Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 10-10-2016 Uruchomiony przez Andreas (13-10-2016 11:03:49) Run:1 Uruchomiony z C:\Users\Andreas\Downloads\f Załadowane profile: Andreas (Dostępne profile: Andreas) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.8.17919.214\QMGCShellExt64.dll [2016-09-25] (Tencent) Task: {4B4ACDBA-E90D-4CD4-B756-70DBBA7D43E3} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Andreas\AppData\Roaming\Adobe\Manager.exe Task: {93A0D3AC-8958-416C-B2FA-5D4D8AFDD3F1} - System32\Tasks\Microsoft\Windows\Multimedia\ReportSender => C:\Users\Andreas\ReportSender\ReportSender.exe MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: HDD Regenerator => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1 MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime Tcpip\..\Interfaces\{2866DB9B-8AEA-4BE5-B1AA-D81C9A3801EF}: [NameServer] 108.61.178.207,45.32.152.160 Tcpip\..\Interfaces\{C5583357-F018-4248-976E-82712DB93ABA}: [NameServer] 108.61.178.207,45.32.152.160 GroupPolicy: Ograniczenia - Chrome <======= UWAGA HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-3424310977-905981195-1643685065-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3424310977-905981195-1643685065-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-3424310977-905981195-1643685065-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DeleteKey: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware DeleteKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f AlternateDataStreams: C:\ProgramData\Microsoft:B51K78KwGpK5R1vAWBfZ50JQlA [2460] AlternateDataStreams: C:\ProgramData\Microsoft:hrWjInlZ0odOqBZMx [550] AlternateDataStreams: C:\ProgramData\Microsoft:pqNH2aCI5PMsyQx6HqE [2068] AlternateDataStreams: C:\ProgramData\Microsoft:sChghMnNGRhLWYDHhkxyz8ab6qh [2366] C:\KRECYCLE C:\Program Files\CyberGhost 5 C:\Program Files\CyberGhost VPN C:\Program Files\FreeFixer C:\Program Files\Reason C:\Program Files (x86)\4ovgyw7i C:\Program Files (x86)\eclvab0f C:\Program Files (x86)\kingsoft C:\Program Files (x86)\Tencent C:\Program Files (x86)\UnHackMe C:\ProgramData\AVAST Software C:\ProgramData\Avg C:\ProgramData\Avira C:\ProgramData\IObit C:\ProgramData\kdesk C:\ProgramData\Kingsoft C:\ProgramData\ProductData C:\ProgramData\RegRun C:\ProgramData\Tencent C:\ProgramData\TEMP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Off-Line Settings.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIcodec C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk\Studio Instruments\SI-*.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiDesign\Plug-Ins\FocusRite D2\Digidesign Plug-Ins Guide.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXpansion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\DDLY C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Neutron C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mokafix Audio C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SynthMaker C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TC Electronic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webplugin.exe C:\Users\Andreas\AppData\Local\{F05CE88F-EBBE-427D-97BD-F9D62CB16428} C:\Users\Andreas\AppData\Local\FreeFixer C:\Users\Andreas\AppData\Local\Kingsoft C:\Users\Andreas\AppData\Local\Redetaingrimither C:\Users\Andreas\AppData\Local\UCBrowser C:\Users\Andreas\AppData\LocalLow\IObit C:\Users\Andreas\AppData\Roaming\*.* C:\Users\Andreas\AppData\Roaming\FreeFixer C:\Users\Andreas\AppData\Roaming\IObit C:\Users\Andreas\AppData\Roaming\Kingsoft C:\Users\Andreas\AppData\Roaming\Tencent C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12 (64bit).lnk C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KORG C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metric Halo\Manual.lnk C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nomad Factory C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overloud\TH2\Uninstall.lnk C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Positive Grid C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne\Uninstall.lnk C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Two Notes Audio Engineering C:\Users\Andreas\Desktop\Pulpit\FL save\FL Studio 12 (64bit).lnk C:\Users\Andreas\Desktop\Pulpit\FL save\FL Studio 12.lnk C:\Users\Andreas\Desktop\Pulpit\pul\Pulpit\CPUID CPU-Z.lnk C:\Users\Andreas\Desktop\Pulpit\pul\Pulpit\CyberGhost 5.lnk C:\Users\Andreas\Documents\MAGIX\Audio & Music Lab 2016 Premium\_Demo.LNK C:\Users\Andreas\Documents\RegRun2 C:\Users\Andreas\Favorites\GG dysk.lnk C:\Users\Andreas\Links\GG dysk.lnk C:\Windows\libeay32.dll C:\Windows\libcurl.dll C:\Windows\ssleay32.dll C:\Windows\winstart.bat C:\Windows\zlib1.dll C:\Windows\IObit C:\Windows\system32\ffnd.exe C:\Windows\SysWOW64\CONFIG.NT C:\Windows\SysWOW64\AUTOEXEC.NT CMD: ipconfig /flushdns CMD: netsh advfirewall reset Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Aracity /s EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. [1560] C:\Windows\explorer.exe => proces pomyślnie zamknięty. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon => klucz nie znaleziono. HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4ACDBA-E90D-4CD4-B756-70DBBA7D43E3} => klucz nie znaleziono. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\Manager => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93A0D3AC-8958-416C-B2FA-5D4D8AFDD3F1} => klucz nie znaleziono. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\ReportSender => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\ReportSender => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDD Regenerator => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task => klucz nie znaleziono. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2866DB9B-8AEA-4BE5-B1AA-D81C9A3801EF}\\NameServer => Wartość nie znaleziono. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C5583357-F018-4248-976E-82712DB93ABA}\\NameServer => Wartość nie znaleziono.