Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:17-12-2015 Uruchomiony przez Marcin (2015-12-19 16:14:26) Run:2 Uruchomiony z C:\Users\Marcin\Downloads Załadowane profile: Marcin (Dostępne profile: Marcin) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" S3 4F966B02736503C9; C:\WINDOWS\TEMP\160C40E.sys [165104 2015-12-16] () S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-16] () S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.) Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\Program Files\DrWeb RemoveDirectory: C:\Program Files\Common Files\Doctor Web RemoveDirectory: C:\Program Files\Common Files\McAfee RemoveDirectory: C:\Program Files (x86)\SFK RemoveDirectory: C:\ProgramData\Doctor Web RemoveDirectory: C:\ProgramData\gWMiniProg RemoveDirectory: C:\ProgramData\McAfee RemoveDirectory: C:\Users\Marcin\AppData\Roaming\TSv RemoveDirectory: C:\Users\Marcin\Doctor Web RemoveDirectory: C:\Windows\System32\Tasks\Doctor Web RemoveDirectory: C:\Windows\System32\Tasks\McAfee C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Windows\system32\Drivers\dw_wfp.sys.delete-later-189796 C:\Windows\System32\Drivers\EsgScanner.sys C:\Windows\System32\drivers\mfeelamk.sys C:\Windows\SysWOW64\data.bin C:\Windows\SysWOW64\pl.html CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Błąd: (0) Nie udało się utworzyć punktu przywracania. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => klucz nie znaleziono. 4F966B02736503C9 => serwis nie znaleziono. EsgScanner => serwis pomyślnie usunięto mfeelamk => serwis pomyślnie usunięto ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto "C:\Program Files\DrWeb" => pomyślnie usunięto. "C:\Program Files\Common Files\Doctor Web" => pomyślnie usunięto. "C:\Program Files\Common Files\McAfee" => pomyślnie usunięto. "C:\Program Files (x86)\SFK" => pomyślnie usunięto. "C:\ProgramData\Doctor Web" => pomyślnie usunięto. "C:\ProgramData\gWMiniProg" => pomyślnie usunięto. "C:\ProgramData\McAfee" => pomyślnie usunięto. "C:\Users\Marcin\AppData\Roaming\TSv" => pomyślnie usunięto. "C:\Users\Marcin\Doctor Web" => pomyślnie usunięto. "C:\Windows\System32\Tasks\Doctor Web" => pomyślnie usunięto. "C:\Windows\System32\Tasks\McAfee" => pomyślnie usunięto. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\Windows\system32\Drivers\dw_wfp.sys.delete-later-189796 => pomyślnie przeniesiono C:\Windows\System32\Drivers\EsgScanner.sys => pomyślnie przeniesiono C:\Windows\System32\drivers\mfeelamk.sys => pomyślnie przeniesiono C:\Windows\SysWOW64\data.bin => pomyślnie przeniesiono C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 410 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 16:14:35 ====