Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-08-2017 Uruchomiony przez Maciej (26-08-2017 13:28:34) Run:1 Uruchomiony z C:\Users\Maciej\Downloads Załadowane profile: Maciej (Dostępne profile: Maciej) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-11-02] (BitDefender S.R.L.) MSCONFIG\startupfolder: C:^Users^Maciej^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: Advanced SystemCare Ultimate => "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /Auto MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h MSCONFIG\startupreg: FixCamera => MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: Komunikator => C:\Program Files (x86)\Tlen.pl\tlen.exe MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe MSCONFIG\startupreg: MotoCast => MSCONFIG\startupreg: Nvtmru => MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" MSCONFIG\startupreg: tsnpstd3 => MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\Winampa.exe" ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> Brak pliku ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> Brak pliku ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku Task: {7972D1C0-6018-4427-AB70-88E4AF008CE6} - System32\Tasks\ASCU10_SkipUac_Maciej => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe Task: {AB3FC8B5-4F8A-425E-833F-831E43626ADD} - System32\Tasks\{0146F64C-7D84-46A1-AE4C-F4B7FDA6D712} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Games\Call of Atlantis Treasures of Poseidon CE\Uninstall.exe" Task: {CE203930-0DC2-4748-8992-4CCE8B4DBDF1} - System32\Tasks\ASCU10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe Task: {EECDC594-8F1A-4C88-9490-81468EA13B08} - System32\Tasks\{AA203FB5-229E-4B6C-93F1-3766330FA399} => C:\Windows\system32\pcalua.exe -a C:\Users\Maciej\Downloads\JDownloader2Setup64Bit.exe -d C:\Users\Maciej\Downloads HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-119396996-3710650731-1695599349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crytek Studios C:\Users\Maciej\AppData\Roaming\temp.ini C:\Users\Maciej\AppData\Local\housecall.guid.cache C:\Windows\System32\DRIVERS\TRUFOS.sys Folder: C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} Folder: C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} Folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} Folder: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} Folder: C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\System\CurrentControlSet\Services\Trufos => klucz pomyślnie usunięto Trufos => serwis pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Maciej^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => klucz pomyślnie usunięto C:\Windows\pss\MyPC Backup.lnk.Startup => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare Ultimate => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: FixCamera => => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Komunikator => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes TrayApp => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: MotoCast => => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Nvtmru => => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: tsnpstd3 => => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent => klucz pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => klucz nie znaleziono. HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8} => klucz nie znaleziono. HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7972D1C0-6018-4427-AB70-88E4AF008CE6} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7972D1C0-6018-4427-AB70-88E4AF008CE6} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\ASCU10_SkipUac_Maciej => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASCU10_SkipUac_Maciej => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB3FC8B5-4F8A-425E-833F-831E43626ADD} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB3FC8B5-4F8A-425E-833F-831E43626ADD} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{0146F64C-7D84-46A1-AE4C-F4B7FDA6D712} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0146F64C-7D84-46A1-AE4C-F4B7FDA6D712} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE203930-0DC2-4748-8992-4CCE8B4DBDF1} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE203930-0DC2-4748-8992-4CCE8B4DBDF1} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\ASCU10_PerformanceMonitor => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASCU10_PerformanceMonitor => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EECDC594-8F1A-4C88-9490-81468EA13B08} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EECDC594-8F1A-4C88-9490-81468EA13B08} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{AA203FB5-229E-4B6C-93F1-3766330FA399} => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA203FB5-229E-4B6C-93F1-3766330FA399} => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => klucz pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-119396996-3710650731-1695599349-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono Chrome HomePage => pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crytek Studios => pomyślnie przeniesiono C:\Users\Maciej\AppData\Roaming\temp.ini => pomyślnie przeniesiono C:\Users\Maciej\AppData\Local\housecall.guid.cache => pomyślnie przeniesiono C:\Windows\System32\DRIVERS\TRUFOS.sys => pomyślnie przeniesiono ========================= Folder: C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} ======================== 2014-08-02 16:47 - 2014-08-02 16:47 - 093618176 ____N () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi ====== Koniec Folder: ====== ========================= Folder: C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} ======================== 2016-05-01 17:31 - 2016-05-01 17:31 - 000000065 __RSH () C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}\desktop.ini ====== Koniec Folder: ====== ========================= Folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} ======================== ====== Koniec Folder: ====== ========================= Folder: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} ======================== 2016-11-22 19:38 - 2016-11-22 19:38 - 000000065 __RSH () C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}\desktop.ini ====== Koniec Folder: ====== ========================= Folder: C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} ======================== 2016-05-01 17:31 - 2016-05-01 17:31 - 000000063 _____ () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}\desktop.ini ====== Koniec Folder: ====== ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4884473 B Java, Flash, Steam htmlcache => 28766242 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 392351595 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Maciej => 76144946 B UpdatusUser => 0 B RecycleBin => 0 B EmptyTemp: => 486.9 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 13:29:28 ====