Farbar Recovery Scan Tool (x64) Wersja: 13-10-2016 Uruchomiony przez LOCKERZ (14-10-2016 16:49:32) Uruchomiony z C:\Users\LOCKERZ\Desktop\Angielski Tryb startu: Normal ================== Szukaj w rejestrze: "tor.exe" =========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\h5c_auto_file\shell\open\command] ""="\"D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\Bin\H5_MapEditor.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\h5m_auto_file\shell\open\command] ""="\"D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\Bin\H5_MapEditor.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\h5p_auto_file\shell\open\command] ""="\"D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\Bin\H5_MapEditor.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Microsoft SDKs Windows v7.0A bin SvcConfigEditor.exe] v8.0A NETFX 4.0 Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL4.File\DefaultIcon] ""="C:\Program Files (x86)\Core Trader\MetaEditor.exe,3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL4.File\shell\open\command] ""="C:\Program Files (x86)\Core Trader\MetaEditor.exe "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL5.File\DefaultIcon] ""="D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL5.File\shell\open\command] ""="D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL5.Header\DefaultIcon] ""="D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe,2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MQL5.Header\shell\open\command] ""="D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "metaeditor.exe"="8000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers] "SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{835b79e2-e76a-44c4-9885-26ad122d3b4d}] "ResourceFileName"="%SystemRoot%\system32\narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{835b79e2-e76a-44c4-9885-26ad122d3b4d}] "MessageFileName"="%SystemRoot%\system32\narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator] "ATExe"="Narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator] "StartExe"="%SystemRoot%\System32\Narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\PenService] "Illustrator.exe"="9A979A3F-92BB-49e9-8F2E-4EB423A9BFC9" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator] "ATExe"="Narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator] "StartExe"="%SystemRoot%\System32\Narrator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PCTools\PCTSBL] "spyware-doctor.exe"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator] "DisplayName"="@%systemroot%\system32\Locator.exe,-2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator] "Description"="@%systemroot%\system32\Locator.exe,-3" [HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\29B\553DB5C3] "@%systemroot%\system32\Locator.exe,-2"="Lokalizator usługi zdalnego wywołania procedury (RPC)" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] "AppName"="IEMonitor.exe" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ex4\OpenWithList] "b"="metaeditor.exe" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ex4\UserChoice] "Progid"="Applications\metaeditor.exe" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mq4\OpenWithList] "a"="metaeditor.exe" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tpl\OpenWithList] "c"="metaeditor.exe" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Classes\Applications\metaeditor.exe] [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Classes\Applications\metaeditor.exe\shell\open\command] ""=""D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe" "%1"" [HKEY_USERS\S-1-5-21-3693199113-3486577660-3927935120-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "D:\Program Files (x86)\HotForex MetaTrader\metaeditor.exe"="MetaEditor" ====== Koniec Szukaj ======