Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-03-2016 01 Uruchomiony przez Agata (2016-04-07 21:24:42) Run:1 Uruchomiony z C:\Users\Agata\Downloads Załadowane profile: Agata (Dostępne profile: Agata) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite Automount" /f HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKU\S-1-5-21-1391875746-577248832-3267673664-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF HKLM-x32\...\Run: [] => [X] BootExecute: autocheck autochk * bootdelete ManualProxies: Tcpip\..\Interfaces\{5b4a9d77-9cdb-4475-b276-2776b130a1ae}: [DhcpNameServer] 40.54.1.16 S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.) Task: {0C1B3FF8-5D95-4028-BF08-9D35E7833511} - System32\Tasks\{F25B2057-D00E-4B9B-BA14-663442D6A760} => pcalua.exe -a C:\Users\Agata\AppData\Roaming\WarThunder\Uninstaller.exe -c /Run /ePN:0W1T1C0T1M2Y1G1Q1P1C Task: {1A0EEC8C-AB4F-49C5-85BE-4E31589FB20E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {1B5A5CDD-6D80-4362-BE6D-7AFBAA6875A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {2157C308-5827-4951-BD38-EF0C998B3585} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {25CDC5F6-22C0-4744-BFC5-4535A1FE9928} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\Download\E9207EB106E716ACFD3B51D391498F16\Update\BrowserUpdate.exe [2016-03-17] (Tencent) Task: {54C26067-9148-4ECC-A4FF-50A520D140B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {6045ED40-B08A-48E2-A6DF-F1D2DB89E1DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {8292F44E-3048-43C4-BCD7-9F8AEEFECF72} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {902BF050-2A5D-4F2F-9ED2-A7C1CDE68CFE} - \task Update -> Brak pliku <==== UWAGA Task: {C44442C3-2D81-487B-A094-B5D12656CE60} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {D97A7CCA-DCE7-4926-85E3-154EA63578E1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {F50B1DAF-0343-4EE7-B0B4-8715CA69A2AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {F9DED7FD-E7E8-4C68-8CC2-A48D526D40C2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {FBDAEB41-B071-4332-9B45-474F88CF6B88} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files (x86)\Google RemoveDirectory: C:\Program Files (x86)\QQBrowser RemoveDirectory: C:\ProgramData\HitmanPro RemoveDirectory: C:\WINDOWS\SysWOW64\_tWm C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk C:\WINDOWS\System32\bootdelete.exe C:\WINDOWS\System32\bootdelete.lst C:\Windows\System32\drivers\mfeelamk.sys C:\WINDOWS\SysWOW64\123.html C:\WINDOWS\SysWOW64\data.bin EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Błąd: (0) Nie udało się utworzyć punktu przywracania. ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite Automount" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-1391875746-577248832-3267673664-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wartość pomyślnie przywrócono HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => Wartość pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b4a9d77-9cdb-4475-b276-2776b130a1ae}\\DhcpNameServer => Wartość pomyślnie usunięto mfeelamk => serwis pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C1B3FF8-5D95-4028-BF08-9D35E7833511}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C1B3FF8-5D95-4028-BF08-9D35E7833511}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\{F25B2057-D00E-4B9B-BA14-663442D6A760} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F25B2057-D00E-4B9B-BA14-663442D6A760}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A0EEC8C-AB4F-49C5-85BE-4E31589FB20E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A0EEC8C-AB4F-49C5-85BE-4E31589FB20E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B5A5CDD-6D80-4362-BE6D-7AFBAA6875A7}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B5A5CDD-6D80-4362-BE6D-7AFBAA6875A7}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2157C308-5827-4951-BD38-EF0C998B3585}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2157C308-5827-4951-BD38-EF0C998B3585}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25CDC5F6-22C0-4744-BFC5-4535A1FE9928}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25CDC5F6-22C0-4744-BFC5-4535A1FE9928}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\Browser Updater Task(Core) => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core)" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C26067-9148-4ECC-A4FF-50A520D140B2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C26067-9148-4ECC-A4FF-50A520D140B2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6045ED40-B08A-48E2-A6DF-F1D2DB89E1DE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6045ED40-B08A-48E2-A6DF-F1D2DB89E1DE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8292F44E-3048-43C4-BCD7-9F8AEEFECF72}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8292F44E-3048-43C4-BCD7-9F8AEEFECF72}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902BF050-2A5D-4F2F-9ED2-A7C1CDE68CFE}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902BF050-2A5D-4F2F-9ED2-A7C1CDE68CFE}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task Update => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C44442C3-2D81-487B-A094-B5D12656CE60}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C44442C3-2D81-487B-A094-B5D12656CE60}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D97A7CCA-DCE7-4926-85E3-154EA63578E1}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D97A7CCA-DCE7-4926-85E3-154EA63578E1}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50B1DAF-0343-4EE7-B0B4-8715CA69A2AC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50B1DAF-0343-4EE7-B0B4-8715CA69A2AC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9DED7FD-E7E8-4C68-8CC2-A48D526D40C2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9DED7FD-E7E8-4C68-8CC2-A48D526D40C2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBDAEB41-B071-4332-9B45-474F88CF6B88}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDAEB41-B071-4332-9B45-474F88CF6B88}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => klucz pomyślnie usunięto "C:\AdwCleaner" => pomyślnie usunięto. "C:\Program Files (x86)\Google" => pomyślnie usunięto. "C:\Program Files (x86)\QQBrowser" => pomyślnie usunięto. "C:\ProgramData\HitmanPro" => pomyślnie usunięto. "C:\WINDOWS\SysWOW64\_tWm" => pomyślnie usunięto. C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk => pomyślnie przeniesiono C:\Users\Agata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk => pomyślnie przeniesiono C:\WINDOWS\System32\bootdelete.exe => pomyślnie przeniesiono C:\WINDOWS\System32\bootdelete.lst => pomyślnie przeniesiono C:\Windows\System32\drivers\mfeelamk.sys => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\123.html => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\data.bin => pomyślnie przeniesiono EmptyTemp: => 413.3 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 21:25:06 ====