Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by Mateusz at 2015-07-16 17:57:19 Run:1
Running from C:\
Loaded Profiles: Mateusz (Available Profiles: Mateusz & Ewa)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CloseProcesses:
R2 VSSS; C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [96755264 2015-06-27] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 ALSysIO; \??\C:\Users\Mateusz\AppData\Local\Temp\ALSysIO64.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
HKLM\...\Policies\Explorer\Run: [1597511312] => C:\ProgramData\msrbfyc.exe [84144128 2014-10-29] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mateusz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Task: {DC8CD785-087C-4EED-B279-6904DE65D9F3} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-665916194-2271293263-4112161340-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
FF SelectedSearchEngine: delta-homes
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
C:\Program Files\*.exe
C:\ProgramData\msrbfyc.exe
C:\Users\Ewa\Desktop\rFactor2.lnk
C:\Users\Ewa\Desktop\SopCast.lnk
C:\Users\Mateusz\Desktop\rFactor2.lnk
C:\Users\Mateusz\Desktop\SopCast.lnk
C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Users\Mateusz\AppData\Local\Google\Chrome
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Acrobat Assistant 8.0" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe ARM" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Acrobat Speed Launcher" /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v "Logitech . Rejestracja produktu.lnk" /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v AdobeBridge /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg query HKU\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 /s
Reg: reg query HKU\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 /s
CMD: type C:\Windows\System32\Tasks\Shutdown
CMD: netsh advfirewall reset
EmptyTemp:
*****************

Processes closed successfully.
VSSS => Service removed successfully
ALSysIO => Service removed successfully
KProcessHacker2 => Service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1597511312 => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value removed successfully
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC8CD785-087C-4EED-B279-6904DE65D9F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC8CD785-087C-4EED-B279-6904DE65D9F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-665916194-2271293263-4112161340-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-665916194-2271293263-4112161340-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect" => key removed successfully
C:\Program Files\*.exe => moved successfully.
C:\ProgramData\msrbfyc.exe => moved successfully.
C:\Users\Ewa\Desktop\rFactor2.lnk => moved successfully.
C:\Users\Ewa\Desktop\SopCast.lnk => moved successfully.
C:\Users\Mateusz\Desktop\rFactor2.lnk => moved successfully.
C:\Users\Mateusz\Desktop\SopCast.lnk => moved successfully.
C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
C:\Users\Mateusz\AppData\Local\Google\Chrome => moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Acrobat Assistant 8.0" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe ARM" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Acrobat Speed Launcher" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v "Logitech . Rejestracja produktu.lnk" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v AdobeBridge /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg query HKU\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 /s =========


HKEY_USERS\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32
    (Default)    REG_SZ    axdb.dll



========= End of Reg: =========


========= reg query HKU\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 /s =========


HKEY_USERS\S-1-5-21-665916194-2271293263-4112161340-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32
    (Default)    REG_SZ    AcETransmit.dll



========= End of Reg: =========


=========  type C:\Windows\System32\Tasks\Shutdown =========

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2015-03-10T23:30:59.9654873</Date>
    <Author>MATEUSZPC\Mateusz</Author>
    <Description>Power Off PC</Description>
  </RegistrationInfo>
  <Triggers>
    <TimeTrigger>
      <StartBoundary>2015-03-10T23:50:10</StartBoundary>
      <Enabled>true</Enabled>
    </TimeTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <RunLevel>LeastPrivilege</RunLevel>
      <UserId>MATEUSZPC\Mateusz</UserId>
      <LogonType>InteractiveToken</LogonType>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT10M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\Windows\System32\shutdown.exe</Command>
    </Exec>
  </Actions>
</Task>
========= End of CMD: =========


=========  netsh advfirewall reset =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========

EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 17:59:14 ====