Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Piotrek at 2015-01-24 12:47:44 Run:1 Running from C:\Users\Piotrek\Downloads Loaded Profiles: Piotrek (Available profiles: Piotrek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {04B578FB-6C1C-4A41-B1C9-6DCAB5DF1AB0} - System32\Tasks\{024B06CC-9D95-449F-87E7-E9EB4C4D8F7D} => msiexec.exe /package "C:\Users\Piotrek\Downloads\Windows Defender 1.1.1593.0 PL .msi" Task: {29094F0F-38A3-49DA-BC19-FA79E38CC45B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {2F175C2D-0D98-46EC-B3ED-50EAD4E3A286} - System32\Tasks\{A3205480-6B17-4F84-B31F-66365B9C92EA} => msiexec.exe /package "C:\Users\Piotrek\Downloads\Windows Defender 1.1.1593.0 PL .msi" Task: {536E7D1A-89B8-49D6-BD25-4A5BC37BE198} - System32\Tasks\{5E2A602B-0F31-4961-AFAE-A029D4FD2DFA} => msiexec.exe /package "C:\Users\Piotrek\Downloads\WindowsDefender(dobreprogramy.pl).msi" Task: {5516E73D-E346-4FAB-93F9-2739A2B5F09C} - System32\Tasks\Driver Booster SkipUAC (Piotrek) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {6DA73A18-D9B6-485C-AD21-BDC19157EE46} - System32\Tasks\{5C676BB8-A143-4A65-8D47-F92CD6FD8EC5} => msiexec.exe /package "C:\Users\Piotrek\Downloads\WindowsDefender(dobreprogramy.pl).msi" Task: {E9AA4610-4FD4-4045-AC0D-E6EDA0039ACD} - System32\Tasks\{1C89FACA-BF17-4C90-8389-872C16B8D186} => msiexec.exe /package "C:\Users\Piotrek\Desktop\Windows Defender 1.1.1593.0 PL .msi" Task: {EE521B9C-6E14-4EF2-89E6-D3A4584BBA7F} - System32\Tasks\{64EB8821-2CF0-4307-BEB4-6F8A26CD8960} => pcalua.exe -a C:\Users\Piotrek\Downloads\DC3Setup_33(dobreprogramy.pl)\setup.exe -d C:\Users\Piotrek\Downloads\DC3Setup_33(dobreprogramy.pl) BootExecute: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com C:\Program Files (x86)\Google C:\ProgramData\Freemake C:\ProgramData\install_clap C:\ProgramData\IObit C:\ProgramData\Temp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Home C:\Users\Piotrek\AppData\Local\Google C:\Users\Piotrek\AppData\Local\WorldofTanks C:\Users\Piotrek\AppData\Local\Zemana C:\Users\Piotrek\AppData\Roaming\snotebook 2.0.exe C:\Users\Piotrek\AppData\Roaming\16487 C:\Users\Piotrek\AppData\Roaming\Foxmail7 C:\Users\Piotrek\AppData\Roaming\gBurner C:\Users\Piotrek\AppData\Roaming\IObit C:\Users\Piotrek\AppData\Roaming\Tencent C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat!.LNK C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam C:\Users\Piotrek\Start Menu\Programs\SpyHunter C:\Windows\SysWOW64\ZALSDKCore.dll Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: dir /a C:\Users\Piotrek EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04B578FB-6C1C-4A41-B1C9-6DCAB5DF1AB0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04B578FB-6C1C-4A41-B1C9-6DCAB5DF1AB0}" => Key deleted successfully. C:\Windows\System32\Tasks\{024B06CC-9D95-449F-87E7-E9EB4C4D8F7D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{024B06CC-9D95-449F-87E7-E9EB4C4D8F7D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29094F0F-38A3-49DA-BC19-FA79E38CC45B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29094F0F-38A3-49DA-BC19-FA79E38CC45B}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F175C2D-0D98-46EC-B3ED-50EAD4E3A286}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F175C2D-0D98-46EC-B3ED-50EAD4E3A286}" => Key deleted successfully. C:\Windows\System32\Tasks\{A3205480-6B17-4F84-B31F-66365B9C92EA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A3205480-6B17-4F84-B31F-66365B9C92EA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{536E7D1A-89B8-49D6-BD25-4A5BC37BE198}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{536E7D1A-89B8-49D6-BD25-4A5BC37BE198}" => Key deleted successfully. C:\Windows\System32\Tasks\{5E2A602B-0F31-4961-AFAE-A029D4FD2DFA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E2A602B-0F31-4961-AFAE-A029D4FD2DFA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5516E73D-E346-4FAB-93F9-2739A2B5F09C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5516E73D-E346-4FAB-93F9-2739A2B5F09C}" => Key deleted successfully. C:\Windows\System32\Tasks\Driver Booster SkipUAC (Piotrek) => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Piotrek)" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DA73A18-D9B6-485C-AD21-BDC19157EE46}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DA73A18-D9B6-485C-AD21-BDC19157EE46}" => Key deleted successfully. C:\Windows\System32\Tasks\{5C676BB8-A143-4A65-8D47-F92CD6FD8EC5} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C676BB8-A143-4A65-8D47-F92CD6FD8EC5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9AA4610-4FD4-4045-AC0D-E6EDA0039ACD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9AA4610-4FD4-4045-AC0D-E6EDA0039ACD}" => Key deleted successfully. C:\Windows\System32\Tasks\{1C89FACA-BF17-4C90-8389-872C16B8D186} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C89FACA-BF17-4C90-8389-872C16B8D186}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE521B9C-6E14-4EF2-89E6-D3A4584BBA7F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE521B9C-6E14-4EF2-89E6-D3A4584BBA7F}" => Key deleted successfully. C:\Windows\System32\Tasks\{64EB8821-2CF0-4307-BEB4-6F8A26CD8960} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64EB8821-2CF0-4307-BEB4-6F8A26CD8960}" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. C:\Program Files (x86)\Google => Moved successfully. C:\ProgramData\Freemake => Moved successfully. C:\ProgramData\install_clap => Moved successfully. C:\ProgramData\IObit => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Home => Moved successfully. C:\Users\Piotrek\AppData\Local\Google => Moved successfully. C:\Users\Piotrek\AppData\Local\WorldofTanks => Moved successfully. C:\Users\Piotrek\AppData\Local\Zemana => Moved successfully. C:\Users\Piotrek\AppData\Roaming\snotebook 2.0.exe => Moved successfully. C:\Users\Piotrek\AppData\Roaming\16487 => Moved successfully. C:\Users\Piotrek\AppData\Roaming\Foxmail7 => Moved successfully. C:\Users\Piotrek\AppData\Roaming\gBurner => Moved successfully. C:\Users\Piotrek\AppData\Roaming\IObit => Moved successfully. C:\Users\Piotrek\AppData\Roaming\Tencent => Moved successfully. C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat!.LNK => Moved successfully. C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam => Moved successfully. C:\Users\Piotrek\Start Menu\Programs\SpyHunter => Moved successfully. C:\Windows\SysWOW64\ZALSDKCore.dll => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= dir /a C:\Users\Piotrek ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: FADF-8B3F Katalog: C:\Users\Piotrek 2015-01-23 17:09 . 2015-01-23 17:09 .. 2014-10-15 06:05 AppData 2014-09-15 14:10 Contacts 2014-09-08 10:43 Cookies [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Cookies] 2014-09-08 10:43 Dane aplikacji [C:\Users\Piotrek\AppData\Roaming] 2015-01-23 16:52 Desktop 2015-01-21 11:00 Documents 2015-01-24 12:47 Downloads 2014-09-15 14:10 Favorites 2014-09-08 11:39 GG dysk 2014-09-15 14:10 Links 2014-09-08 10:43 Menu Start [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu] 2014-09-08 10:43 Moje dokumenty [C:\Users\Piotrek\Documents] 2015-01-02 15:57 Music 2014-09-08 10:43 NetHood [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 2015-01-24 12:47 33ÿ816ÿ576 ntuser.dat 2015-01-24 12:47 262ÿ144 ntuser.dat.LOG1 2014-09-08 10:43 0 ntuser.dat.LOG2 2014-09-08 10:53 65ÿ536 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 2014-09-08 10:53 524ÿ288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 2014-09-08 10:53 524ÿ288 NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms 2014-11-25 20:17 65ÿ536 ntuser.dat{f98a3824-5427-11e4-a2f6-0025228e020f}.TM.blf 2014-11-25 20:17 524ÿ288 ntuser.dat{f98a3824-5427-11e4-a2f6-0025228e020f}.TMContainer00000000000000000001.regtrans-ms 2014-10-15 06:13 524ÿ288 ntuser.dat{f98a3824-5427-11e4-a2f6-0025228e020f}.TMContainer00000000000000000002.regtrans-ms 2014-09-08 10:43 20 ntuser.ini 2015-01-11 11:07 Pictures 2014-09-08 10:43 PrintHood [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 2014-09-08 10:43 Recent [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Recent] 2014-11-29 17:41 Saved Games 2014-09-15 14:10 Searches 2014-09-08 10:43 SendTo [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\SendTo] 2015-01-21 11:34 Start Menu 2014-09-08 10:43 Szablony [C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Templates] 2014-09-08 10:43 Ustawienia lokalne [C:\Users\Piotrek\AppData\Local] 2014-12-11 17:47 Videos 10 plik(¢w) 36ÿ306ÿ964 bajt¢w 26 katalog(¢w) 68ÿ812ÿ423ÿ168 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 375.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:47:58 ====