Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:07-02-2016 Uruchomiony przez niestetytak (2016-02-14 11:26:05) Run:1 Uruchomiony z C:\Users\niestetytak\Downloads Załadowane profile: niestetytak (Dostępne profile: niestetytak) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {07C216B9-7F8F-4DD0-8C4B-6335588FDC4A} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe Task: {E0EEF62D-70DF-4B83-84AA-F864DEC1AF4F} - System32\Tasks\niestetytakPostfixesIsthmicV2 => Rundll32.exe MicropipetteConsorted.dll,main 7 1 <==== UWAGA HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2395041106-665369320-1206337860-1001\...\MountPoints2: {19c9b1e7-c859-11e5-8267-185e0f053425} - "D:\LaunchU3.exe" -a HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-2395041106-665369320-1206337860-1001 -> DefaultScope {F7D5FD05-173B-48A7-8E35-50CC80FC8BED} URL = SearchScopes: HKU\S-1-5-21-2395041106-665369320-1206337860-1001 -> {F7D5FD05-173B-48A7-8E35-50CC80FC8BED} URL = DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\extensions RemoveDirectory: C:\Users\Public\Pokki RemoveDirectory: C:\Users\niestetytak\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 RemoveDirectory: C:\Users\niestetytak\AppData\Local\PostfixesIsthmic C:\Users\niestetytak\Downloads\*-dp*.exe C:\Users\niestetytak\Downloads\AdwCleaner*.* C:\Users\niestetytak\Downloads\SpyHunter-Installer.exe Folder: C:\Users\Public\Documents\dmp Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07C216B9-7F8F-4DD0-8C4B-6335588FDC4A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07C216B9-7F8F-4DD0-8C4B-6335588FDC4A}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\ByteFence Scan => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0EEF62D-70DF-4B83-84AA-F864DEC1AF4F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0EEF62D-70DF-4B83-84AA-F864DEC1AF4F}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\niestetytakPostfixesIsthmicV2 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\niestetytakPostfixesIsthmicV2" => klucz pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto "HKU\S-1-5-21-2395041106-665369320-1206337860-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19c9b1e7-c859-11e5-8267-185e0f053425}" => klucz pomyślnie usunięto HKCR\CLSID\{19c9b1e7-c859-11e5-8267-185e0f053425} => klucz nie znaleziono. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2395041106-665369320-1206337860-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-2395041106-665369320-1206337860-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7D5FD05-173B-48A7-8E35-50CC80FC8BED}" => klucz pomyślnie usunięto HKCR\CLSID\{F7D5FD05-173B-48A7-8E35-50CC80FC8BED} => klucz nie znaleziono. HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto "C:\AdwCleaner" => pomyślnie usunięto. "C:\extensions" => pomyślnie usunięto. "C:\Users\Public\Pokki" => pomyślnie usunięto. "C:\Users\niestetytak\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108" => pomyślnie usunięto. "C:\Users\niestetytak\AppData\Local\PostfixesIsthmic" => pomyślnie usunięto. =========== "C:\Users\niestetytak\Downloads\*-dp*.exe" ========== C:\Users\niestetytak\Downloads\BESTplayer-12658-dp.exe => pomyślnie przeniesiono C:\Users\niestetytak\Downloads\VLC-media-player-13060-dp.exe => pomyślnie przeniesiono ========= Koniec -> "C:\Users\niestetytak\Downloads\*-dp*.exe" ======== =========== "C:\Users\niestetytak\Downloads\AdwCleaner*.*" ========== C:\Users\niestetytak\Downloads\AdwCleaner 5.033.exe => pomyślnie przeniesiono C:\Users\niestetytak\Downloads\AdwCleaner 5.033.vhdx => pomyślnie przeniesiono ========= Koniec -> "C:\Users\niestetytak\Downloads\AdwCleaner*.*" ======== C:\Users\niestetytak\Downloads\SpyHunter-Installer.exe => pomyślnie przeniesiono ========================= Folder: C:\Users\Public\Documents\dmp ======================== 2016-02-01 15:29 - 2016-02-01 15:29 - 0000000 ____D () C:\Users\Public\Documents\dmp\dl 2016-02-01 15:29 - 2016-02-01 15:29 - 0000000 ____D () C:\Users\Public\Documents\dmp\un ====== Koniec Folder: ====== ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= EmptyTemp: => 2.1 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 11:32:56 ====