Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by Gocha (13-09-2016 20:25:43) Run:1 Running from C:\FRST Loaded Profiles: Gocha (Available Profiles: Gocha) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Tcpip\..\Interfaces\{400AE538-A0EB-48F6-A88B-DD6C5C2B9337}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{C76F78A3-1DD4-4516-9827-1A4A1B142607}: [DhcpNameServer] 82.163.143.171 BootExecute: autocheck autochk * ffnd.exe {949E979C-EB1F-11DB-92AC-22C456D89593} S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X] S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] U3 uxldqpod; \??\C:\Users\Gocha\AppData\Local\Temp\uxldqpod.sys [X] Task: {2C607913-E77E-46D3-846C-F4CCF0F13111} - \{3A4BFE7D-248E-3448-FD90-B067AA412F6B} -> No File <==== ATTENTION Task: {8A11C8F8-16EC-49A2-95DD-F69B6D1A8B18} - System32\Tasks\AutoPico Daily Restart => D:\Systemowe\Activators\Activators\KMSpico SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe IE trusted site: HKU\S-1-5-21-2176414354-3222065998-314886352-1001\...\hola.org -> hxxp://hola.org GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION DeleteKey: HKCU\Software\Google DeleteKey: HKLM\SOFTWARE\Google DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google C:\Program Files (x86)\Google C:\Program Files (x86)\Zemana AntiMalware C:\Users\Gocha\AppData\Local\Chromium C:\Users\Gocha\AppData\Local\Google C:\Users\Gocha\AppData\Roaming\sb796.dat C:\Windows\ZAM_Guard.krnl.trace C:\Windows\system32\ffnd.exe CMD: ipconfig /flushdns CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{400AE538-A0EB-48F6-A88B-DD6C5C2B9337}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C76F78A3-1DD4-4516-9827-1A4A1B142607}\\DhcpNameServer => value removed successfully hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully PassThru Service => service removed successfully ZAMSvc => service removed successfully ZAM => service removed successfully ZAM_Guard => service removed successfully uxldqpod => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C607913-E77E-46D3-846C-F4CCF0F13111}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C607913-E77E-46D3-846C-F4CCF0F13111}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A4BFE7D-248E-3448-FD90-B067AA412F6B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A11C8F8-16EC-49A2-95DD-F69B6D1A8B18}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A11C8F8-16EC-49A2-95DD-F69B6D1A8B18}" => key removed successfully C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully "HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully "HKU\S-1-5-21-2176414354-3222065998-314886352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKCU\Software\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKCU\Software\Google => key removed successfully HKLM\SOFTWARE\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Google => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\Google => key removed successfully C:\Program Files (x86)\Google => moved successfully C:\Program Files (x86)\Zemana AntiMalware => moved successfully C:\Users\Gocha\AppData\Local\Chromium => moved successfully C:\Users\Gocha\AppData\Local\Google => moved successfully C:\Users\Gocha\AppData\Roaming\sb796.dat => moved successfully C:\Windows\ZAM_Guard.krnl.trace => moved successfully C:\Windows\system32\ffnd.exe => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27179154 B Java, Flash, Steam htmlcache => 2413 B Windows/system/drivers => 435600390 B Edge => 0 B Chrome => 0 B Firefox => 377457986 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 4671 B NetworkService => 7025400 B Gocha => 888421842 B RecycleBin => 0 B EmptyTemp: => 1.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:28:42 ====