Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 25.04.2018 Uruchomiony przez piokrz (03-05-2018 15:21:54) Run:1 Uruchomiony z C:\Users\piokr\Desktop Załadowane profile: piokrz (Dostępne profile: piokrz) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** HKU\S-1-5-21-1716316380-3118326321-44774493-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [272896 2017-09-29] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-1716316380-3118326321-44774493-1001\...\Command Processor: @mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit <==== UWAGA GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {072F59EF-8F75-4A02-8243-270F4C4C0907} - System32\Tasks\{AF3F5FB2-0C04-40AF-923E-1159F9ABA8FA} => C:\WINDOWS\system32\pcalua.exe -a E:\skoki2002start.exe -d E:\ Task: {C537435F-24CB-49AD-AD58-76BB4C460AD7} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {CBB0B7E7-80C4-4062-981A-25572DCBBA21} - System32\Tasks\{381633F5-8250-4F8C-94D4-1B9027E21F6D} => C:\Windows\system32\pcalua.exe -a D:\epson514374eu.exe -d D:\ SearchScopes: HKU\S-1-5-21-1716316380-3118326321-44774493-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B95A55DAF-A224-48B2-BBDB-2A717FCF714C%7D&gp=855500 FF NewTabOverride: Mozilla\Firefox\Profiles\lt09b10q.default -> Disabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} FF NewTabOverride: Mozilla\Firefox\Profiles\lt09b10q.default -> Disabled: homepage@mail.ru FF NewTab: Mozilla\Firefox\Profiles\lt09b10q.default -> about:newtab FF HomepageOverride: Mozilla\Firefox\Profiles\lt09b10q.default -> Disabled: homepage@mail.ru FF Extension: (Домашняя страница Mail.Ru) - C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\homepage@mail.ru.xpi [2018-01-18] FF Extension: (Поиск Mail.Ru) - C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\search@mail.ru.xpi [2018-01-18] FF Extension: (Пульт) - C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-01-18] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2016-04-04] <==== UWAGA (Linkuje do pliku *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2016-05-10] <==== UWAGA CHR HomePage: Default -> inline.go.mail.ru CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dijfnbhlogmffhgpelodglnnkncadnbi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx EmptyTemp: ***************** "HKU\S-1-5-21-1716316380-3118326321-44774493-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => pomyślnie usunięto "HKU\S-1-5-21-1716316380-3118326321-44774493-1001\Software\Microsoft\Command Processor\\AutoRun" => pomyślnie usunięto C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\User => pomyślnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072F59EF-8F75-4A02-8243-270F4C4C0907}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072F59EF-8F75-4A02-8243-270F4C4C0907}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{AF3F5FB2-0C04-40AF-923E-1159F9ABA8FA} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF3F5FB2-0C04-40AF-923E-1159F9ABA8FA}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C537435F-24CB-49AD-AD58-76BB4C460AD7}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C537435F-24CB-49AD-AD58-76BB4C460AD7}" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niepowodzenie przy usuwaniu. Odmowa dostępu. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBB0B7E7-80C4-4062-981A-25572DCBBA21}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBB0B7E7-80C4-4062-981A-25572DCBBA21}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{381633F5-8250-4F8C-94D4-1B9027E21F6D} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{381633F5-8250-4F8C-94D4-1B9027E21F6D}" => pomyślnie usunięto "HKU\S-1-5-21-1716316380-3118326321-44774493-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => nie znaleziono "Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => pomyślnie usunięto "Firefox NewTabOverride (homepage@mail.ru) " => pomyślnie usunięto "Firefox newtab" => pomyślnie usunięto "Firefox HomepageOverride (homepage@mail.ru) " => pomyślnie usunięto C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\homepage@mail.ru.xpi => pomyślnie przeniesiono C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\search@mail.ru.xpi => pomyślnie przeniesiono C:\Users\piokr\AppData\Roaming\Mozilla\Firefox\Profiles\lt09b10q.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi => pomyślnie przeniesiono C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js => pomyślnie przeniesiono C:\Program Files (x86)\mozilla firefox\mozilla.cfg => pomyślnie przeniesiono "Chrome HomePage" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dijfnbhlogmffhgpelodglnnkncadnbi" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\indjgiebmakhmnaplnlnanodkfiejfjd" => pomyślnie usunięto =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89265466 B Java, Flash, Steam htmlcache => 82972114 B Windows/system/drivers => 15099662 B Edge => 55399 B Chrome => 1448824 B Firefox => 18778506 B Opera => 27606574 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 826 B NetworkService => 136439568 B piokr => 43879952 B RecycleBin => 0 B EmptyTemp: => 405.1 MB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 03-05-2018 15:22:57) Rezultat usuwania kluczy przy restarcie: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => niepowodzenie przy usuwaniu. Odmowa dostępu. ==== Koniec Fixlog 15:22:57 ====