Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02-11-2017 Uruchomiony przez Pu$hok (04-11-2017 22:06:17) Run:1 Uruchomiony z C:\Users\Pu$hok\Desktop Załadowane profile: Pu$hok (Dostępne profile: Pu$hok) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: CustomCLSID: HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pu$hok\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pu$hok\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pu$hok\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Brak pliku Task: {CA5D0F44-9412-4B1B-A95D-4167920B488F} - System32\Tasks\up2news1comrioalz => C:\Program Files\Opera\48.0.2685.52\opera.exe [2017-10-26] (Opera Software) Task: {83F92EB1-3CDE-40EC-974E-CB8B17B19EDA} - System32\Tasks\citpth => C:\Users\Pu$hok\AppData\Local\wriwk.bat <==== UWAGA Task: {902B0F36-FF69-4A11-8F04-1A82D766244D} - System32\Tasks\gbnqmhxcpbfm => C:\Users\Pu$hok\AppData\Local\uphaxsanemlm.bat <==== UWAGA C:\Users\Pu$hok\AppData\Local\wriwk.bat C:\Users\Pu$hok\AppData\Local\uphaxsanemlm.bat GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA HKU\S-1-5-21-2695318375-2183935987-1297418613-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-21-2695318375-2183935987-1297418613-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__171015__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-2695318375-2183935987-1297418613-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B121F8A96-A13D-4639-9BDB-4B0BB7B2ADB5%7D&gp=811142 R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] C:\Users\Pu$hok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Sandbox\Uninstall World of Tanks - Sandbox.lnk C:\Users\Pu$hok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Sandbox\World of Tanks - Sandbox.lnk DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Pu$hok\AppData\Local\Mozilla C:\Users\Pu$hok\AppData\Roaming\Mozilla C:\Users\Pu$hok\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Pu$hok\AppData\Local CMD: dir /a C:\Users\Pu$hok\AppData\LocalLow CMD: dir /a C:\Users\Pu$hok\AppData\Roaming Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => klucz pomyślnie usunięto HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => klucz pomyślnie usunięto HKU\S-1-5-21-2695318375-2183935987-1297418613-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA5D0F44-9412-4B1B-A95D-4167920B488F} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA5D0F44-9412-4B1B-A95D-4167920B488F} => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\up2news1comrioalz => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\up2news1comrioalz => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83F92EB1-3CDE-40EC-974E-CB8B17B19EDA} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83F92EB1-3CDE-40EC-974E-CB8B17B19EDA} => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\citpth => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\citpth => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{902B0F36-FF69-4A11-8F04-1A82D766244D} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902B0F36-FF69-4A11-8F04-1A82D766244D} => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\gbnqmhxcpbfm => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gbnqmhxcpbfm => klucz pomyślnie usunięto "C:\Users\Pu$hok\AppData\Local\wriwk.bat" => nie znaleziono. "C:\Users\Pu$hok\AppData\Local\uphaxsanemlm.bat" => nie znaleziono. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\User => pomyślnie przeniesiono HKU\S-1-5-21-2695318375-2183935987-1297418613-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2695318375-2183935987-1297418613-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => klucz nie znaleziono. HKU\S-1-5-21-2695318375-2183935987-1297418613-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => klucz nie znaleziono. HKLM\System\CurrentControlSet\Services\ibtsiva => klucz pomyślnie usunięto ibtsiva => serwis pomyślnie usunięto C:\Users\Pu$hok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Sandbox\Uninstall World of Tanks - Sandbox.lnk => pomyślnie przeniesiono C:\Users\Pu$hok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks - Sandbox\World of Tanks - Sandbox.lnk => pomyślnie przeniesiono HKCU\Software\Mozilla => klucz pomyślnie usunięto HKCU\Software\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto C:\Users\Pu$hok\AppData\Local\Mozilla => pomyślnie przeniesiono C:\Users\Pu$hok\AppData\Roaming\Mozilla => pomyślnie przeniesiono "C:\Users\Pu$hok\AppData\Roaming\Profiles" => nie znaleziono. ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Program Files (x86) 04.11.2017 19:10 . 04.11.2017 19:10 .. 03.11.2017 23:17 ASUS 03.11.2017 12:29 Common Files 18.03.2017 22:01 174 desktop.ini 07.03.2017 16:18 Genesys Logic 03.11.2017 22:21 InstallShield Installation Information 13.10.2017 17:12 Intel 18.10.2017 20:25 Internet Explorer 14.11.2016 03:29 Microsoft Office 07.03.2017 16:26 Microsoft SQL Server Compact Edition 07.03.2017 16:26 Microsoft Synchronization Services 13.10.2017 17:55 Microsoft.NET 13.10.2017 18:38 MSBuild 03.11.2017 22:48 NVIDIA Corporation 07.03.2017 16:20 Realtek 13.10.2017 18:38 Reference Assemblies 01.11.2017 14:43 Rockstar Games 04.11.2017 21:04 Steam 14.11.2016 03:32 TeamViewer 07.03.2017 16:20 Temp 13.10.2017 17:53 Uninstall Information 15.10.2017 12:57 uTorrent 03.11.2017 22:48 VulkanRT 18.10.2017 20:25 Windows Defender 13.10.2017 18:50 Windows Mail 18.10.2017 20:25 Windows Media Player 18.03.2017 22:03 Windows Multimedia Platform 18.03.2017 22:03 Windows NT 18.10.2017 20:25 Windows Photo Viewer 18.03.2017 22:03 Windows Portable Devices 18.03.2017 22:03 Windows Sidebar 18.03.2017 22:03 WindowsPowerShell 1 File(s) 174 bytes 32 Dir(s) 151˙606˙366˙208 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Program Files\Common Files\System 18.10.2017 20:25 . 18.10.2017 20:25 .. 18.10.2017 20:25 ado 18.03.2017 21:59 32˙768 DirectDB.dll 13.10.2017 18:44 en-GB 20.03.2017 04:59 en-US 18.10.2017 20:25 msadc 18.10.2017 20:25 Ole DB 20.03.2017 04:59 pl-PL 13.10.2017 18:42 sk-SK 18.03.2017 21:57 854˙528 wab32.dll 18.03.2017 21:57 964˙096 wab32res.dll 3 File(s) 1˙851˙392 bytes 9 Dir(s) 151˙606˙366˙208 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Program Files (x86)\Common Files\System 18.10.2017 20:25 . 18.10.2017 20:25 .. 18.10.2017 20:25 ado 18.03.2017 21:59 27˙648 DirectDB.dll 13.10.2017 18:44 en-GB 20.03.2017 04:59 en-US 18.10.2017 20:25 msadc 18.10.2017 20:25 Ole DB 20.03.2017 04:59 pl-PL 13.10.2017 18:42 sk-SK 18.03.2017 21:58 741˙888 wab32.dll 18.03.2017 21:58 964˙096 wab32res.dll 3 File(s) 1˙733˙632 bytes 9 Dir(s) 151˙606˙366˙208 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\ProgramData 03.11.2017 22:51 . 03.11.2017 22:51 .. 15.10.2017 12:42 Application Data 03.11.2017 23:14 ASUS 16.07.2016 12:47 Comms 03.11.2017 22:21 CyberLink 13.10.2017 18:02 Dane aplikacji [C:\ProgramData] 13.10.2017 18:02 Dokumenty [C:\Users\Public\Documents] 13.10.2017 17:53 0 DP45977C.lfl 31.10.2017 23:48 EA Core 31.10.2017 23:48 Electronic Arts 07.03.2017 16:28 install_clap 13.10.2017 17:12 Intel 07.03.2017 16:24 Intel Security 14.11.2016 03:29 Kingsoft 25.10.2017 17:38 McAfee 13.10.2017 18:02 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 13.10.2017 18:41 Microsoft 13.10.2017 18:07 Microsoft OneDrive 04.11.2017 22:06 NVIDIA 03.11.2017 22:54 NVIDIA Corporation 03.11.2017 22:51 Package Cache 13.10.2017 18:02 Pulpit [C:\Users\Public\Desktop] 29.10.2017 09:25 regid.1991-06.com.microsoft 07.03.2017 16:19 Roaming 01.11.2017 14:45 Socialclub 18.03.2017 22:03 SoftwareDistribution 31.10.2017 21:54 SplitMediaLabs 01.11.2017 12:03 Steam 13.10.2017 18:02 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 07.03.2017 16:28 Temp 13.10.2017 17:10 USBChargerPlus 13.10.2017 18:06 USOPrivate 13.10.2017 18:06 USOShared 20.03.2017 05:01 WindowsHolographicDevices 1 File(s) 0 bytes 34 Dir(s) 151˙606˙362˙112 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Pu$hok\AppData\Local ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Users\Pu$hok\AppData\Local 04.11.2017 22:06 . 04.11.2017 22:06 .. 15.10.2017 15:20 Adobe 13.10.2017 18:43 CEF 13.10.2017 17:26 Comms 13.10.2017 17:11 ConnectedDevicesPlatform 03.11.2017 23:12 CrashDumps 13.10.2017 17:10 Crashpad 13.10.2017 17:54 Dane aplikacji [C:\Users\Pu$hok\AppData\Local] 13.10.2017 19:30 DBG 13.10.2017 17:54 Historia [C:\Users\Pu$hok\AppData\Local\Microsoft\Windows\History] 04.11.2017 20:34 313˙577 IconCache.db 03.11.2017 22:19 kingsoft 31.10.2017 21:45 Microsoft 04.11.2017 14:27 NVIDIA 04.11.2017 12:47 NVIDIA Corporation 13.10.2017 18:09 Opera Software 13.10.2017 18:41 Packages 14.10.2017 03:20 Programs 13.10.2017 18:13 Publishers 01.11.2017 14:45 Rockstar Games 13.10.2017 22:38 SS22.0.33 13.10.2017 22:38 Steam 04.11.2017 22:04 Temp 13.10.2017 17:54 Temporary Internet Files [C:\Users\Pu$hok\AppData\Local\Microsoft\Windows\INetCache] 03.11.2017 12:28 Tibia 13.10.2017 17:10 TileDataLayer 31.10.2017 21:54 Unity 13.10.2017 17:10 VirtualStore 13.10.2017 17:13 Web Assets 1 File(s) 313˙577 bytes 29 Dir(s) 151˙606˙349˙824 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Pu$hok\AppData\LocalLow ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Users\Pu$hok\AppData\LocalLow 31.10.2017 21:52 . 31.10.2017 21:52 .. 15.10.2017 15:20 Microsoft 03.11.2017 22:26 Mozilla 31.10.2017 21:54 Unity 15.10.2017 12:54 uTorrent 0 File(s) 0 bytes 6 Dir(s) 151˙606˙353˙920 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Pu$hok\AppData\Roaming ========= Volume in drive C is OS Volume Serial Number is 9662-EA3A Directory of C:\Users\Pu$hok\AppData\Roaming 04.11.2017 22:06 . 04.11.2017 22:06 .. 13.10.2017 17:10 Adobe 14.10.2017 22:24 Brotsoft 15.10.2017 12:46 DVDVideoSoft 14.10.2017 22:23 39˙293˙312 gameboxsetup.exe 13.10.2017 17:10 Intel 03.11.2017 22:19 kingsoft 13.10.2017 17:13 Macromedia 04.11.2017 19:05 Microsoft 03.11.2017 22:48 NVIDIA 13.10.2017 18:09 Opera Software 15.10.2017 17:28 Skype 04.11.2017 18:13 TS3Client 01.11.2017 14:33 uTorrent 13.10.2017 18:42 Wargaming.net 13.10.2017 21:29 WinRAR 1 File(s) 39˙293˙312 bytes 16 Dir(s) 151˙606˙349˙824 bytes free ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 7364608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16175126 B Java, Flash, Steam htmlcache => 101749228 B Windows/system/drivers => 9595515 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 466411774 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 72530 B systemprofile32 => 128 B LocalService => 28050 B NetworkService => 48884 B Pu$hok => 394442933 B RecycleBin => 8263248 B EmptyTemp: => 957.6 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 22:06:49 ====