Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 08-05-2017 Uruchomiony przez Angela (09-05-2017 18:58:25) Run:1 Uruchomiony z C:\Users\Angela\Desktop\FRST Załadowane profile: Angela (Dostępne profile: Angela & Bartek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {078CBCCD-0A46-411C-BBF7-4F0AFE3ED89F} - \SCCSpeedBoot -> Brak pliku <==== UWAGA Task: {3825AB0D-1F39-4341-8095-095397A3AD42} - \{42563A93-3326-421D-A0B1-8B4DDCEB7D8E} -> Brak pliku <==== UWAGA Task: {398EEFF9-939A-4CF1-A995-CF01B618954F} - System32\Tasks\Update\cryptex => C:\Users\Samsung\AppData\Local\Temp\ariana.exe <==== UWAGA Task: {4659CF3E-3D29-4C49-AF70-358599729E29} - \EasySettings -> Brak pliku <==== UWAGA Task: {4DB50C23-3761-45AE-9042-081C287B34E2} - \Adobe Flash Player Updater -> Brak pliku <==== UWAGA Task: {510BEFB7-DAE2-42C9-B35A-4988566D6F87} - \SAgent -> Brak pliku <==== UWAGA Task: {BC7CBA99-0358-464C-BD78-F41AB0B679AE} - \Opera scheduled Autoupdate 1429768718 -> Brak pliku <==== UWAGA Task: {DBC641F2-8C9E-496E-A753-F8D3650A13B1} - \WLANStartup -> Brak pliku <==== UWAGA Task: {DCE5BA10-9752-44C6-B18F-29FEEEE6FD11} - \EasySettings_config -> Brak pliku <==== UWAGA HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avast_free_antivirus_setup_online_dobreprogramy.exe: [Debugger] C:\ProgramData\648411\sysmon.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\fiddler.exe: [Debugger] C:\ProgramData\648411\sysmon.exe IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\MSASCui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\regedit.exe: [Debugger] C:\ProgramData\648411\sysmon.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe GroupPolicyScripts: Ograniczenia <======= UWAGA GroupPolicyScripts-x32: Ograniczenia <======= UWAGA SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = HKU\S-1-5-21-2141313226-3810806181-3511824924-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_08a9e06b_1201_1403_20160816_PL_ie_sp_ SearchScopes: HKU\S-1-5-21-2141313226-3810806181-3511824924-1004 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_08a9e06b_1201_1403_20160816_PL_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms} S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X] 2017-04-30 22:50 - 2017-04-30 22:50 - 01253040 _____ ( ) C:\Users\Bartek\Downloads\Memtest86-12556-AsystentPobierania.exe 2017-04-30 22:21 - 2017-04-30 22:21 - 05186048 _____ C:\Users\Bartek\Downloads\WindowsDefender(dobreprogramy.pl).msi Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt /s EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{078CBCCD-0A46-411C-BBF7-4F0AFE3ED89F} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{078CBCCD-0A46-411C-BBF7-4F0AFE3ED89F} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SCCSpeedBoot => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3825AB0D-1F39-4341-8095-095397A3AD42} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3825AB0D-1F39-4341-8095-095397A3AD42} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42563A93-3326-421D-A0B1-8B4DDCEB7D8E} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{398EEFF9-939A-4CF1-A995-CF01B618954F} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398EEFF9-939A-4CF1-A995-CF01B618954F} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Update\cryptex => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\cryptex => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4659CF3E-3D29-4C49-AF70-358599729E29} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4659CF3E-3D29-4C49-AF70-358599729E29} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasySettings => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DB50C23-3761-45AE-9042-081C287B34E2} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB50C23-3761-45AE-9042-081C287B34E2} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{510BEFB7-DAE2-42C9-B35A-4988566D6F87} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510BEFB7-DAE2-42C9-B35A-4988566D6F87} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SAgent => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BC7CBA99-0358-464C-BD78-F41AB0B679AE} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC7CBA99-0358-464C-BD78-F41AB0B679AE} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1429768718 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBC641F2-8C9E-496E-A753-F8D3650A13B1} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBC641F2-8C9E-496E-A753-F8D3650A13B1} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WLANStartup => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCE5BA10-9752-44C6-B18F-29FEEEE6FD11} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE5BA10-9752-44C6-B18F-29FEEEE6FD11} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasySettings_config => klucz pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Wartość pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avast_free_antivirus_setup_online_dobreprogramy.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fiddler.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\regedit.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => klucz pomyślnie usunięto HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => klucz pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\SysWOW64\GroupPolicy\Machine => pomyślnie przeniesiono HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-21-2141313226-3810806181-3511824924-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2141313226-3810806181-3511824924-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => klucz pomyślnie usunięto HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => klucz nie znaleziono. HKLM\System\CurrentControlSet\Services\FairplayKD => klucz pomyślnie usunięto FairplayKD => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\nvlddmkm => klucz pomyślnie usunięto nvlddmkm => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\nvpciflt => klucz pomyślnie usunięto nvpciflt => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => klucz pomyślnie usunięto WinRing0_1_2_0 => serwis pomyślnie usunięto C:\Users\Bartek\Downloads\Memtest86-12556-AsystentPobierania.exe => pomyślnie przeniesiono C:\Users\Bartek\Downloads\WindowsDefender(dobreprogramy.pl).msi => pomyślnie przeniesiono ========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt DisplayName REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-205 ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Description REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-204 ObjectName REG_SZ localSystem ErrorControl REG_DWORD 0x0 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ RPCSS ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll ServiceMain REG_SZ ServiceMain ========= Koniec Reg: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82936543 B Java, Flash, Steam htmlcache => 97197155 B Windows/system/drivers => 475057909 B Edge => 0 B Chrome => 78089429 B Firefox => 384526470 B Opera => 72220467 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 116959287 B systemprofile32 => 2656857 B LocalService => 66228 B NetworkService => 66228 B UpdatusUser => 0 B Angela => 9181685468 B Bartek => 520591293 B RecycleBin => 3982564191 B EmptyTemp: => 14 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 19:10:17 ====