Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015 Ran by z00269rd (2015-10-18 16:46:51) Run:1 Running from C:\NarzÄ™dzia\102015 Loaded Profiles: z00269rd (Available Profiles: z00269rd & z002ueza-a01) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Startup: C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99_c94.VIR [2015-10-14] () HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Run: [99] => wscript.exe //B "C:\Users\z00269rd\AppData\Roaming\99.vbs" CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1343024091-1935655697-839522115-42261\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION Task: {BBEF6982-D1C3-4C32-972C-32873DE85E35} - System32\Tasks\{B119E8BE-705F-45E7-8153-13E5DFC38EE6} => pcalua.exe -a "C:\New folder\tblpad.exe" -d "C:\New folder" C:\Program Files (x86)\GUT4A98.tmp C:\Program Files (x86)\GUT5C2E.tmp C:\Users\z00269rd\AppData\Roaming\99.vbs G:\*.lnk G:\*.VIR CMD: attrib /s -s -h G:\*.pdf Reg: reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99_c94.VIR => moved successfully HKU\S-1-5-21-1343024091-1935655697-839522115-42261\Software\Microsoft\Windows\CurrentVersion\Run\\99 => value not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1343024091-1935655697-839522115-42261\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBEF6982-D1C3-4C32-972C-32873DE85E35}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBEF6982-D1C3-4C32-972C-32873DE85E35}" => key removed successfully C:\Windows\System32\Tasks\{B119E8BE-705F-45E7-8153-13E5DFC38EE6} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B119E8BE-705F-45E7-8153-13E5DFC38EE6}" => key removed successfully C:\Program Files (x86)\GUT4A98.tmp => moved successfully C:\Program Files (x86)\GUT5C2E.tmp => moved successfully C:\Users\z00269rd\AppData\Roaming\99.vbs => moved successfully =========== "G:\*.lnk" ========== not found ========= End -> "G:\*.lnk" ======== =========== "G:\*.VIR" ========== not found ========= End -> "G:\*.VIR" ======== ========= attrib /s -s -h G:\*.pdf ========= Nie mo¾na odnale«† ˜cie¾ki - G:\. ========= End of CMD: ========= ========= reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Siemens_HS REG_SZ C:\Program Files (x86)\Siemens\Quality Survey\hs.exe Mobile Partner REG_SZ C:\Program Files (x86)\WEB Partner\WEB Partner MyDriveConnect.exe REG_SZ C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe ========= End of Reg: ========= EmptyTemp: => 12.7 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 16:58:23 ====