Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by Andrzej (30-08-2016 00:44:44) Run:1
Running from C:\Users\Andrzej\Downloads\Programy do czyszczenia\FRST64
Loaded Profiles: Andrzej (Available Profiles: Andrzej)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Andrzej\AppData\Local\Temp\DeleteOnReboot.bat [702 2016-08-29] () <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript C:\windows\run.vbs,
C:\windows\run.vbs,
Task: {1D507981-B916-4B72-A9E6-6F661EFFC1B0} - System32\Tasks\Ghreringuwek Center => C:\Program Files (x86)\Isakphovey\stagle.exe
RemoveDirectory: C:\Program Files (x86)\Isakphovey
RemoveDirectory: C:\Program Files (x86)\Common Files\Sansaillight
RemoveDirectory: C:\Program Files (x86)\Tencent
RemoveDirectory: C:\ProgramData\Quoteex
RemoveDirectory: C:\Program Files\SpyHunter
Task: {5B1365B4-5BCC-4872-8021-6A8F06B8F61C} - \Resage Builder -> No File <==== ATTENTION
Task: {6AF0331B-098A-4234-80D0-843F2D5B56F3} - \{092FA7A6-87BF-4309-B59C-E9878F876B2F} -> No File <==== ATTENTION
Task: {9F6FF44C-92D2-4352-8ACB-EE8FB360E822} - System32\Tasks\{4C74801A-B66D-4F35-9292-6052B0840E78} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Sansaillight\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Sansaillight\uninstall.dat" -a uninstallme 21561E05-6695-4308-AA6B-38E1420BE307 DeviceId=d76e53b7-93ed-007d-5bd0-95fe4ba1c4c9 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {C6244D62-2CAE-4FB8-A8DB-EE9F81B75B64} - \b2929b72a96a471893ecaa9c51368bae -> No File <==== ATTENTION
Task: {DD68DCAE-11BC-4CF3-A611-55D1702E2620} - System32\Tasks\{70ED9FE3-4657-4980-AEDA-901982510344} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\Uninst.exe"
Reg: reg delete HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v svchost0 /f
AppInit_DLLs: C:\ProgramData\Quoteex\Sunzoolax.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Alphabam.dll => No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
OPR Extension: (Sense) - C:\Users\Andrzej\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk [2014-11-24]
S2 SpyHunter 4 Service; C:\Program Files\SpyHunter\SH4Service.exe [797352 2016-07-20] (Enigma Software Group USA, LLC.)
S2 GhreringuwekCenter; C:\Program Files (x86)\Isakphovey\PlewagetofertCnf.dll [X]
S3 esgiguard; C:\Program Files\SpyHunter\esgiguard.sys [16432 2016-07-20] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-27] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2016-07-20] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
C:\Users\Public\Desktop\SpyHunter4.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
C:\Users\Andrzej\Downloads\Spyhunter 4
C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack   Lang PL (2).7z.m68bsin.partial
C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack   Lang PL (1).7z.0at5uvb.partial
C:\Users\Andrzej\AppData\Local\arodeziraphvucerly
C:\windows\system32\Drivers\etc\hp.bak
C:\Users\Andrzej\AppData\Local\Stijtain
C:\Users\Andrzej\AppData\Local\UCBrowser
C:\Users\Andrzej\AppData\Roaming\AirDex.tst
C:\Users\Andrzej\AppData\Roaming\Lotsing.tst
C:\Users\Andrzej\AppData\Roaming\GiftBag.db
C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef
C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StrongRecovery 2.1\Help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
C:\Users\Andrzej\Links\OneDrive.lnk
C:\Users\Andrzej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
:\Users\Public\Desktop\Download StrongRecovery...lnk
C:\Users\Public\Desktop\SpyHunter4.lnk
HOSTS:
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"C:\windows\run.vbs," => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D507981-B916-4B72-A9E6-6F661EFFC1B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D507981-B916-4B72-A9E6-6F661EFFC1B0}" => key removed successfully
C:\windows\System32\Tasks\Ghreringuwek Center => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ghreringuwek Center" => key removed successfully
"C:\Program Files (x86)\Isakphovey" => not found.
"C:\Program Files (x86)\Common Files\Sansaillight" => removed successfully.
"C:\Program Files (x86)\Tencent" => not found.
"C:\ProgramData\Quoteex" => not found.
could not remove "C:\Program Files\SpyHunter\esgiguard.sys" => Scheduled to remove on reboot.
could not remove "C:\Program Files\SpyHunter\Log\SpyHunter4_20160829_082413.log" => Scheduled to remove on reboot.
could not remove "C:\Program Files\SpyHunter" => Scheduled to remove on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B1365B4-5BCC-4872-8021-6A8F06B8F61C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B1365B4-5BCC-4872-8021-6A8F06B8F61C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Resage Builder" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF0331B-098A-4234-80D0-843F2D5B56F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF0331B-098A-4234-80D0-843F2D5B56F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{092FA7A6-87BF-4309-B59C-E9878F876B2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F6FF44C-92D2-4352-8ACB-EE8FB360E822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6FF44C-92D2-4352-8ACB-EE8FB360E822}" => key removed successfully
C:\windows\System32\Tasks\{4C74801A-B66D-4F35-9292-6052B0840E78} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C74801A-B66D-4F35-9292-6052B0840E78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6244D62-2CAE-4FB8-A8DB-EE9F81B75B64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6244D62-2CAE-4FB8-A8DB-EE9F81B75B64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b2929b72a96a471893ecaa9c51368bae" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD68DCAE-11BC-4CF3-A611-55D1702E2620}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD68DCAE-11BC-4CF3-A611-55D1702E2620}" => key removed successfully
C:\windows\System32\Tasks\{70ED9FE3-4657-4980-AEDA-901982510344} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70ED9FE3-4657-4980-AEDA-901982510344}" => key removed successfully

========= reg delete HKU\S-1-5-21-1169792134-2358267525-3225177676-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v svchost0 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========

"C:\ProgramData\Quoteex\Sunzoolax.dll" => Value data removed successfully.
"C:\ProgramData\Quoteex\Alphabam.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found. 
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => key removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => key removed successfully
C:\Users\Andrzej\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk => moved successfully
SpyHunter 4 Service => service not found.
GhreringuwekCenter => service removed successfully
esgiguard => service removed successfully
EsgScanner => service not found.
EsgScanner => service not found.
C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully
"C:\Users\Public\Desktop\SpyHunter4.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4" => not found.
C:\Users\Andrzej\Downloads\Spyhunter 4 => moved successfully
C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack   Lang PL (2).7z.m68bsin.partial => moved successfully
C:\Users\Andrzej\Downloads\SpyHunter 4.23.2.4686 Crack   Lang PL (1).7z.0at5uvb.partial => moved successfully
C:\Users\Andrzej\AppData\Local\arodeziraphvucerly => moved successfully
C:\windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Andrzej\AppData\Local\Stijtain => moved successfully
C:\Users\Andrzej\AppData\Local\UCBrowser => moved successfully
C:\Users\Andrzej\AppData\Roaming\AirDex.tst => moved successfully
C:\Users\Andrzej\AppData\Roaming\Lotsing.tst => moved successfully
C:\Users\Andrzej\AppData\Roaming\GiftBag.db => moved successfully
C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef => moved successfully
C:\Users\Andrzej\AppData\Roaming\45a23766288a8c27628f5c5a39c960ef2 => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StrongRecovery 2.1\Help.lnk => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4" => not found.
C:\Users\Andrzej\Links\OneDrive.lnk => moved successfully
C:\Users\Andrzej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
:\Users\Public\Desktop\Download StrongRecovery...lnk => Error: No automatic fix found for this entry.
"C:\Users\Public\Desktop\SpyHunter4.lnk" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156144936 B
Java, Flash, Steam htmlcache => 18310 B
Windows/system/drivers => 66149391 B
Edge => 0 B
Chrome => 648567867 B
Firefox => 0 B
Opera => 16249438 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 962627 B
NetworkService => 46104 B
Andrzej => 688886246 B

RecycleBin => 46694049363 B
EmptyTemp: => 45 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-08-2016 00:50:53)

C:\Program Files\SpyHunter\esgiguard.sys => removed successfully
C:\Program Files\SpyHunter\Log\SpyHunter4_20160829_082413.log => removed successfully
C:\Program Files\SpyHunter => removed successfully

==== End of Fixlog 00:50:53 ====