Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 30-04-2017 Uruchomiony przez Admin (01-05-2017 18:40:18) Run:2 Uruchomiony z C:\Users\Admin\Desktop\Nowy folder Załadowane profile: Admin (Dostępne profile: Admin) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Users\Admin\AppData\Roaming\DCSCMIN\IMDCSC.exe HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\...\Run: [MSConfig] => C:\Users\Admin\mfbprsq.exe [48173056 2017-04-28] (Bullguard) HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\...\Run: [remcos] => C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe [36864 2017-05-01] () HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\...\Policies\Explorer\Run: [Wow6432Node] => C:\Users\Admin\AppData\Roaming\Microsoft\grihwbgd\gtvasbwc.exe [155140 2017-03-08] () C:\Users\Admin\AppData\Roaming\remcos C:\Users\Admin\AppData\Roaming\Microsoft\grihwbgd C:\Users\Admin\AppData\Roaming\DCSCMIN C:\Users\Admin\mfbprsq.exe HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 IFEO\AUpdate.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\BigUpgrade_IU.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\DSPut.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\f2p_ping.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\Feedback.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\HiPatchService_IObitDel.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\HiRezGamesDiagAndSupport.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\Install_PintoStartMenu.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IObitDownloader.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IObitRegister.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IUDM.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IUPluginNotice.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IUService.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\IU_InstallBeforWork.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\maintenanceservice.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\NoteIcon.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\playstv.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\playstv_launcher.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_encoder_server-120220.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_encoder_server-122108.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_encoder_server64-120220.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_encoder_server64-122108.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_ep64.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\plays_service.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\ScreenShot.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\SendBugReportNew.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\upload_logs.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\VideoCardCompatibility.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe IFEO\XmasPromote.exe: [Debugger] D:\Advanced SystemCare\AutoReactivator.exe ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku GroupPolicyScripts: Ograniczenia <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA URLSearchHook: [S-1-5-21-2316587192-2815210435-4262640799-1000] UWAGA => Brak domyślnego URLSearchHook FF Extension: (Fast search) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kb1gtk3k.default-1474363501998\Extensions\amcontextmenu@loucypher [2017-04-04] S3 avchv; system32\DRIVERS\avchv.sys [X] S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 gkernel; \??\C:\Users\Admin\AppData\Local\Temp\gkernel.sys [X] <==== UWAGA S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains ListPermissions: C:\Windows Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wartość pomyślnie przywrócono HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig => Wartość pomyślnie usunięto HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\remcos => Wartość pomyślnie usunięto HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Wow6432Node => Wartość pomyślnie usunięto C:\Users\Admin\AppData\Roaming\remcos => pomyślnie przeniesiono C:\Users\Admin\AppData\Roaming\Microsoft\grihwbgd => pomyślnie przeniesiono "C:\Users\Admin\AppData\Roaming\DCSCMIN" => nie znaleziono. C:\Users\Admin\mfbprsq.exe => pomyślnie przeniesiono HKU\S-1-5-21-2316587192-2815210435-4262640799-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks => Wartość pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AUpdate.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BigUpgrade_IU.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DSPut.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\f2p_ping.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Feedback.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HiPatchService_IObitDel.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HiRezGamesDiagAndSupport.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Install_PintoStartMenu.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IObitDownloader.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IObitRegister.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IUDM.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IUPluginNotice.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IUService.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IU_InstallBeforWork.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\maintenanceservice.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NoteIcon.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\playstv.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\playstv_launcher.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_encoder_server-120220.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_encoder_server-122108.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_encoder_server64-120220.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_encoder_server64-122108.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_ep64.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\plays_service.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ScreenShot.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SendBugReportNew.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\upload_logs.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VideoCardCompatibility.exe => klucz nie znaleziono. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\XmasPromote.exe => klucz pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => klucz pomyślnie usunięto HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\Machine => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => klucz pomyślnie usunięto Nie można przywrócić Domyślne URLSearchHook. C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kb1gtk3k.default-1474363501998\Extensions\amcontextmenu@loucypher => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\avchv => klucz pomyślnie usunięto avchv => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\bdfwfpf => klucz pomyślnie usunięto bdfwfpf => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\FairplayKD => klucz pomyślnie usunięto FairplayKD => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\gkernel => klucz pomyślnie usunięto gkernel => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\xhunter1 => klucz pomyślnie usunięto xhunter1 => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\xspirit => klucz pomyślnie usunięto xspirit => serwis pomyślnie usunięto HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains => klucz pomyślnie usunięto HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains => klucz pomyślnie usunięto =================================== uprawnienia "C:\Windows": Owner: NT SERVICE\TrustedInstaller DACL(PAI): NT SERVICE\TrustedInstaller ALLOW FULL (NI) NT SERVICE\TrustedInstaller ALLOW FULL (CI-IO) NT AUTHORITY\SYSTEM ALLOW MODIFY (NI) NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-IO) BUILTIN\Administrators ALLOW MODIFY (NI) BUILTIN\Administrators ALLOW FULL (OI-CI-IO) BUILTIN\Users ALLOW READ/EXECUTE (NI) BUILTIN\Users ALLOW READ/EXECUTE (OI-CI-IO) CREATOR OWNER ALLOW FULL (OI-CI-IO) =================================== C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51201796 B Java, Flash, Steam htmlcache => 221464390 B Windows/system/drivers => 1998514 B Edge => 0 B Chrome => 0 B Firefox => 153393035 B Opera => 342643585 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 18056 B systemprofile32 => 83289 B LocalService => 66228 B NetworkService => 6620 B Admin => 294940281 B RecycleBin => 0 B EmptyTemp: => 1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:42:11 ====