Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:05-03-2016 01 Uruchomiony przez Jaco (2016-04-12 15:12:23) Run:3 Uruchomiony z C:\Users\Jaco\Downloads Załadowane profile: Jaco (Dostępne profile: Jaco) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** SearchScopes: HKU\S-1-5-21-1728362779-2423392276-1017299573-1001 -> DefaultScope {ielnksrch} URL = FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [Brak pliku] RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Program Files (x86)\McAfee RemoveDirectory: C:\ProgramData\McAfee RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem CMD: del /q C:\AVScanner.ini CMD: del /q "C:\Users\Jaco\AppData\Roaming\Microsoft\Windows\SendTo\Znajomy Xfire.lnk" Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries /s Reg: reg query HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 /s ***************** HKU\S-1-5-21-1728362779-2423392276-1017299573-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => klucz pomyślnie usunięto "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => klucz pomyślnie usunięto "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => klucz pomyślnie usunięto "C:\FRST\Quarantine" => pomyślnie usunięto. "C:\Program Files (x86)\McAfee" => pomyślnie usunięto. "C:\ProgramData\McAfee" => pomyślnie usunięto. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem" => pomyślnie usunięto. ========= del /q C:\AVScanner.ini ========= ========= Koniec CMD: ========= ========= del /q "C:\Users\Jaco\AppData\Roaming\Microsoft\Windows\SendTo\Znajomy Xfire.lnk" ========= ========= Koniec CMD: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 LibraryPath REG_SZ C:\Windows\system32\NLAapi.dll DisplayString REG_SZ @C:\Windows\system32\nlasvc.dll,-1000 ProviderId REG_BINARY 3A244266A83BA64ABAA52E0BD71FDD83 SupportedNameSpace REG_DWORD 0xf Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 LibraryPath REG_SZ C:\Windows\System32\mswsock.dll DisplayString REG_SZ @C:\Windows\system32\wshtcpip.dll,-60103 ProviderId REG_BINARY 409D05229E7ECF11AE5A00AA00A7112B SupportedNameSpace REG_DWORD 0xc Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 LibraryPath REG_SZ C:\Windows\System32\winrnr.dll DisplayString REG_SZ NTDS ProviderId REG_BINARY EE37263B80E5CF11A55500C04FD8D4AC SupportedNameSpace REG_DWORD 0x20 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x0 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 LibraryPath REG_SZ C:\Windows\system32\napinsp.dll DisplayString REG_SZ @C:\Windows\system32\napinsp.dll,-1000 ProviderId REG_BINARY A2CB4A96BCB2EB408C6AA6DB40161CAE SupportedNameSpace REG_DWORD 0x25 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005 LibraryPath REG_SZ C:\Windows\system32\pnrpnsp.dll DisplayString REG_SZ @C:\Windows\system32\pnrpnsp.dll,-1000 ProviderId REG_BINARY CE89FE036D767649B9C1BB9BC42C7B4D SupportedNameSpace REG_DWORD 0x27 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006 LibraryPath REG_SZ C:\Windows\system32\pnrpnsp.dll DisplayString REG_SZ @C:\Windows\system32\pnrpnsp.dll,-1001 ProviderId REG_BINARY CD89FE036D767649B9C1BB9BC42C7B4D SupportedNameSpace REG_DWORD 0x26 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 LibraryPath REG_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL DisplayString REG_SZ WindowsLive NSP ProviderId REG_BINARY E9DD774128609E47B7B703591A63FF3A SupportedNameSpace REG_DWORD 0xc Enabled REG_DWORD 0x1 Version REG_DWORD 0x1 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 LibraryPath REG_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL DisplayString REG_SZ WindowsLive Local NSP ProviderId REG_BINARY 2C2A9F22185F064A8F893A372170624D SupportedNameSpace REG_DWORD 0x13 Enabled REG_DWORD 0x1 Version REG_DWORD 0x1 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 LibraryPath REG_SZ C:\Windows\system32\wshbth.dll DisplayString REG_SZ Bluetooth Namespace ProviderId REG_BINARY E063AA06607DFF41AFB23EE6D2D9392D SupportedNameSpace REG_DWORD 0x10 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x0 ProviderInfo REG_BINARY ========= Koniec Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001 LibraryPath REG_SZ %SystemRoot%\system32\NLAapi.dll DisplayString REG_SZ @%SystemRoot%\system32\nlasvc.dll,-1000 ProviderId REG_BINARY 3A244266A83BA64ABAA52E0BD71FDD83 SupportedNameSpace REG_DWORD 0xf Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002 LibraryPath REG_SZ %SystemRoot%\System32\mswsock.dll DisplayString REG_SZ @%SystemRoot%\system32\wshtcpip.dll,-60103 ProviderId REG_BINARY 409D05229E7ECF11AE5A00AA00A7112B SupportedNameSpace REG_DWORD 0xc Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003 LibraryPath REG_SZ %SystemRoot%\System32\winrnr.dll DisplayString REG_SZ NTDS ProviderId REG_BINARY EE37263B80E5CF11A55500C04FD8D4AC SupportedNameSpace REG_DWORD 0x20 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x0 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004 LibraryPath REG_SZ %SystemRoot%\system32\napinsp.dll DisplayString REG_SZ @%SystemRoot%\system32\napinsp.dll,-1000 ProviderId REG_BINARY A2CB4A96BCB2EB408C6AA6DB40161CAE SupportedNameSpace REG_DWORD 0x25 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005 LibraryPath REG_SZ %SystemRoot%\system32\pnrpnsp.dll DisplayString REG_SZ @%SystemRoot%\system32\pnrpnsp.dll,-1000 ProviderId REG_BINARY CE89FE036D767649B9C1BB9BC42C7B4D SupportedNameSpace REG_DWORD 0x27 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006 LibraryPath REG_SZ %SystemRoot%\system32\pnrpnsp.dll DisplayString REG_SZ @%SystemRoot%\system32\pnrpnsp.dll,-1001 ProviderId REG_BINARY CD89FE036D767649B9C1BB9BC42C7B4D SupportedNameSpace REG_DWORD 0x26 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007 LibraryPath REG_SZ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL DisplayString REG_SZ WindowsLive NSP ProviderId REG_BINARY E9DD774128609E47B7B703591A63FF3A SupportedNameSpace REG_DWORD 0xc Enabled REG_DWORD 0x1 Version REG_DWORD 0x1 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 LibraryPath REG_SZ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL DisplayString REG_SZ WindowsLive Local NSP ProviderId REG_BINARY 2C2A9F22185F064A8F893A372170624D SupportedNameSpace REG_DWORD 0x13 Enabled REG_DWORD 0x1 Version REG_DWORD 0x1 StoresServiceClassInfo REG_DWORD 0x1 ProviderInfo REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 LibraryPath REG_SZ %SystemRoot%\system32\wshbth.dll DisplayString REG_SZ Bluetooth Namespace ProviderId REG_BINARY E063AA06607DFF41AFB23EE6D2D9392D SupportedNameSpace REG_DWORD 0x10 Enabled REG_DWORD 0x1 Version REG_DWORD 0x0 StoresServiceClassInfo REG_DWORD 0x0 ProviderInfo REG_BINARY ========= Koniec Reg: ========= ==== Koniec Fixlog 15:12:26 ====