Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-11-2015
Uruchomiony przez Admi (2015-11-08 18:11:40) Run:1
Uruchomiony z C:\Users\Admi\Downloads\do posta
Załadowane profile: Admi (Dostępne profile: Admi)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
CMD: type C:\ProgramData\ntuser.pol
CMD: type C:\WINDOWS\system32\GroupPolicy\Machine\registry.pol
Folder: C:\WINDOWS\SysWOW64\GroupPolicy
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer22.exe [236816 2015-11-02] (MustangService)
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S3 WinRing0_1_2_0; \??\D:\Programy\Game Booster 3\Driver\WinRing0x64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Task: {6DB627A7-88B1-42BD-BAAD-C0E978452BC3} - System32\Tasks\Game_Booster_AutoUpdate => D:\Programy\Game Booster 3\AutoUpdate.exe
Task: {AB5E88A3-73B3-43FD-BE46-DCB36255D33A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {CE7621B1-39E6-4169-97EB-2F696E4E7D59} - System32\Tasks\{0702B832-8C50-4A4E-A39C-C1C132FBC554} => pcalua.exe -a "C:\Users\Admi\Downloads\ZOO TYCOON 2 - WYMARŁE GATUNKI.exe" -d C:\Users\Admi\Downloads
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446069580&z=d3320df65dba55ead301d81g8zcz5q9eeq1t9wcb8e&from=amt&uid=hgstxhts545050a7e380_te85134n0tw4ur0tw4urx&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446069580&z=d3320df65dba55ead301d81g8zcz5q9eeq1t9wcb8e&from=amt&uid=hgstxhts545050a7e380_te85134n0tw4ur0tw4urx&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3822102861-3475623652-1124612162-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
C:\Program Files (x86)\29e423e1-950b-4b90-8c8e-e184997f307f
C:\Program Files (x86)\96a7bc03-abfe-4be7-8cf3-3818fdb269ec
C:\Program Files (x86)\mbot_pl_014010129
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\*.bdinstall.bin
C:\ProgramData\TempMoudleSet
C:\ProgramData\TEMP
C:\Users\Admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx
C:\Users\Admi\AppData\Local\Mozilla
C:\Users\Admi\AppData\Local\Opera Software
C:\Users\Admi\AppData\Roaming\ClassicShell\Pinned\DAEMON Tools Lite.lnk
C:\Users\Admi\AppData\Roaming\DAEMON Tools Lite
C:\Users\Admi\AppData\Roaming\Mozilla
C:\Users\Admi\AppData\Roaming\Opera Software
C:\WINDOWS\Tasks\ImCleanDisabled
C:\WINDOWS\system32\FxsTmp
C:\WINDOWS\system32\log
C:\WINDOWS\system32\Drivers\etc\hp.bak
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SFAUpdater /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Smart File Advisor" /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.

=========  type C:\ProgramData\ntuser.pol =========

PReg   [ S o f t w a r e \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s \ G r o u p   P o l i c y   O b j e c t s \ L o k a l n e   z a s a d y   g r u p y   ; * * C o m m e n t : G P O   N a m e :   L o k a l n e   z a s a d y   g r u p y   ;    ;     ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r E n a b l e d   ;    ;    ; 1   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r K e y w o r d   ;    ;    ; g o o g l e   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r N a m e   ;    ;    ; G o o g l e   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r S e a r c h U R L   ;    ; �   ; h t t p : / / s . c o l d s e a r c h . c o m / w e b ? t y p e = d s & t s = 1 4 4 6 4 6 5 6 8 9 & p i d = e t c 1 1 0 2 & u i d = 0 6 3 9 b d 8 5 - 3 a 9 7 - 4 a 6 3 - 8 7 3 1 - a 7 3 6 b 4 9 c 8 a d f & q = { s e a r c h T e r m s }   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ E x t e n s i o n I n s t a l l F o r c e l i s t   ; 1   ;    ; �   ; j c g c o i f b k b p h h j n e k f k m o h k l f a i m h i k k ; h t t p s : / / c l i e n t s 2 . g o o g l e . c o m / s e r v i c e / u p d a t e 2 / c r x   ] 
========= Koniec  CMD: =========


=========  type C:\WINDOWS\system32\GroupPolicy\Machine\registry.pol =========

PReg   [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r E n a b l e d   ;    ;    ; 1   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r K e y w o r d   ;    ;    ; g o o g l e   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r N a m e   ;    ;    ; G o o g l e   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; D e f a u l t S e a r c h P r o v i d e r S e a r c h U R L   ;    ; �   ; h t t p : / / s . c o l d s e a r c h . c o m / w e b ? t y p e = d s & t s = 1 4 4 6 4 6 5 6 8 9 & p i d = e t c 1 1 0 2 & u i d = 0 6 3 9 b d 8 5 - 3 a 9 7 - 4 a 6 3 - 8 7 3 1 - a 7 3 6 b 4 9 c 8 a d f & q = { s e a r c h T e r m s }   ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ E x t e n s i o n I n s t a l l F o r c e l i s t   ; 1   ;    ; �   ; j c g c o i f b k b p h h j n e k f k m o h k l f a i m h i k k ; h t t p s : / / c l i e n t s 2 . g o o g l e . c o m / s e r v i c e / u p d a t e 2 / c r x   ] 
========= Koniec  CMD: =========


========================= Folder: C:\WINDOWS\SysWOW64\GroupPolicy ========================

2015-11-02 13:01 - 2015-11-06 00:37 - 0000011 _____ () C:\WINDOWS\SysWOW64\GroupPolicy\gpt.ini

====== Koniec  Folder: ======

MustangService_2015_10_10 => serwis pomyślnie usunięto
sptd => serwis pomyślnie usunięto
WinRing0_1_2_0 => serwis pomyślnie usunięto
X5XSEx_Pr143 => serwis pomyślnie usunięto
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Wartość pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DB627A7-88B1-42BD-BAAD-C0E978452BC3}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DB627A7-88B1-42BD-BAAD-C0E978452BC3}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\Game_Booster_AutoUpdate => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => klucz pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB5E88A3-73B3-43FD-BE46-DCB36255D33A} => klucz nie znaleziono. 
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => klucz nie znaleziono. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7621B1-39E6-4169-97EB-2F696E4E7D59}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7621B1-39E6-4169-97EB-2F696E4E7D59}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{0702B832-8C50-4A4E-A39C-C1C132FBC554} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0702B832-8C50-4A4E-A39C-C1C132FBC554}" => klucz pomyślnie usunięto
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
"HKLM\SOFTWARE\Policies\Google" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKU\S-1-5-21-3822102861-3475623652-1124612162-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}" => klucz pomyślnie usunięto
HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => klucz pomyślnie usunięto
"HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => klucz pomyślnie usunięto
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => klucz pomyślnie usunięto
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. 
C:\Program Files (x86)\29e423e1-950b-4b90-8c8e-e184997f307f => pomyślnie przeniesiono
C:\Program Files (x86)\96a7bc03-abfe-4be7-8cf3-3818fdb269ec => pomyślnie przeniesiono
C:\Program Files (x86)\mbot_pl_014010129 => pomyślnie przeniesiono
"C:\Program Files (x86)\Mozilla Firefox" => nie znaleziono.

=========== "C:\ProgramData\*.bdinstall.bin" ==========

C:\ProgramData\1433013672.bdinstall.bin => pomyślnie przeniesiono
C:\ProgramData\1437680008.bdinstall.bin => pomyślnie przeniesiono
C:\ProgramData\1437680015.bdinstall.bin => pomyślnie przeniesiono

========= Koniec -> "C:\ProgramData\*.bdinstall.bin" ========

C:\ProgramData\TempMoudleSet => pomyślnie przeniesiono
C:\ProgramData\TEMP => pomyślnie przeniesiono
C:\Users\Admi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx => pomyślnie przeniesiono
"C:\Users\Admi\AppData\Local\Mozilla" => nie znaleziono.
"C:\Users\Admi\AppData\Local\Opera Software" => nie znaleziono.
C:\Users\Admi\AppData\Roaming\ClassicShell\Pinned\DAEMON Tools Lite.lnk => pomyślnie przeniesiono
C:\Users\Admi\AppData\Roaming\DAEMON Tools Lite => pomyślnie przeniesiono
C:\Users\Admi\AppData\Roaming\Mozilla => pomyślnie przeniesiono
C:\Users\Admi\AppData\Roaming\Opera Software => pomyślnie przeniesiono
C:\WINDOWS\Tasks\ImCleanDisabled => pomyślnie przeniesiono
C:\WINDOWS\system32\FxsTmp => pomyślnie przeniesiono
C:\WINDOWS\system32\log => pomyślnie przeniesiono
C:\WINDOWS\system32\Drivers\etc\hp.bak => pomyślnie przeniesiono

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKCU\Software\Mozilla /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKCU\Software\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Google\Chrome\Extensions /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SFAUpdater /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Smart File Advisor" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Mozilla /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f =========

ERROR: The system was unable to find the specified registry key or value.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========

EmptyTemp: => 494.5 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 18:13:06 ====