Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 14.03.2018 Uruchomiony przez Anna (18-03-2018 22:53:16) Run:1 Uruchomiony z C:\Users\Anna\Desktop Załadowane profile: Anna (Dostępne profile: Anna & Gość) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\Run: [BingSvc] => C:\Users\Anna\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\Policies\Explorer: [] HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {350d9408-8e84-11e7-82cd-0071cc91891e} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {360cf295-f36f-11e5-828f-0071cc91891e} - "F:\startme.exe" HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {3bfe396f-1a2f-11e7-82ad-0071cc91891e} - "F:\Setup.bat" HKU\S-1-5-21-973996416-432849057-2411937491-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-973996416-432849057-2411937491-1001 -> {306553DA-E069-4DEF-8753-4DC9C702AD32} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-973996416-432849057-2411937491-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-09-18&ent=ch_675&q={searchTerms} BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => Brak pliku BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => Brak pliku Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll Brak pliku Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll Brak pliku CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] S2 MaxthonUpdateSvc; "C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe" [X] S2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [X] U2 CWASRE; Brak ImagePath S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] <==== UWAGA S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] U2 snare; Brak ImagePath ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {52C03B84-D9B9-4DDF-AA3B-3A795F401FBF} - \Maxthon Update -> Brak pliku <==== UWAGA Task: {75D4720A-53D2-4297-BF3E-72793E3E37B0} - Brak ścieżki do pliku FirewallRules: [{564C1006-7730-46C0-8A53-A1F97BF1934D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{5FF694A9-C651-469A-B849-80807530491F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{A3E1B3B9-5AE8-44C8-9E37-4B46CD612AF0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{F7B6E9E1-DD9C-415D-8089-ABA518D2486A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{5A4FDEAB-72FA-4A83-8F9C-3B6885078F01}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7DC0A7CD-4F3D-43A0-A17F-67FB657E82D4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [TCP Query User{B78B8C2D-7FB1-401D-A231-6E318ECFBA33}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{01D99E34-45F2-405D-A6E4-0A18F7F0B703}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{64134179-FB24-45AE-A47E-D7DDF354E13F}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{125A7868-A08B-4145-82C9-B536986C1B7E}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\CATIA P3 V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Batch Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Environment Editor V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (DSLS) V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (LUM) V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Printers V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Settings Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Software Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Vault Client Setup V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk C:\Users\Anna\Favorites\AmazonBrowserBar.url C:\Users\Default\Favorites\AmazonBrowserBar.url C:\Users\Gość\Favorites\AmazonBrowserBar.url Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKU\S-1-5-21-973996416-432849057-2411937491-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => pomyślnie usunięto "HKU\S-1-5-21-973996416-432849057-2411937491-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => pomyślnie usunięto "HKU\S-1-5-21-973996416-432849057-2411937491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350d9408-8e84-11e7-82cd-0071cc91891e}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{350d9408-8e84-11e7-82cd-0071cc91891e} => nie znaleziono "HKU\S-1-5-21-973996416-432849057-2411937491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360cf295-f36f-11e5-828f-0071cc91891e}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{360cf295-f36f-11e5-828f-0071cc91891e} => nie znaleziono "HKU\S-1-5-21-973996416-432849057-2411937491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bfe396f-1a2f-11e7-82ad-0071cc91891e}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3bfe396f-1a2f-11e7-82ad-0071cc91891e} => nie znaleziono "HKU\S-1-5-21-973996416-432849057-2411937491-1001\Control Panel\Desktop\\SCRNSAVE.EXE" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono "HKU\S-1-5-21-973996416-432849057-2411937491-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{306553DA-E069-4DEF-8753-4DC9C702AD32}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{306553DA-E069-4DEF-8753-4DC9C702AD32} => nie znaleziono "HKU\S-1-5-21-973996416-432849057-2411937491-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto "HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto "HKLM\Software\Wow6432Node\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => nie znaleziono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => nie znaleziono "HKLM\SOFTWARE\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => pomyślnie usunięto C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\MaxthonUpdateSvc" => pomyślnie usunięto MaxthonUpdateSvc => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\RichVideo64" => pomyślnie usunięto RichVideo64 => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\CWASRE" => pomyślnie usunięto CWASRE => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\iSafeKrnl" => pomyślnie usunięto iSafeKrnl => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\MBAMSwissArmy" => pomyślnie usunięto MBAMSwissArmy => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\snare" => pomyślnie usunięto snare => serwis pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52C03B84-D9B9-4DDF-AA3B-3A795F401FBF}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52C03B84-D9B9-4DDF-AA3B-3A795F401FBF}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maxthon Update" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75D4720A-53D2-4297-BF3E-72793E3E37B0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75D4720A-53D2-4297-BF3E-72793E3E37B0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{564C1006-7730-46C0-8A53-A1F97BF1934D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FF694A9-C651-469A-B849-80807530491F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3E1B3B9-5AE8-44C8-9E37-4B46CD612AF0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7B6E9E1-DD9C-415D-8089-ABA518D2486A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A4FDEAB-72FA-4A83-8F9C-3B6885078F01}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DC0A7CD-4F3D-43A0-A17F-67FB657E82D4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B78B8C2D-7FB1-401D-A231-6E318ECFBA33}C:\users\anna\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{01D99E34-45F2-405D-A6E4-0A18F7F0B703}C:\users\anna\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{64134179-FB24-45AE-A47E-D7DDF354E13F}C:\users\anna\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{125A7868-A08B-4145-82C9-B536986C1B7E}C:\users\anna\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\CATIA P3 V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Batch Management V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Environment Editor V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (DSLS) V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (LUM) V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Printers V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Settings Management V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Software Management V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Vault Client Setup V5R21.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk => pomyślnie przeniesiono C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk => pomyślnie przeniesiono C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk => pomyślnie przeniesiono C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => pomyślnie przeniesiono C:\Users\Anna\Favorites\AmazonBrowserBar.url => pomyślnie przeniesiono C:\Users\Default\Favorites\AmazonBrowserBar.url => pomyślnie przeniesiono C:\Users\Gość\Favorites\AmazonBrowserBar.url => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78788412 B Java, Flash, Steam htmlcache => 1711 B Windows/system/drivers => 734995264 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 152202711 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 75342 B NetworkService => 2232 B Anna => 898704962 B Ewa => 0 B Gość => 149301032 B RecycleBin => 60505982 B EmptyTemp: => 1.9 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:00:11 ====