Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04 Ran by q at 2015-04-16 15:53:53 Run:2 Running from C:\Documents and Settings\q\Moje dokumenty\Downloads Loaded Profiles: q (Available profiles: q & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [jemaka] => C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka\jemaka.exe [425516 2015-04-06] (MercantileLegitimiseNeutralised) HKLM\...\Policies\Explorer\Run: [jemaka] => C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka\jemaka.exe [425516 2015-04-06] ( (MercantileLegitimiseNeutralised)) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (Bflix extension) - C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp [2012-01-14] CHR HKLM\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files\BFlix\BFlix.crx [2011-12-19] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?trackid=sp-006 HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-2025429265-725345543-1003 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms} BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll No File Toolbar: HKLM - No Name - {bd0c8f87-2da0-4449-a726-b978ae8db32c} - No File CustomCLSID: HKU\S-1-5-21-1085031214-2025429265-725345543-1003_Classes\CLSID\{D9F397C5-3053-4D1D-9DFD-4B3E08E570D8}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3}\vfnws.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1085031214-2025429265-725345543-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Documents and Settings\q\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies) S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 massfilter_lte; \??\C:\WINDOWS\system32\drivers\massfilter_lte.sys [X] S3 zgdcat; system32\DRIVERS\zgdcat.sys [X] S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X] S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X] S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X] S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X] C:\WINDOWS\system32\drivers\avgtpx86.sys C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3} C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software C:\Documents and Settings\All Users\Dane aplikacji\InstallMate C:\Documents and Settings\All Users\Dane aplikacji\Norton C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\LocalService\Dane aplikacji\McAfee C:\Documents and Settings\NetworkService\Dane aplikacji\McAfee C:\Documents and Settings\q\Dane aplikacji\~uTorrentPartFile_4985C65.dat C:\Documents and Settings\q\Dane aplikacji\eXcEl3rator.txt C:\Documents and Settings\q\Dane aplikacji\Metric - Synthetica.log C:\Documents and Settings\q\Dane aplikacji\Mozilla C:\Documents and Settings\q\Dane aplikacji\njyhik9iaa C:\Documents and Settings\q\Dane aplikacji\nyjuikoitg C:\Documents and Settings\q\Dane aplikacji\AVAST Software C:\Documents and Settings\q\Dane aplikacji\Ieie C:\Documents and Settings\q\Dane aplikacji\MsDtc C:\Documents and Settings\q\Dane aplikacji\Opera Software C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\*.dll C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\setup.exe C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Opera Software C:\Program Files\DDownTango5aToolbar C:\Program Files\BFlix C:\Program Files\Mozilla Firefox C:\Program Files\Spybot - Search & Destroy 2 C:\WINDOWS\zyjcxd.hcr C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\system32\drivers\avgtpx86.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: attrib -r -h -s C:\HELP_DECRYPT.* /s CMD: del /q /s C:\HELP_DECRYPT.* CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files\Common Files" CMD: dir .a "C:\Documents and Settings\All Users\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\LocalService\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\NetworkService\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\q\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji" ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\jemaka => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\jemaka => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp" => Key deleted successfully. C:\Program Files\BFlix\BFlix.crx => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKU\S-1-5-21-1085031214-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully. HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully. HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully. HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl}" => Key deleted successfully. HKCR\CLSID\{szukaj.gazeta.pl} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Key deleted successfully. "HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bd0c8f87-2da0-4449-a726-b978ae8db32c} => value deleted successfully. HKCR\CLSID\{bd0c8f87-2da0-4449-a726-b978ae8db32c} => Key not found. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003_Classes\CLSID\{D9F397C5-3053-4D1D-9DFD-4B3E08E570D8}" => Key deleted successfully. "HKU\S-1-5-21-1085031214-2025429265-725345543-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay2" => Key deleted successfully. "HKCR\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay3" => Key deleted successfully. "HKCR\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay4" => Key deleted successfully. "HKCR\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. "HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. avgtp => Service stopped successfully. avgtp => Service deleted successfully. hwusbdev => Service deleted successfully. massfilter_lte => Service deleted successfully. zgdcat => Service deleted successfully. zgdcdiag => Service deleted successfully. zgdcmdm => Service deleted successfully. zgdcnet => Service deleted successfully. zgdcnmea => Service deleted successfully. C:\WINDOWS\system32\drivers\avgtpx86.sys => Moved successfully. "C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3}" directory move: Could not move "C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3}" directory. => Scheduled to move on reboot. C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\InstallMate => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Norton => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\McAfee => Moved successfully. C:\Documents and Settings\NetworkService\Dane aplikacji\McAfee => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\~uTorrentPartFile_4985C65.dat => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\eXcEl3rator.txt => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\Metric - Synthetica.log => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\Mozilla => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\njyhik9iaa => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\nyjuikoitg => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\AVAST Software => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\Ieie => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\MsDtc => Moved successfully. C:\Documents and Settings\q\Dane aplikacji\Opera Software => Moved successfully. C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\*.dll => Moved successfully. C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\setup.exe => Moved successfully. "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka" directory move: Could not move "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka" directory. => Scheduled to move on reboot. C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Opera Software => Moved successfully. C:\Program Files\DDownTango5aToolbar => Moved successfully. C:\Program Files\BFlix => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Program Files\Spybot - Search & Destroy 2 => Moved successfully. C:\WINDOWS\zyjcxd.hcr => Moved successfully. "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" => File/Directory not found. "C:\WINDOWS\system32\drivers\avgtpx86.sys" => File/Directory not found. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= attrib -r -h -s C:\HELP_DECRYPT.* /s ========= ========= End of CMD: ========= ========= del /q /s C:\HELP_DECRYPT.* ========= Usuni©ty plik - C:\HELP_DECRYPT.HTML Usuni©ty plik - C:\HELP_DECRYPT.PNG Usuni©ty plik - C:\HELP_DECRYPT.TXT Usuni©ty plik - C:\HELP_DECRYPT.URL Usuni©ty plik - C:\AdwCleaner\HELP_DECRYPT.HTML Usuni©ty plik - C:\AdwCleaner\HELP_DECRYPT.PNG Usuni©ty plik - C:\AdwCleaner\HELP_DECRYPT.TXT Usuni©ty plik - C:\AdwCleaner\HELP_DECRYPT.URL Usuni©ty plik - C:\AdwCleaner\Quarantine\HELP_DECRYPT.HTML Usuni©ty plik - C:\AdwCleaner\Quarantine\HELP_DECRYPT.PNG Usuni©ty plik - C:\AdwCleaner\Quarantine\HELP_DECRYPT.TXT Usuni©ty plik - C:\AdwCleaner\Quarantine\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\Content Activation\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\Content Activation\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\Content Activation\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\DSS\Content Activation\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\DATA\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\DATA\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\DATA\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\OFFICE\DATA\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\log\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\log\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\log\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\Mobile Partner\log\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\HELP_DECRYPT.URL Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\Logs\HELP_DECRYPT.HTML Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\Logs\HELP_DECRYPT.PNG Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\Logs\HELP_DECRYPT.TXT Usuni©ty plik - C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller\Logs\HELP_DECRYPT.URL Proces nie mo¾e uzyska† dost©pu do pliku, poniewa¾ jest on u¾ywany przez inny proces. ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Program Files 2015-04-16 15:54 . 2015-04-16 15:54 .. 2013-01-22 15:41 3D Driving-School Demo 2014-09-15 15:22 Adobe 2014-07-18 12:09 Ares 2015-04-10 22:52 Common Files 2011-12-30 08:41 EA Sports 2014-04-15 20:09 Edgard Multimedia 2014-11-16 15:56 Ekierowca 2014-12-31 13:34 Extra Screen Capture Free 2011-12-16 12:56 Foxit Software 2012-01-04 12:19 FoxTabPDFConverter 2012-04-08 18:14 FoxTabPDFReader 2015-04-10 23:02 FreeTime 2015-04-10 23:03 Ganymede 2012-06-22 19:39 Google 2015-02-04 09:59 GUME6.tmp 2014-01-26 13:47 Hewlett-Packard 2014-01-26 13:46 HP 2014-03-03 20:41 InstallShield Installation Information 2011-12-27 17:39 Internet Explorer 2011-12-22 18:10 Java 2014-07-18 12:08 K-Lite Codec Pack 2014-11-15 12:37 Messenger 2011-12-16 12:40 microsoft frontpage 2012-01-04 19:58 Microsoft Games for Windows - LIVE 2011-12-16 15:55 Microsoft Office 2012-01-20 18:32 Microsoft Silverlight 2011-12-16 15:55 Microsoft Visual Studio 2011-12-16 15:55 Microsoft Works 2012-03-22 16:38 Midway Games 2013-11-05 19:13 Mobile Partner 2011-12-16 12:38 Movie Maker 2014-12-23 18:32 mp3DirectCut 2011-12-25 23:16 MSBuild 2011-12-16 12:37 MSN Gaming Zone 2011-12-16 12:56 Nero 2011-12-16 12:38 NetMeeting 2011-12-16 13:05 NVIDIA Corporation 2015-01-28 20:51 Opera 2011-12-27 17:39 Outlook Express 2015-01-29 16:56 Photo Pos Pro 2015-04-10 22:50 Program4Pc 2015-01-28 21:36 QuickTime Alternative 2011-12-16 12:56 Real Alternative 2011-12-25 23:16 Reference Assemblies 2014-03-03 20:41 Rockstar Games 2011-12-19 17:36 Samsung 2014-02-20 22:45 SkaWit 2015-02-16 21:00 Skype 2015-04-10 22:56 Splashtop 2011-12-16 12:53 Uninstall Information 2011-12-16 12:38 Usˆugi online 2011-12-27 17:38 UX Pack 2011-12-16 12:55 VIA 2011-12-16 12:37 Windows Media Connect 2 2011-12-27 17:39 Windows Media Player 2011-12-16 12:36 Windows NT 2012-01-14 14:10 Windows Sidebar 2011-12-16 12:38 WindowsUpdate 2015-04-13 22:01 WinRAR 2011-12-16 12:40 xerox 2015-04-10 22:48 Yawcam 0 plik(¢w) 0 bajt¢w 63 katalog(¢w) 93ÿ004ÿ718ÿ080 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Program Files\Common Files 2015-04-10 22:52 . 2015-04-10 22:52 .. 2011-12-25 18:20 Adobe 2015-01-28 21:34 Adobe AIR 2011-12-16 12:56 Ahead 2014-07-02 13:37 AVSMedia 2011-12-16 15:55 DESIGNER 2013-12-12 22:14 EAInstaller 2013-03-26 22:03 Hewlett-Packard 2012-02-09 19:33 InstallShield 2011-12-22 18:11 Java 2011-12-16 15:55 Microsoft Shared 2011-12-16 12:38 MSSoap 2011-12-16 13:35 ODBC 2011-12-16 12:38 Services 2015-02-16 21:00 Skype 2011-12-16 13:34 SpeechEngines 2014-07-02 14:40 Symantec Shared 2011-12-16 15:52 System 2011-12-16 12:55 Wise Installation Wizard 0 plik(¢w) 0 bajt¢w 20 katalog(¢w) 93ÿ004ÿ713ÿ984 bajt¢w wolnych ========= End of CMD: ========= ========= dir .a "C:\Documents and Settings\All Users\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\q\Moje dokumenty\Downloads Nie mo¾na odnale«† pliku. Katalog: C:\Documents and Settings\All Users\Dane aplikacji 2014-09-15 15:22 Adobe 2015-01-28 21:36 Apple Computer 2014-07-01 12:56 AVG 2014-08-26 22:42 Avg_Update_0814tb 2014-07-02 13:37 AVS4YOU 2014-11-16 10:34 boost_interprocess 2014-05-28 20:10 DAEMON Tools Lite 2013-11-05 19:17 DatacardService 2011-12-19 20:09 Gadu-Gadu 10 2012-08-27 23:43 GG 2013-03-26 22:07 HP 2014-01-26 13:47 3ÿ850 hpzinstall.log 2011-12-20 21:59 McAfee 2012-05-24 20:03 Microsoft Help 2015-04-16 15:54 Mobile Partner 2012-05-04 10:32 Mozilla 2015-04-16 15:54 NortonInstaller 2011-12-16 13:05 NVIDIA 2011-12-16 12:55 NVIDIA Corporation 2013-07-22 23:09 OpenFM 2014-12-13 15:02 Origin 2011-12-19 17:36 Samsung 2014-01-26 13:47 Screentime 2015-03-08 15:46 Skype 2011-12-22 18:11 Sun 1 plik(¢w) 3ÿ850 bajt¢w 24 katalog(¢w) 93ÿ004ÿ709ÿ888 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\LocalService\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\LocalService\Dane aplikacji 2015-04-16 15:54 . 2015-04-16 15:54 .. 2015-04-01 15:32 8ÿ598 HELP_DECRYPT.HTML 2015-04-01 15:32 45ÿ517 HELP_DECRYPT.PNG 2015-04-01 15:32 4ÿ242 HELP_DECRYPT.TXT 2015-04-01 15:32 280 HELP_DECRYPT.URL 2011-12-16 12:39 Microsoft 4 plik(¢w) 58ÿ637 bajt¢w 3 katalog(¢w) 93ÿ004ÿ709ÿ888 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-04-16 12:14 . 2015-04-16 12:14 .. 2015-04-16 12:14 2ÿ530ÿ072 FontCache3.0.0.0.dat 2015-04-08 21:01 71ÿ328 GDIPFONTCACHEV1.DAT 2011-12-19 22:51 Google 2011-12-16 12:39 Microsoft 2 plik(¢w) 2ÿ601ÿ400 bajt¢w 4 katalog(¢w) 93ÿ004ÿ644ÿ352 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\NetworkService\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\NetworkService\Dane aplikacji 2015-04-16 15:54 . 2015-04-16 15:54 .. 2015-04-01 15:32 8ÿ598 HELP_DECRYPT.HTML 2015-04-01 15:32 45ÿ517 HELP_DECRYPT.PNG 2015-04-01 15:32 4ÿ242 HELP_DECRYPT.TXT 2015-04-01 15:32 280 HELP_DECRYPT.URL 2011-12-16 12:39 Microsoft 2014-11-16 20:00 108 WB.CFG 5 plik(¢w) 58ÿ745 bajt¢w 3 katalog(¢w) 93ÿ004ÿ644ÿ352 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji 2011-12-16 12:41 . 2011-12-16 12:41 .. 2014-05-13 20:35 Microsoft 0 plik(¢w) 0 bajt¢w 3 katalog(¢w) 93ÿ004ÿ640ÿ256 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\q\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\q\Dane aplikacji 2015-04-16 15:54 . 2015-04-16 15:54 .. 2011-12-19 17:36 2ÿ528 $_hpcst$.hpc 2015-04-07 21:01 23ÿ040 07 - People.flac 2013-07-02 12:09 0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I 2015-04-10 20:36 23ÿ040 10-blockhead-snapping_point.mp3 2015-04-16 14:39 A6C9AC6C 2015-01-29 16:59 Adobe 2011-12-16 12:56 Ahead 2015-01-13 22:01 Audacity 2014-07-01 12:55 AVG 2015-04-01 15:33 AVS4YOU 2014-12-20 19:14 BANDISOFT 2015-04-01 15:33 DAEMON Tools Lite 2011-12-16 13:34 62 desktop.ini 2014-12-29 19:57 dlg 2011-12-21 09:35 Foxit Software 2015-04-01 15:34 Gadu-Gadu 10 2015-04-01 15:38 GanymedeNet 2015-04-01 15:38 GG 2012-06-22 19:40 Google 2013-03-25 17:47 GrabIt 2014-11-08 16:48 gtk-2.0 2013-11-06 17:59 Help 2015-04-01 15:39 8ÿ598 HELP_DECRYPT.HTML 2015-04-01 15:39 45ÿ517 HELP_DECRYPT.PNG 2015-04-01 15:39 4ÿ242 HELP_DECRYPT.TXT 2015-04-01 15:39 280 HELP_DECRYPT.URL 2013-03-26 22:07 HP 2011-12-16 12:53 Identities 2015-04-01 15:38 Image Zone Express 2011-12-25 02:54 InterTrust 2015-01-29 16:59 Macromedia 2015-03-08 15:48 Media Player Classic 2015-04-01 15:38 Microsoft 2012-11-02 16:36 Need for Speed World 2012-05-29 10:18 NVIDIA 2015-04-01 15:38 OpenFM 2015-04-01 15:38 Origin 2012-01-04 12:03 138ÿ056 PnkBstrK.sys 2012-01-03 20:16 Real 2012-03-21 20:29 Samsung 2015-04-01 15:38 SecuROM 2015-04-01 15:39 Skype 2012-05-12 17:09 SumatraPDF 2015-04-01 15:39 Sun 2014-11-16 15:57 Testy.2014.PJ 2014-11-16 15:52 Testy.2014.PWPW 2014-01-18 16:45 Unity 2014-01-15 18:44 98 WB.CFG 2011-12-19 17:30 WinRAR 2014-11-07 21:55 WorldofTanks 10 plik(¢w) 245ÿ461 bajt¢w 42 katalog(¢w) 93ÿ004ÿ214ÿ272 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: D08F-9906 Katalog: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji 2015-04-16 15:54 . 2015-04-16 15:54 .. 2015-01-28 21:31 Adobe 2011-12-22 18:12 Apple Computer 2013-11-09 17:43 Ares 2014-07-01 12:55 AVG 2014-12-31 13:30 ChomikBox 2015-02-21 10:08 241ÿ664 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 20:43 Downloaded Installations 2012-11-01 21:43 Electronic_Arts_Inc 2014-07-02 13:51 71ÿ328 GDIPFONTCACHEV1.DAT 2013-07-02 12:32 gegl-0.2 2015-04-01 18:19 GG 2015-04-01 18:19 Google 2013-12-29 14:49 gtk-2.0 2013-11-06 17:59 Help 2015-04-01 18:19 8ÿ598 HELP_DECRYPT.HTML 2015-04-01 18:19 45ÿ504 HELP_DECRYPT.PNG 2015-04-01 18:19 4ÿ242 HELP_DECRYPT.TXT 2015-04-01 18:19 280 HELP_DECRYPT.URL 2013-01-01 01:44 5ÿ871ÿ516 IconCache.db 2015-04-16 15:54 jemaka 2015-04-01 18:19 Microsoft 2011-12-16 15:52 Microsoft Help 2011-12-16 12:57 Mozilla 2014-05-30 18:54 NPE 2012-03-22 16:50 PC 2013-12-30 16:27 3ÿ047 recently-used.xbel 2011-12-30 12:37 Relmtech 2015-04-01 18:19 Rockstar Games 2013-09-26 20:04 Screentime 2015-04-01 18:19 Skype 2014-12-13 15:31 Temp 2013-08-07 09:29 Unity 2012-03-22 17:15 Wheelman 2014-11-07 21:55 WorldofTanks 8 plik(¢w) 6ÿ246ÿ179 bajt¢w 28 katalog(¢w) 93ÿ003ÿ882ÿ496 bajt¢w wolnych ========= End of CMD: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-16 15:55:07)<= C:\Documents and Settings\All Users\Dane aplikacji\{7D14E36A-889F-4FDA-8B78-2423FB17A4D3} => Is moved successfully. C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\jemaka => Moved successfully. ==== End of Fixlog 15:55:08 ====