Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2014 02 Ran by ViVeg77 at 2014-12-12 23:19:27 Run:1 Running from C:\Users\ViVeg77\Downloads Loaded Profile: ViVeg77 (Available profiles: ViVeg77) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [52880 2014-08-11] (StdLib) R2 UniversalUpdater; C:\Program Files\0ca45c95134d\cf3e08d747e4.exe [653888 2014-11-05] () S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] IFEO\chrome.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe" IFEO\tvsu.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe" IFEO\tvsukernel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe" BootExecute: autocheck autochk * Task: {398DD4EA-7A00-4F53-A2F1-B0EE0F2FD5B0} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {53ED3A31-D5D7-47BE-9EC2-855FE837C7EE} - System32\Tasks\{130A3D9C-D3F2-472E-AB60-2197694C02A8} => pcalua.exe -a C:\Users\ViVeg77\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=slbnew Task: {689D163D-1EB5-4F57-9335-D4B63650AA77} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: {A9C3E22F-EAE5-4A4F-8986-CFF5D541E813} - System32\Tasks\{AD61421D-9408-488F-9AD2-896DF0943434} => pcalua.exe -a "C:\Users\ViVeg77\Downloads\uninstall (1).exe" -d C:\Users\ViVeg77\Downloads Task: {B7C802BC-099A-4228-AB8E-86B2A310277E} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe Task: {BBB52CC3-8316-4884-A3DF-91AAEFC2D683} - System32\Tasks\{5CB78F99-D37F-44B9-B8F7-D7213BF68A7B} => pcalua.exe -a C:\Ross-Tech\VCDS\VCDSA.exe -d C:\Ross-Tech\VCDS\ Task: {FE4DEB9F-D076-4E3E-A84B-A462438E0528} - System32\Tasks\{115E2B5C-19D7-476A-A398-84F33C78248C} => C:\Program Files\The KMPlayer\KMPlayer.exe HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\...\RunOnce: [Adobe Speed Launcher] => 1418411320 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1415350141&from=slbnew&uid=HITACHIXHTS723232A7A364_E3834563GJU12NGJU12NX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1415350141&from=slbnew&uid=HITACHIXHTS723232A7A364_E3834563GJU12NGJU12NX&q={searchTerms} SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzyyDyEtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0B0AtA0FyBtDtGzzyD0CtBtGzyyDyCyDtGtBtD0A0BtGyE0Czy0F0D0FtB0E0B0FyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0BzztCyEtDtGtCtC0FyCtG0CyE0F0AtG0CtC0CtAtGyCyBtC0ByByDtAyCtBtAyC0B2Q&cr=1311317102&ir= SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0F0B0A0Azz0FtG0FyE0BzztGzyyCtC0CtGzy0DtBtAtGtB0EyB0EzyyD0D0DzyzyyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyDzz0EtAtB0DtGyB0E0F0FtGyE0BtB0FtG0ByEyB0CtG0FtA0FtCtA0C0DyE0BtCzyyB2Q&cr=552600740&ir= SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzzzztDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzyyC0AyD0BtA0CtG0CzztDyDtGzz0DtD0DtG0B0F0EtCtGtA0C0FyEzytAtDtB0FtCyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0BzztCyEtDtGtCtC0FyCtG0CyE0F0AtG0CtC0CtAtGyCyBtC0ByByDtAyCtBtAyC0B2Q&cr=1994925878&ir= SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzyyDyEtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0B0AtA0FyBtDtGzzyD0CtBtGzyyDyCyDtGtBtD0A0BtGyE0Czy0F0D0FtB0E0B0FyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0BzztCyEtDtGtCtC0FyCtG0CyE0F0AtG0CtC0CtAtGyCyBtC0ByByDtAyCtBtAyC0B2Q&cr=1311317102&ir= SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzyyDyEtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0B0AtA0FyBtDtGzzyD0CtBtGzyyDyCyDtGtBtD0A0BtGyE0Czy0F0D0FtB0E0B0FyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0BzztCyEtDtGtCtC0FyCtG0CyE0F0AtG0CtC0CtAtGyCyBtC0ByByDtAyCtBtAyC0B2Q&cr=1311317102&ir= SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzy0F0B0A0Azz0FtG0FyE0BzztGzyyCtC0CtGzy0DtBtAtGtB0EyB0EzyyD0D0DzyzyyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyDzz0EtAtB0DtGyB0E0F0FtGyE0BtB0FtG0ByEyB0CtG0FtA0FtCtA0C0DyE0BtCzyyB2Q&cr=552600740&ir= SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCyEtCyCzyyDtDtD0E0BtAtN0D0Tzu0SzzzztDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzyyC0AyD0BtA0CtG0CzztDyDtGzz0DtD0DtG0B0F0EtCtGtA0C0FyEzytAtDtB0FtCyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0BzztCyEtDtGtCtC0FyCtG0CyE0F0AtG0CtC0CtAtGyCyBtC0ByByDtAyCtBtAyC0B2Q&cr=1994925878&ir= SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {95204CBC-45A2-4711-A284-66AACCE5EDAE} URL = https://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} SearchScopes: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={30121728-272F-4168-9004-63068345FF31}&mid=505879c781ed47d29cbd59d6bc0ac4fb-ff0c4c83824c79a26dedff1454cf2ba86c85c5bd&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-11-06 19:18:04&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms} Toolbar: HKU\S-1-5-21-1638586216-2184293915-2867409737-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File FF SearchPlugin: C:\Users\ViVeg77\AppData\Roaming\Mozilla\Firefox\Profiles\8n0uhhrr.default\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml C:\Program Files\0ca45c95134d C:\Program Files\f552dd4c52e3 C:\ProgramData\DSearchLink C:\Users\ViVeg77\AppData\Local\Mobogenie C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google\Chrome\Extensions /f Reg: reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BRS" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CrashMon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus CrashMon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\smoother" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WSE_Astromenda" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: dir /a "C:\Program Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\ViVeg77\AppData\Local CMD: dir /a C:\Users\ViVeg77\AppData\LocalLow CMD: dir /a C:\Users\ViVeg77\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw => Service stopped successfully. {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw => Service deleted successfully. UniversalUpdater => Service stopped successfully. UniversalUpdater => Service deleted successfully. VMnetAdapter => Service deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\chrome.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tvsu.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tvsukernel.exe" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{398DD4EA-7A00-4F53-A2F1-B0EE0F2FD5B0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398DD4EA-7A00-4F53-A2F1-B0EE0F2FD5B0}" => Key deleted successfully. C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53ED3A31-D5D7-47BE-9EC2-855FE837C7EE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53ED3A31-D5D7-47BE-9EC2-855FE837C7EE}" => Key deleted successfully. C:\Windows\System32\Tasks\{130A3D9C-D3F2-472E-AB60-2197694C02A8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{130A3D9C-D3F2-472E-AB60-2197694C02A8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{689D163D-1EB5-4F57-9335-D4B63650AA77}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{689D163D-1EB5-4F57-9335-D4B63650AA77}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9C3E22F-EAE5-4A4F-8986-CFF5D541E813}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9C3E22F-EAE5-4A4F-8986-CFF5D541E813}" => Key deleted successfully. C:\Windows\System32\Tasks\{AD61421D-9408-488F-9AD2-896DF0943434} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD61421D-9408-488F-9AD2-896DF0943434}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C802BC-099A-4228-AB8E-86B2A310277E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C802BC-099A-4228-AB8E-86B2A310277E}" => Key deleted successfully. C:\Windows\System32\Tasks\GU4SkipUAC => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU4SkipUAC" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBB52CC3-8316-4884-A3DF-91AAEFC2D683}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBB52CC3-8316-4884-A3DF-91AAEFC2D683}" => Key deleted successfully. C:\Windows\System32\Tasks\{5CB78F99-D37F-44B9-B8F7-D7213BF68A7B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CB78F99-D37F-44B9-B8F7-D7213BF68A7B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE4DEB9F-D076-4E3E-A84B-A462438E0528}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE4DEB9F-D076-4E3E-A84B-A462438E0528}" => Key deleted successfully. C:\Windows\System32\Tasks\{115E2B5C-19D7-476A-A398-84F33C78248C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{115E2B5C-19D7-476A-A398-84F33C78248C}" => Key deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully. "HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully. "HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key not found. HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully. "HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully. "HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key not found. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95204CBC-45A2-4711-A284-66AACCE5EDAE}" => Key deleted successfully. "HKCR\CLSID\{95204CBC-45A2-4711-A284-66AACCE5EDAE}" => Key not found. "HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. HKU\S-1-5-21-1638586216-2184293915-2867409737-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully. "HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found. "C:\Users\ViVeg77\AppData\Roaming\Mozilla\Firefox\Profiles\8n0uhhrr.default\searchplugins\avg-secure-search.xml" => not found. C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully. C:\Program Files\0ca45c95134d => Moved successfully. C:\Program Files\f552dd4c52e3 => Moved successfully. C:\ProgramData\DSearchLink => Moved successfully. C:\Users\ViVeg77\AppData\Local\Mobogenie => Moved successfully. C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google\Chrome\Extensions /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BRS" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CrashMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus CrashMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\smoother" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WSE_Astromenda" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 087F-0EB3 Katalog: C:\Program Files 2014-12-12 23:21 . 2014-12-12 23:21 .. 2014-09-20 13:35 7-Zip 2014-09-28 09:26 AAALOGO 2014-02-07 20:58 Adblock Plus for IE 2014-02-07 19:13 Adobe 2014-02-07 11:05 Alcohol Soft 2014-06-28 07:19 ALLPlayer 2014-02-09 11:07 Ashampoo 2014-10-20 05:09 AVG 2014-07-06 09:04 AVG SafeGuard toolbar 2014-12-12 23:11 AVG Web TuneUp 2014-10-05 19:37 Battlelog Web Plugins 2014-11-07 09:50 BlueStacks 2013-10-01 15:38 BurnAware Premium 2014-02-07 01:10 CCleaner 2014-02-11 20:07 CDisplay 2014-03-19 17:19 ChomikBox 2014-11-08 20:42 Cisco 2014-12-12 23:11 Common Files 2014-02-15 09:33 Comodo 2014-11-08 20:37 CONEXANT 2014-08-18 15:39 Corel 2009-07-14 05:41 174 desktop.ini 2014-09-07 09:22 Diagnose-BK 2014-09-27 07:47 DIFX 2014-12-12 17:03 Digital Line Detect 2014-02-07 03:00 DVD Maker 2014-02-07 10:57 ffdshow 2014-02-07 10:53 FinalWire 2014-05-29 21:15 FreeTime 2014-05-17 08:24 Glary Utilities 4 2014-12-12 19:33 Glary Utilities 5 2014-07-04 21:37 Google 2014-05-12 18:21 HP 2014-12-12 17:03 InstallShield Installation Information 2014-11-08 20:41 Intel 2014-02-12 00:39 Intelore 2014-12-10 03:22 Internet Explorer 2013-10-01 15:42 iSafe 2014-12-12 17:20 Lenovo 2014-04-27 18:23 Microsoft Office 2014-12-10 03:24 Microsoft Silverlight 2014-04-27 16:55 Microsoft Visual Studio 2014-04-27 16:58 Microsoft Works 2014-04-27 16:55 Microsoft.NET 2014-12-09 22:56 Mozilla Firefox 2014-12-11 21:58 Mozilla Maintenance Service 2014-02-07 00:28 MSBuild 2014-08-24 20:52 NapiProjekt 2014-12-12 17:02 NetWaiting 2014-11-02 23:19 NVIDIA Corporation 2014-11-07 15:13 Origin 2014-11-07 17:05 Origin Games 2014-05-30 20:38 Paltalk Messenger 2014-08-18 20:53 R.G. Mechanics 2014-02-07 00:28 Reference Assemblies 2014-05-16 21:05 Skype 2014-08-09 11:37 Sony 2014-08-18 20:54 Sony Mobile 2014-05-29 21:10 Speedial 2014-08-11 19:44 SpringPublisher 2014-02-07 00:09 Synaptics 2014-02-07 00:19 ThinkPad 2014-02-07 00:37 ThinkVantage 2014-02-17 21:09 TomTom International B.V 2009-07-14 05:53 Uninstall Information 2014-11-07 09:41 Universal Updater 2014-08-15 20:44 VideoLAN 2014-03-05 14:32 Western Digital 2014-03-05 15:01 Western Digital Corporation 2014-02-07 12:32 Windows Defender 2014-02-07 03:00 Windows Mail 2014-02-07 12:14 Windows Media Player 2014-02-06 23:09 Windows NT 2014-02-07 03:00 Windows Photo Viewer 2014-02-07 03:00 Windows Portable Devices 2014-02-07 19:09 Windows Sidebar 2014-02-07 09:28 WinRAR 1 plik(¢w) 174 bajt¢w 78 katalog(¢w) 44ÿ607ÿ520ÿ768 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 087F-0EB3 Katalog: C:\ProgramData 2014-12-12 23:21 . 2014-12-12 23:21 .. 2014-11-07 10:16 2308189059 2014-02-11 19:28 Adobe 2014-06-28 07:19 ALLPlayer 2014-02-08 16:05 57 Ament.ini 2009-07-14 05:53 Application Data [C:\ProgramData] 2013-10-01 15:38 Ashampoo 2014-04-21 19:36 AVG 2014-11-06 23:14 AVG Security Toolbar 2014-10-20 17:08 AVG2014 2014-11-23 11:03 AVG2015 2014-12-11 22:58 Avg_Update_1214tb 2014-11-07 09:50 BlueStacks 2014-11-07 09:56 BlueStacksSetup 2014-02-07 10:05 Common Files 2014-09-19 20:45 Corel 2014-08-18 15:43 CorelDRAW Graphics Suite X7 2014-02-06 23:09 Dane aplikacji [C:\ProgramData] 2009-07-14 05:53 Desktop [C:\Users\Public\Desktop] 2009-07-14 05:53 Documents [C:\Users\Public\Documents] 2014-02-06 23:09 Dokumenty [C:\Users\Public\Documents] 2014-05-30 05:51 EA Core 2014-11-07 15:13 EA Logs 2014-05-30 05:51 Electronic Arts 2014-10-05 12:49 EPSON 2009-07-14 05:53 Favorites [C:\Users\Public\Favorites] 2014-05-17 08:24 GlarySoft 2014-05-12 18:21 HP 2014-12-12 17:18 Intel 2014-08-11 19:44 Isolated Storage 2014-12-12 17:20 Lenovo 2014-10-27 22:19 McAfee 2014-02-06 23:09 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-12-12 16:08 MFAData 2014-12-10 03:01 Microsoft 2014-12-10 03:07 Microsoft Help 2014-05-29 21:06 Movavi 2014-10-14 19:34 Mozilla 2014-02-07 00:24 NVIDIA 2014-02-07 00:18 NVIDIA Corporation 2014-11-07 17:42 Origin 2014-11-08 20:43 Package Cache 2014-07-29 22:20 PopCap Games 2014-08-18 15:44 Protexis 2014-02-06 23:09 Pulpit [C:\Users\Public\Desktop] 2014-02-06 23:39 Roaming 2014-05-16 21:04 Skype 2014-08-09 11:37 Sony 2014-08-18 20:54 Sony Mobile 2009-07-14 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-02-06 23:09 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-02-07 19:12 TuneUp Software 2014-02-06 23:09 Ulubione [C:\Users\Public\Favorites] 2014-05-01 21:37 Visan 2014-09-07 09:09 VMware 2014-02-13 17:52 {01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-02-13 17:52 {FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 1 plik(¢w) 57 bajt¢w 58 katalog(¢w) 44ÿ607ÿ516ÿ672 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ViVeg77\AppData\Local ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 087F-0EB3 Katalog: C:\Users\ViVeg77\AppData\Local 2014-12-12 23:21 . 2014-12-12 23:21 .. 2014-10-27 22:22 Adobe 2014-02-06 23:49 Apps 2014-02-09 11:08 ashampoo 2014-10-20 05:08 Avg2015 2014-11-07 09:42 Bluestacks 2014-03-14 06:39 Broadcom 2014-11-08 20:38 BVRP Software 2014-02-24 10:20 cache 2014-12-12 22:40 ChomikBox 2014-02-15 09:33 Comodo 2014-02-06 23:11 Dane aplikacji [C:\Users\ViVeg77\AppData\Local] 2014-03-11 15:36 Diagnostics 2014-11-08 20:32 Downloaded Installations 2014-11-08 21:17 ElevatedDiagnostics 2014-11-15 12:47 EmieBrowserModeList 2014-04-27 16:34 EmieSiteList 2014-04-27 16:34 EmieUserList 2014-03-27 08:41 ESN 2014-08-18 16:03 134ÿ688 GDIPFONTCACHEV1.DAT 2014-07-04 18:11 genienext 2014-03-29 12:33 Google 2014-02-06 23:11 Historia [C:\Users\ViVeg77\AppData\Local\Microsoft\Windows\History] 2013-10-01 15:38 HP 2014-12-12 20:07 2ÿ639ÿ271 IconCache.db 2014-06-25 21:51 Lenovo 2014-11-08 21:13 LenovoReach 2014-02-17 09:46 Macromedia 2014-02-07 10:05 MFAData 2014-09-24 18:15 Microsoft 2014-04-27 16:53 Microsoft Help 2014-05-29 21:07 Movavi 2014-10-14 19:34 Mozilla 2014-11-02 02:31 Origin 2014-11-02 22:39 PopCap Games 2014-02-07 00:09 Programs 2014-05-30 20:41 PunkBuster 2014-05-16 21:05 Skype 2014-09-14 19:23 Sony 2014-06-28 06:54 StormFall 2014-12-12 23:21 Temp 2014-02-06 23:11 Temporary Internet Files [C:\Users\ViVeg77\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2014-02-20 08:14 TomTom 2014-02-07 15:11 Tvsukernel 2014-05-25 19:33 Unity 2014-11-22 16:37 Viber 2014-02-06 23:11 VirtualStore 2 plik(¢w) 2ÿ773ÿ959 bajt¢w 46 katalog(¢w) 44ÿ607ÿ516ÿ672 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ViVeg77\AppData\LocalLow ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 087F-0EB3 Katalog: C:\Users\ViVeg77\AppData\LocalLow 2014-12-12 23:10 . 2014-12-12 23:10 .. 2014-02-07 20:58 Adblock Plus for IE 2014-02-07 19:17 Adobe 2014-02-23 08:06 KMPlayer 2014-02-17 09:46 Microsoft 2014-02-07 21:19 Temp 2014-05-25 19:33 Unity 0 plik(¢w) 0 bajt¢w 8 katalog(¢w) 44ÿ607ÿ516ÿ672 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ViVeg77\AppData\Roaming ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 087F-0EB3 Katalog: C:\Users\ViVeg77\AppData\Roaming 2014-11-07 17:03 . 2014-11-07 17:03 .. 2014-02-07 19:17 Adobe 2014-02-09 11:08 Ashampoo 2014-02-13 17:47 AVG 2014-10-20 05:08 AVG2015 2014-06-28 06:31 BESTplayer 2014-07-06 19:33 519 burnaware.ini 2014-02-15 09:33 Comodo 2014-08-18 16:13 Corel 2014-11-07 15:48 dvdcss 2014-02-07 01:29 eCyber 2014-02-07 08:14 ESET 2014-05-17 08:24 GlarySoft 2014-02-24 10:06 GoforFiles 2014-08-25 17:34 HpUpdate 2014-02-06 23:11 Identities 2014-02-07 00:16 InstallShield 2014-02-06 23:39 Intel 2013-10-01 15:41 iSafe 2014-03-29 12:36 Lenovo 2014-02-06 23:47 Macromedia 2009-07-14 09:28 Media Center Programs 2014-09-24 18:15 Microsoft 2014-10-14 19:34 Mozilla 2014-02-16 09:30 NapiProjekt 2014-07-04 18:12 newnext.me 2014-11-07 07:31 NVIDIA 2014-02-07 19:07 OpenCandy 2014-05-30 20:40 Origin 2014-05-29 23:36 138ÿ056 PnkBstrK.sys 2014-02-06 23:42 PwrMgr 2014-02-07 19:07 rmi 2014-06-28 06:54 RocketUpdater 2014-10-11 21:19 Skype 2014-11-07 10:47 SmootherWeb 2014-08-11 21:24 SpringPublisher 2014-06-28 06:54 StormFall 2014-08-11 22:16 Systweak 2014-02-07 19:09 TuneUp Software 2014-05-25 19:33 Unity 2014-12-12 23:18 uTorrent 2014-11-22 16:37 ViberPC 2014-12-12 16:41 vlc 2014-09-07 09:03 VMware 2014-09-20 14:35 60 WB.CFG 2014-02-07 09:28 WinRAR 3 plik(¢w) 138ÿ635 bajt¢w 44 katalog(¢w) 44ÿ607ÿ512ÿ576 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 486.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====