Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja: 18-07-2017 Uruchomiony przez Yoogi (20-07-2017 14:53:24) Run:1 Uruchomiony z C:\Users\Yoogi\Desktop\Nowy folder Załadowane profile: Yoogi (Dostępne profile: Yoogi & Administrator) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {04331410-577D-4BA5-9C49-0657A80159BF} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-07-03] (Reimage ltd.) <==== UWAGA Task: {0CF33E4C-CE3D-490B-8F40-1C07A4F22384} - System32\Tasks\SMW_UpdateTask_Time_3634333038373637342d3437415a556c2a3223346c41 => wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA Task: {30A0A113-C606-4124-8DBD-B23D0C6B7C8D} - System32\Tasks\Bear PC Spy => C:\Windows\system32\rundll32.exe "C:\Program Files\Bear PC Spy\Bear PC Spy.dll",eMzJHusNnHst <==== UWAGA Task: {7B3EBF07-3F44-42AE-B21C-D60B3748BADB} - System32\Tasks\RunAtStartup => C:\Users\Yoogi\AppData\Roaming\Event Monitor\em.exe [2017-05-29] () <==== UWAGA Task: {7B7CE3A6-A06A-40A7-9995-1DF382FF9E4B} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files\YiuAskU\Iw3d7Ud.dll",#1 <==== UWAGA Task: {7BA3520C-045A-4235-8915-EDA6E4EE35D3} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => rundll32 "C:\Program Files\MafarchU\SlTMNry.dll",#1 <==== UWAGA Task: {7E52B5BB-5E27-4152-B56E-FE8379E4CB5E} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => rundll32 "C:\Program Files\YiuAskU\Iw3d7Ud.dll",#1 <==== UWAGA Task: {8A86A917-581A-4553-9C1E-26757591392B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== UWAGA Task: {942D70F3-8723-40B3-BC75-732896FA39F8} - System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files\MafarchU2\tRwbN87.dll",#1 Task: {B4829199-E71F-4CBC-AE94-CF5194F07D13} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe Task: {B9494153-118A-46E3-B668-0D1F10700658} - System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files\YiuAskU2\81q7Xn9.dll",#1 Task: {CE7839A1-B552-4126-992B-667228D498EB} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files\MafarchU\SlTMNry.dll",#1 <==== UWAGA Task: {DA46E89E-5F6F-44E5-821E-1262AB7B85BC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== UWAGA Task: C:\Windows\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job => C:\Program Files\YiuAskU\Iw3d7Ud.dll <==== UWAGA Task: C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job => C:\Program Files\MafarchU\SlTMNry.dll <==== UWAGA WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h7jzbcnbl1bu,4248c706-03ca-4560-8c17-0c28a0fb0234, ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ MSCONFIG\startupreg: 9xwfzbr.exe => C:\Users\Yoogi\AppData\Roaming\b7020d26b76b40b3bcf027f9a3027af7\9xwfzbr.exe -r1_1 -r2_2 MSCONFIG\startupreg: i19Q6OJ.exe => C:\Users\Yoogi\AppData\Local\Temp\6c9a1a102f994302b9b14eb106350d43\i19Q6OJ.exe -r1_1 -r2_2 MSCONFIG\startupreg: msiql => C:\Users\Yoogi\AppData\Local\Temp\00007951\msiql.exe /RUNNING MSCONFIG\startupreg: p-uTiYL-Wn.exe => C:\Program Files\Scarlet.Crush Productions\LDY13LURAIRTY2RVJQCOK5ANOYUAKOL9QB\p-uTiYL-Wn.exe MSCONFIG\startupreg: WhdV2oCczld.exe => C:\ProgramData\351f5023a4d2407b9117d4422490b9ee\WhdV2oCczld.exe -r1_1 -r2_2 MSCONFIG\startupreg: YeaDesktop => C:\Program Files\YeaDesktop\YeaDesktop.exe /autostart HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\...\MountPoints2: {ea002615-08e0-11e7-897b-001fd0b439ce} - F:\INSTALL.EXE HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\...\MountPoints2: {ea002619-08e0-11e7-897b-001fd0b439ce} - I:\AutoRun.exe --autorun AppInit_DLLs: C:\ProgramData\Subair\Airlight.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <==== UWAGA GroupPolicyScripts: Ograniczenia <==== UWAGA HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7AR4ZSRkPD_WHSPAm_QXka2QGbZFhwnhdHRE2H570JhpengENSB5IWjXlVeJ-iVZEbluiqsMkD1kayJEsFld_hypLfzM, SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3403083442-3079574581-3742481433-1000 -> {E02CDEB6-D6B8-4EC5-A058-5B91DCB36874} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H7Jzbcnbl1BU,4248c706-03ca-4560-8c17-0c28a0fb0234, SearchScopes: HKU\S-1-5-21-3403083442-3079574581-3742481433-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} BHO: Brak nazwy -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> Brak pliku FF Homepage: Mozilla\Firefox\Profiles\ac7u6p94.default -> C:\ProgramData\Subairs\ff.HP FF NewTab: Mozilla\Firefox\Profiles\ac7u6p94.default -> C:\ProgramData\Subairs\ff.NT FF SearchPlugin: C:\Users\Yoogi\AppData\Roaming\Mozilla\Firefox\Profiles\ac7u6p94.default\searchplugins\findit.xml [2017-07-19] FF Plugin: @haitao.com/npHaitaoPlugin -> C:\Users\Yoogi\AppData\Local\htyh\application\htwebHelper.dll [Brak pliku] CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DROTTgGnk6MLyWmrdDgxPfBCA_rFm9khR7M6JyMciiBusp50QT7c-3J5vWbiIMq5XHix2RcDk8DWtQNDUykdlsKMLQE, CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=H7Jzbcnbl1BU,4248c706-03ca-4560-8c17-0c28a0fb0234,&vp=ch&prd=set_ch" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms} CHR DefaultSearchKeyword: Default -> Search Module Plus CHR HKLM\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - CHR HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (Brak nazwy) - C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdmkclkigoemafepfpiljdlgnoloicom [2017-07-19] OPR Extension: (Brak nazwy) - C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jenggbjfjblgmpcfejchbpnpineboigk [2017-07-19] S4 Ds3Service; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe" [X] S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] S4 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X] <==== UWAGA S4 updater; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe" /runservice [X] 2017-07-19 18:27 - 2017-07-20 11:49 - 00000000 ____D C:\AdwCleaner 2017-07-19 18:14 - 2017-07-19 18:14 - 7320064 _____ () C:\Users\Yoogi\AppData\Local\agent.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 0070800 _____ () C:\Users\Yoogi\AppData\Local\Config.xml 2017-07-19 18:14 - 2017-07-19 18:13 - 2554368 _____ (TODO: ) C:\Users\Yoogi\AppData\Local\Groovein.exe 2017-07-19 18:14 - 2017-07-19 18:14 - 1898550 _____ () C:\Users\Yoogi\AppData\Local\Groovein.tst 2017-07-19 18:13 - 2017-07-19 18:13 - 0016176 _____ () C:\Users\Yoogi\AppData\Local\InstallationConfiguration.xml 2017-07-19 18:13 - 2017-07-19 18:13 - 0140800 _____ () C:\Users\Yoogi\AppData\Local\installer.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 1895383 _____ () C:\Users\Yoogi\AppData\Local\Lotzap.bin 2017-07-19 18:14 - 2017-07-19 18:14 - 0018432 _____ () C:\Users\Yoogi\AppData\Local\Main.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 0005568 _____ () C:\Users\Yoogi\AppData\Local\md.xml 2017-07-19 18:14 - 2017-07-19 18:14 - 0126464 _____ () C:\Users\Yoogi\AppData\Local\noah.dat 2017-07-19 18:13 - 2017-07-19 18:14 - 1847296 _____ () C:\Users\Yoogi\AppData\Local\po.db 2017-07-19 18:14 - 2017-07-19 18:14 - 0032038 _____ () C:\Users\Yoogi\AppData\Local\uninstall_temp.ico 2017-07-19 18:13 - 2017-07-19 18:13 - 0278510 _____ () C:\Users\Yoogi\AppData\Local\Unitough.bin C:\ProgramData\service.exe EmptyTemp: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04331410-577D-4BA5-9C49-0657A80159BF} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Reimage Reminder => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CF33E4C-CE3D-490B-8F40-1C07A4F22384} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF33E4C-CE3D-490B-8F40-1C07A4F22384} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3634333038373637342d3437415a556c2a3223346c41 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3634333038373637342d3437415a556c2a3223346c41 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{30A0A113-C606-4124-8DBD-B23D0C6B7C8D} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30A0A113-C606-4124-8DBD-B23D0C6B7C8D} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Bear PC Spy => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bear PC Spy => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B3EBF07-3F44-42AE-B21C-D60B3748BADB} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\RunAtStartup => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAtStartup => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B7CE3A6-A06A-40A7-9995-1DF382FF9E4B} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B7CE3A6-A06A-40A7-9995-1DF382FF9E4B} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA3520C-045A-4235-8915-EDA6E4EE35D3} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA3520C-045A-4235-8915-EDA6E4EE35D3} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E52B5BB-5E27-4152-B56E-FE8379E4CB5E} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E52B5BB-5E27-4152-B56E-FE8379E4CB5E} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A86A917-581A-4553-9C1E-26757591392B} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\ReimageUpdater => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{942D70F3-8723-40B3-BC75-732896FA39F8} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942D70F3-8723-40B3-BC75-732896FA39F8} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4829199-E71F-4CBC-AE94-CF5194F07D13} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4829199-E71F-4CBC-AE94-CF5194F07D13} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\updater => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9494153-118A-46E3-B668-0D1F10700658} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9494153-118A-46E3-B668-0D1F10700658} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE7839A1-B552-4126-992B-667228D498EB} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7839A1-B552-4126-992B-667228D498EB} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA46E89E-5F6F-44E5-821E-1262AB7B85BC} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\SMW_P => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => klucz pomyślnie usunięto C:\Windows\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job => pomyślnie przeniesiono C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job => pomyślnie przeniesiono WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA => pomyślnie usunięto C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => nie znaleziono. C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome (2).lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\9xwfzbr.exe => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\i19Q6OJ.exe => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msiql => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\p-uTiYL-Wn.exe => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhdV2oCczld.exe => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YeaDesktop => klucz pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => klucz pomyślnie usunięto HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea002615-08e0-11e7-897b-001fd0b439ce} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{ea002615-08e0-11e7-897b-001fd0b439ce} => klucz nie znaleziono. HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea002619-08e0-11e7-897b-001fd0b439ce} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{ea002619-08e0-11e7-897b-001fd0b439ce} => klucz nie znaleziono. "C:\ProgramData\Subair\Airlight.dll" => Dane wartości pomyślnie usunięto. C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "C:\Windows\system32\GroupPolicy\Machine" => nie znaleziono. HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch => klucz nie znaleziono. HKLM\Software\Classes\CLSID\ielnksrch => klucz nie znaleziono. HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E02CDEB6-D6B8-4EC5-A058-5B91DCB36874} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{E02CDEB6-D6B8-4EC5-A058-5B91DCB36874} => klucz nie znaleziono. HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => klucz nie znaleziono. HKLM\Software\Classes\CLSID\{ielnksrch} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} => klucz nie znaleziono. Firefox "homepage" pomyślnie usunięto Firefox "newtab" pomyślnie usunięto "C:\Users\Yoogi\AppData\Roaming\Mozilla\Firefox\Profiles\ac7u6p94.default\searchplugins\findit.xml" => nie znaleziono. HKLM\Software\MozillaPlugins\@haitao.com/npHaitaoPlugin => klucz pomyślnie usunięto Chrome HomePage => pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto Chrome DefaultSearchURL => pomyślnie usunięto Chrome DefaultSearchKeyword => pomyślnie usunięto HKLM\SOFTWARE\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik => klucz nie znaleziono. HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh => klucz pomyślnie usunięto HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => klucz pomyślnie usunięto C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdmkclkigoemafepfpiljdlgnoloicom => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jenggbjfjblgmpcfejchbpnpineboigk => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\Ds3Service => klucz pomyślnie usunięto Ds3Service => serwis pomyślnie usunięto ReimageRealTimeProtector => serwis nie znaleziono. SMUpd => serwis nie znaleziono. HKLM\System\CurrentControlSet\Services\updater => klucz pomyślnie usunięto updater => serwis pomyślnie usunięto C:\AdwCleaner => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\agent.dat => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\Config.xml => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\Groovein.exe => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\Groovein.tst => pomyślnie przeniesiono "C:\Users\Yoogi\AppData\Local\InstallationConfiguration.xml" => nie znaleziono. C:\Users\Yoogi\AppData\Local\installer.dat => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\Lotzap.bin => pomyślnie przeniesiono "C:\Users\Yoogi\AppData\Local\Main.dat" => nie znaleziono. C:\Users\Yoogi\AppData\Local\md.xml => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\noah.dat => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\po.db => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\uninstall_temp.ico => pomyślnie przeniesiono C:\Users\Yoogi\AppData\Local\Unitough.bin => pomyślnie przeniesiono "C:\ProgramData\service.exe" => nie znaleziono. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5126235 B Java, Flash, Steam htmlcache => 42077937 B Windows/system/drivers => 225200042 B Edge => 0 B Chrome => 57249504 B Firefox => 47307100 B Opera => 52144046 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 21191961 B LocalService => 66228 B NetworkService => 221914 B Yoogi => 2305352260 B Administrator => 477374 B DefaultAppPool => 0 B RecycleBin => 128011721 B EmptyTemp: => 2.7 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 14:55:08 ====