Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-06-2020 Uruchomiony przez Kalina (20-06-2020 13:34:32) Run:4 Uruchomiony z C:\Users\RED.Inc\Downloads Załadowane profile: Kalina Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s ***************** Błąd: (0) Nie udało się utworzyć punktu przywracania. ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acad.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acwebbrowser.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobepatchinstaller.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobepatchinstaller.exe\208f05d7dc244ae9_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\users\red.inc\desktop\adobepatchinstaller.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdSSO.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe\7cf294fffdd5ba41_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\client\appvlp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutodeskDesktopApp.exe DisableExceptionChainValidation REG_DWORD 0x0 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutodeskDesktopApp.exe\a0abc199a56a8e95_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\autodesk\autodesk desktop app\autodeskdesktopapp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe MaxLoaderThreads REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevicesFlow.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvinst.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwgviewr.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehexthost32.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\excel.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerPlugin_32_0_0_387.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_32_0_0_387_Plugin.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_32_0_0_387_Plugin.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe DisableExceptionChainValidation REG_DWORD 0x0 DisableUserModeCallbackFilter REG_DWORD 0x1 MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LICLUA.EXE DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lync.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lync.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\lync.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MiracastView.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe CFGOptions REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\msaccess.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe CFGOptions REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\msoev.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\msotd.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\95d167336309cde7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\msoxmled.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\mspub.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ocpubmgr.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ocpubmgr.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\ocpubmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPREARM.EXE DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\outlook.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop.exe\7aeb7bf0058b562e_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files\adobe\adobe photoshop cc 2014\photoshop.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\powerpnt.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe MitigationOptions REG_QWORD 0x111111 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scm.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scm.exe\7c4a2968b3ad6e67_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\scm\scm.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotocolhost.exe DisableExceptionChainValidation REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\setlang.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe MinimumStackCommitInBytes REG_DWORD 0x8000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UninstallTool.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wddmstatus.exe UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wddmstatus.exe\bc4759c962c75333_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\western digital\wd quick view\wddmstatus.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe MitigationOptions REG_QWORD 0x100 UseFilter REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\1e1c5134fc9439c7_PD Debugger REG_SZ "C:\Program Files\Avast Software\Cleanup\autoreactivator.exe" FilterFullPath REG_SZ c:\program files (x86)\microsoft office\root\office16\winword.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe DisableExceptionChainValidation REG_DWORD 0x3 ========= Koniec CMD: ========= ==== Koniec Fixlog 13:34:33 ====