Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 21.01.2018 Uruchomiony przez administratorka (24-01-2018 17:32:27) Run:2 Uruchomiony z C:\Users\administratorka\Desktop Załadowane profile: administratorka (Dostępne profile: administratorka) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: C:\Program Files (x86)\BiaoJi C:\ProgramData\2e89a3 C:\ProgramData\3fed80ce-11f1-0 C:\ProgramData\3fed80ce-6ab7-1 C:\ProgramData\f595a9da-09e7-0 C:\ProgramData\f595a9da-27b7-1 C:\ProgramData\f595a9da-4f15-0 C:\ProgramData\f595a9da-5873-0 C:\ProgramData\f595a9da-6717-1 C:\ProgramData\f595a9da-7567-1 C:\ProgramData\595a9da-7627-1 C:\ProgramData\f595a9da-77e3-0 C:\ProgramData\f595a9da-7951-0 C:\ProgramData\{2b155d02-712c-1} C:\ProgramData\{69ee4733-212c-0} C:\ProgramData\{1C91D9F2-96D3-5334-1015-CD768A5746B8} DeleteKey: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\92a8fc28_0 DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\ftp\DefaultIcon|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\ftp\shell\open\command|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\http\DefaultIcon|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\http\shell\open\command|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\https\DefaultIcon|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\https\shell\open\command|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Cupduck\Application\chrome.exe DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo|HideIconsCommand DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo|ShowIconsCommand DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo|ReinstallCommand DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\TaskBarIDs|C:\Program Files (x86)\Firefox DeleteKey: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52c9d0d1_0 DeleteKey: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fca1c7bd_0 DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\FirefoxHTML\DefaultIcon|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\FirefoxHTML\shell\open\command|C:\Program Files (x86)\Firefox\Firefox.exe DeleteValue: HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Firefox\Firefox.exe Task: {1F129FC2-B28B-4F23-95C2-11BDF2DA58D8} - \82F37914-A36A-6A79-9CCE-BAC5980BBB44 -> Brak pliku <==== UWAGA Task: {6A1F19EA-FEA4-4EB4-8C78-71ED288E5F41} - \{F55353F7-257A-4BE2-CE80-ED3F1C1ADC3E} -> Brak pliku <==== UWAGA Task: {701E6EDB-E683-4D57-813D-E256B1808554} - System32\Tasks\{0EDCAC6C-EC6E-4273-9CC9-9C597BBB150D} => D:\Holiday Express\HolidayExpress.exe ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB ShortcutWithArgument: C:\Users\Public\Desktop\Przeglądarka Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476176082&z=5a5e095b84e47c2131f1dc1g1z5mdqdgem4q2e5b3c&from=che0812&uid=ST1000DM003-1SB10C_Z9A2CATBXXXXZ9A2CATB HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA C:\Users\administratorka\Desktop\gierki\Holiday Express.lnk EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Program Files (x86)\BiaoJi => pomyślnie przeniesiono C:\ProgramData\2e89a3 => pomyślnie przeniesiono C:\ProgramData\3fed80ce-11f1-0 => pomyślnie przeniesiono C:\ProgramData\3fed80ce-6ab7-1 => pomyślnie przeniesiono C:\ProgramData\f595a9da-09e7-0 => pomyślnie przeniesiono C:\ProgramData\f595a9da-27b7-1 => pomyślnie przeniesiono C:\ProgramData\f595a9da-4f15-0 => pomyślnie przeniesiono C:\ProgramData\f595a9da-5873-0 => pomyślnie przeniesiono C:\ProgramData\f595a9da-6717-1 => pomyślnie przeniesiono C:\ProgramData\f595a9da-7567-1 => pomyślnie przeniesiono "C:\ProgramData\595a9da-7627-1" => nie znaleziono C:\ProgramData\f595a9da-77e3-0 => pomyślnie przeniesiono C:\ProgramData\f595a9da-7951-0 => pomyślnie przeniesiono C:\ProgramData\{2b155d02-712c-1} => pomyślnie przeniesiono C:\ProgramData\{69ee4733-212c-0} => pomyślnie przeniesiono C:\ProgramData\{1C91D9F2-96D3-5334-1015-CD768A5746B8} => pomyślnie przeniesiono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\92a8fc28_0" => pomyślnie usunięto "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\ftp\DefaultIcon\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\ftp\shell\open\command\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\http\DefaultIcon\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\http\shell\open\command\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\https\DefaultIcon\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\https\shell\open\command\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Cupduck\Application\chrome.exe" => pomyślnie usunięto "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand" => pomyślnie usunięto "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand" => pomyślnie usunięto "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand" => pomyślnie usunięto "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\TaskBarIDs\\C:\Program Files (x86)\Firefox" => pomyślnie usunięto "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52c9d0d1_0" => pomyślnie usunięto "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fca1c7bd_0" => pomyślnie usunięto "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\FirefoxHTML\DefaultIcon\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\FirefoxHTML\shell\open\command\\C:\Program Files (x86)\Firefox\Firefox.exe" => nie znaleziono "HKEY_USERS\S-1-5-21-478647955-3472351390-1182581596-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Firefox\Firefox.exe" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F129FC2-B28B-4F23-95C2-11BDF2DA58D8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F129FC2-B28B-4F23-95C2-11BDF2DA58D8}" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\82F37914-A36A-6A79-9CCE-BAC5980BBB44 => klucz nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A1F19EA-FEA4-4EB4-8C78-71ED288E5F41}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A1F19EA-FEA4-4EB4-8C78-71ED288E5F41}" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F55353F7-257A-4BE2-CE80-ED3F1C1ADC3E} => klucz nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{701E6EDB-E683-4D57-813D-E256B1808554}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{701E6EDB-E683-4D57-813D-E256B1808554}" => pomyślnie usunięto C:\Windows\System32\Tasks\{0EDCAC6C-EC6E-4273-9CC9-9C597BBB150D} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EDCAC6C-EC6E-4273-9CC9-9C597BBB150D}" => pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk => Skrót - argument pomyślnie usunięto C:\Users\Public\Desktop\Przeglądarka Opera.lnk => Skrót - argument pomyślnie usunięto "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => pomyślnie usunięto C:\Users\administratorka\Desktop\gierki\Holiday Express.lnk => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11972454 B Java, Flash, Steam htmlcache => 131072 B Windows/system/drivers => 10230 B Edge => 0 B Chrome => 80762254 B Firefox => 2597617 B Opera => 47603716 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B administratorka => 8448111 B RecycleBin => 0 B EmptyTemp: => 152.5 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 17:32:50 ====