming\Origin\update.vbe
Task: {2E99D693-E2F9-48DB-B98E-5817D7D1BF7E} - System32\Tasks\{0B2401C6-6370-4BD0-B997-3F76EFCB25C0} => pcalua.exe -a H:\MafiaSetup.exe -d H:\
Task: {477E8250-9A3B-4BA7-80B5-46CD87FF7B4B} - System32\Tasks\{11139A47-6622-4D38-9FB5-0BD4C8F4BEF6} => pcalua.exe -a H:\MafiaGame\MafiaSetup.exe -d H:\MafiaGame
Task: {7660EEEE-09C3-41E7-8311-E03030107A51} - System32\Tasks\{CAF5CF4D-E6F8-4C34-BB75-98874D6592ED} => pcalua.exe -a "C:\Program Files (x86)\FK_Monitor\service.exe" -c /U
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CMD => value not found.

========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKU\S-1-5-21-2817337505-1868514402-3568713921-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /vNextLive /f =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKU\S-1-5-21-2817337505-1868514402-3568713921-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value not found.
"C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe" => File/Folder not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adwcleaner_4.204.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AnVir.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AutoLogger.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avz.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CCleaner64.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST64.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HiJackThis.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regedit.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RegWorks.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSIT.exe => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSITx64.exe => key not found. 
"C:\WINDOWS\Minidump\*.dmp" => File/Folder not found.
C:\Users\OEM\AppData\Roaming\b6205f20.dat => moved successfully.
HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB} => key not found. 
HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1} => key not found. 
HKU\S-1-5-21-2817337505-1868514402-3568713921-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17413630-87A8-4E84-80EC-15AEC88580E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17413630-87A8-4E84-80EC-15AEC88580E5}" => key removed successfully
C:\Windows\System32\Tasks\{9690880B-A15B-400E-8CBE-368E89D53E24} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9690880B-A15B-400E-8CBE-368E89D53E24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A72E292-A4D9-4644-842E-21F60CF0EEDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A72E292-A4D9-4644-842E-21F60CF0EEDF}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"C:\Users\OEM\AppData\Roaming\Origin\update.vbe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E99D693-E2F9-48DB-B98E-5817D7D1BF7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E99D693-E2F9-48DB-B98E-5817D7D1BF7E}" => key removed successfully
C:\Windows\System32\Tasks\{0B2401C6-6370-4BD0-B997-3F76EFCB25C0} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B2401C6-6370-4BD0-B997-3F76EFCB25C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{477E8250-9A3B-4BA7-80B5-46CD87FF7B4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{477E8250-9A3B-4BA7-80B5-46CD87FF7B4B}" => key removed successfully
C:\Windows\System32\Tasks\{11139A47-6622-4D38-9FB5-0BD4C8F4BEF6} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11139A47-6622-4D38-9FB5-0BD4C8F4BEF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7660EEEE-09C3-41E7-8311-E03030107A51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7660EEEE-09C3-41E7-8311-E03030107A51}" => key removed successfully
C:\Windows\System32\Tasks\{CAF5CF4D-E6F8-4C34-BB75-98874D6592ED} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAF5CF4D-E6F8-4C34-BB75-98874D6592ED}" => key removed successfully
EmptyTemp: => 734.9 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 10:21:05 ====