Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15-08-2017 01 Uruchomiony przez katar (16-08-2017 13:50:47) Run:1 Uruchomiony z C:\Users\katar\Desktop Załadowane profile: katar (Dostępne profile: katar) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-1769923494-3148577438-2251075067-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Bossship\Application\chrome.exe" "%1" <==== UWAGA C:\Users\katar\AppData\Roaming\Bossship C:\Users\katar\AppData\Local\Bossship C:\Program Files (x86)\Bossship ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {7D38FC5C-4813-430F-8EA4-AF1BD541B69A} - System32\Tasks\LogNata for CD Pro => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\LogNata for CD Pro\LogNata for CD Pro.dll",agYbwmRYhHpt <==== UWAGA C:\Program Files\LogNata for CD Pro ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> C:\Users\katar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1769923494-3148577438-2251075067-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Edge HomeButtonPage: HKU\S-1-5-21-1769923494-3148577438-2251075067-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1476194320&z=bf18d9362f2dddcd94bc326gdz8m9q2gctbzac4g5b&from=che0812&uid=HGSTXHTS545050A7E680_TM8514GL30DZGP30DZGPX FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\katar\AppData\Roaming\Mozilla\Firefox\Profiles\88tmelis.default\extensions\arthurj8283@gmail.com => nie znaleziono CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx HKU\S-1-5-21-1769923494-3148577438-2251075067-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Bossship\Application\chrome.exe <==== UWAGA CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1475909305&from=fb081008&uid=hgstxhts545050a7e680_tm8514gl30dzgp30dzgpx&z=21080f64cde7f3e86bc3b7cg0zam2w2t7ebt9c6e5o" CHR NewTab: Default -> Not-active:"chrome-extension://hoephahehngknjmiphndipnckhhdkjho/stubby.html", Not-active:"chrome-extension://eaefeocpbhmeliomnhdbolpidpcdkjdc/stubby.html", Not-active:"chrome-extension://bkgkclakjomadncofjgnekkfhkalpkpo/stubby.html", Not-active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html", Active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html", Not-active:"chrome-extension://ojfkehjclaeiedfhhbjndggmjgiaieef/redirect.html" C:\Users\katar\Desktop\Star Stable.lnk DeleteKey: HKCU\Software\Bossship DeleteKey: HKLM\SOFTWARE\WOW6432Node\Bossship CMD: netsh advfirewall reset CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\katar\AppData\Local CMD: dir /a C:\Users\katar\AppData\LocalLow CMD: dir /a C:\Users\katar\AppData\Roaming EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKU\S-1-5-21-1769923494-3148577438-2251075067-1001_Classes\ChromeHTML => klucz pomyślnie usunięto "C:\Users\katar\AppData\Roaming\Bossship" => nie znaleziono. C:\Users\katar\AppData\Local\Bossship => pomyślnie przeniesiono C:\Program Files (x86)\Bossship => pomyślnie przeniesiono HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D38FC5C-4813-430F-8EA4-AF1BD541B69A} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D38FC5C-4813-430F-8EA4-AF1BD541B69A} => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\LogNata for CD Pro => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LogNata for CD Pro => klucz pomyślnie usunięto C:\Program Files\LogNata for CD Pro => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Nie można usunąć lub naprawić argumentu skrótu. Skrót może być uszkodzony. C:\Users\Public\Desktop\Avast SafeZone Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\katar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk => pomyślnie przeniesiono HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA => pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-1769923494-3148577438-2251075067-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-1769923494-3148577438-2251075067-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\arthurj8283@gmail.com => Wartość pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => klucz pomyślnie usunięto HKU\S-1-5-21-1769923494-3148577438-2251075067-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => klucz pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto Chrome NewTab => pomyślnie usunięto C:\Users\katar\Desktop\Star Stable.lnk => pomyślnie przeniesiono HKCU\Software\Bossship => klucz pomyślnie usunięto HKLM\SOFTWARE\WOW6432Node\Bossship => klucz pomyślnie usunięto ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= dir /a "C:\Program Files" ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Program Files 16.08.2017 13:52 . 16.08.2017 13:52 .. 12.03.2017 19:24 7-Zip 08.02.2016 13:33 AVAST Software 29.07.2017 14:38 Common Files 18.03.2017 23:01 174 desktop.ini 29.11.2016 20:38 GIMP 2 29.07.2017 14:38 Intel 11.07.2017 07:47 Internet Explorer 29.07.2017 14:33 Realtek 29.07.2017 14:32 Synaptics 10.07.2015 14:21 Uninstall Information 30.06.2017 19:30 UNP 11.07.2017 07:47 Windows Defender 20.03.2017 05:59 Windows Mail 29.07.2017 14:38 Windows Media Player 18.03.2017 23:03 Windows Multimedia Platform 29.07.2017 15:04 Windows NT 08.08.2017 23:55 Windows Photo Viewer 18.03.2017 23:03 Windows Portable Devices 18.03.2017 23:03 Windows Security 18.03.2017 23:03 Windows Sidebar 16.08.2017 13:32 WindowsApps 18.03.2017 23:03 WindowsPowerShell 1 File(s) 174 bytes 23 Dir(s) 419˙258˙269˙696 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Program Files (x86) 16.08.2017 13:52 . 16.08.2017 13:52 .. 19.03.2016 09:32 Atari 24.07.2017 23:23 Bandicam 24.07.2017 23:21 BandiMPEG1 29.07.2017 14:38 Common Files 18.03.2017 23:01 174 desktop.ini 22.09.2016 20:02 Driver Updater Plus 28.09.2016 18:17 Elex-tech 04.06.2017 18:55 FreeMouseAutoClicker 08.02.2016 13:39 Google 23.09.2015 18:23 Hewlett-Packard 14.01.2017 17:41 InstallShield Installation Information 23.09.2015 18:22 Intel 11.07.2017 07:47 Internet Explorer 27.07.2017 17:48 McAfee 18.03.2017 23:03 Microsoft.NET 16.11.2016 12:42 Mirillis 04.12.2015 19:16 Mobile Partner 16.07.2017 16:57 Mozilla Firefox 16.07.2017 16:57 Mozilla Maintenance Service 12.03.2017 18:35 Opera 22.09.2016 19:56 PC Purifier 28.01.2017 19:26 PCPurifier 23.09.2015 18:23 Realtek 03.07.2017 11:54 Skype 01.12.2015 16:28 Star Stable Entertainment AB 14.01.2017 17:33 Techland 23.09.2015 18:25 Temp 07.10.2016 11:53 Uninstall Information 11.07.2017 07:47 Windows Defender 20.03.2017 05:59 Windows Mail 29.07.2017 14:38 Windows Media Player 18.03.2017 23:03 Windows Multimedia Platform 18.03.2017 23:03 Windows NT 08.08.2017 23:55 Windows Photo Viewer 18.03.2017 23:03 Windows Portable Devices 18.03.2017 23:03 Windows Sidebar 18.03.2017 23:03 WindowsPowerShell 11.05.2017 18:18 Wirtualny Planer - Cersanit 1 File(s) 174 bytes 39 Dir(s) 419˙258˙269˙696 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Program Files\Common Files\System 20.03.2017 05:59 . 20.03.2017 05:59 .. 11.07.2017 07:47 ado 18.03.2017 22:59 32˙768 DirectDB.dll 20.03.2017 05:59 en-US 20.03.2017 05:59 msadc 20.03.2017 05:59 Ole DB 20.03.2017 05:59 pl-PL 18.03.2017 22:57 854˙528 wab32.dll 18.03.2017 22:57 964˙096 wab32res.dll 3 File(s) 1˙851˙392 bytes 7 Dir(s) 419˙258˙269˙696 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Program Files (x86)\Common Files\System 20.03.2017 05:59 . 20.03.2017 05:59 .. 11.07.2017 07:47 ado 18.03.2017 22:59 27˙648 DirectDB.dll 20.03.2017 05:59 en-US 20.03.2017 05:59 msadc 20.03.2017 05:59 Ole DB 20.03.2017 05:59 pl-PL 18.03.2017 22:58 741˙888 wab32.dll 18.03.2017 22:58 964˙096 wab32res.dll 3 File(s) 1˙733˙632 bytes 7 Dir(s) 419˙258˙146˙816 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\ProgramData 14.08.2017 11:08 . 14.08.2017 11:08 .. 19.03.2017 19:25 AVAST Software 16.07.2016 13:47 Comms 30.09.2015 19:37 Dane aplikacji [C:\ProgramData] 11.05.2017 18:23 DatacardService 30.09.2015 19:37 Dokumenty [C:\Users\Public\Documents] 16.06.2017 19:25 Gametree 23.09.2015 18:22 Hewlett-Packard 23.09.2015 18:22 Intel 22.04.2016 17:12 log 04.06.2017 18:54 McAfee 30.09.2015 19:37 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 01.08.2017 13:03 Microsoft 29.07.2017 16:00 Microsoft OneDrive 25.04.2016 16:20 Mirillis 04.12.2015 19:16 Mobile Partner 22.04.2016 17:12 OnlineUpdate 15.03.2017 19:24 Package Cache 30.04.2017 10:09 PLAY ONLINE 30.09.2015 19:37 Pulpit [C:\Users\Public\Desktop] 29.07.2017 14:40 regid.1991-06.com.microsoft 22.02.2016 23:46 Riot Games 03.07.2017 11:54 Skype 18.03.2017 23:03 SoftwareDistribution 02.09.2016 18:46 sozy 14.08.2017 11:08 SWCUTemp 23.09.2015 18:34 Synaptics 30.09.2015 19:37 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 30.09.2016 14:38 Tencent 21.12.2015 16:06 The-Dogies 29.07.2017 14:40 USOPrivate 29.07.2017 14:40 USOShared 28.01.2017 23:30 UvConverter 20.03.2017 06:01 WindowsHolographicDevices 27.07.2017 17:53 4 _lg.3sap 1 File(s) 4 bytes 35 Dir(s) 419˙258˙142˙720 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\katar\AppData\Local ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Users\katar\AppData\Local 16.08.2017 13:52 . 16.08.2017 13:52 .. 27.03.2016 16:40 ActiveSync 22.03.2016 16:39 AION 30.11.2015 19:00 CEF 30.11.2015 18:40 Comms 29.07.2017 20:17 ConnectedDevicesPlatform 29.07.2017 14:34 Dane aplikacji [C:\Users\katar\AppData\Local] 14.04.2017 21:42 Diagnostics 15.03.2016 18:15 fontconfig 16.06.2017 19:24 Gametree 15.03.2016 18:15 gegl-0.2 03.11.2016 14:24 Google 06.07.2017 22:56 gtk-2.0 29.07.2017 14:34 Historia [C:\Users\katar\AppData\Local\Microsoft\Windows\History] 09.08.2017 13:03 56˙281 IconCache.db 29.07.2017 14:50 Microsoft 30.11.2015 18:47 MicrosoftEdge 25.04.2016 16:20 Mirillis 26.02.2016 16:50 Mozilla 30.11.2015 18:38 NetworkTiles 07.08.2017 18:13 Packages 08.12.2015 23:34 Programs 30.11.2015 18:39 Publishers 19.12.2015 11:13 RadonLabs 06.07.2017 22:57 1˙781 recently-used.xbel 30.06.2017 19:40 Star Stable 30.11.2015 19:00 Steam 16.08.2017 13:53 Temp 29.07.2017 14:34 Temporary Internet Files [C:\Users\katar\AppData\Local\Microsoft\Windows\INetCache] 30.11.2015 18:37 TileDataLayer 13.05.2017 12:12 UNP 30.04.2017 10:31 VirtualStore 03.12.2015 22:39 Warframe 2 File(s) 58˙062 bytes 32 Dir(s) 419˙258˙138˙624 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\katar\AppData\LocalLow ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Users\katar\AppData\LocalLow 02.07.2017 20:38 . 02.07.2017 20:38 .. 22.03.2016 16:40 Microsoft 03.08.2017 21:22 Mozilla 21.06.2017 14:23 StarStableOnline 01.12.2015 14:46 Temp 0 File(s) 0 bytes 6 Dir(s) 419˙258˙142˙720 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\katar\AppData\Roaming ========= Volume in drive C is Windows Volume Serial Number is 6020-576E Directory of C:\Users\katar\AppData\Roaming 29.07.2017 14:37 . 29.07.2017 14:37 .. 30.11.2015 18:37 Adobe 16.11.2016 12:45 AION 11.05.2016 16:11 AliciaOnline 08.02.2016 13:09 AVAST Software 17.03.2017 21:37 Bandicam Company 25.04.2016 15:57 BANDISOFT 02.09.2016 18:46 Booking_helper 28.09.2016 18:17 Elex-tech 02.09.2016 18:46 GoldenGate 24.07.2017 13:27 gplyra 22.09.2016 20:02 jawego 23.02.2016 01:20 LolClient 30.11.2015 18:48 Macromedia 29.07.2017 14:48 Microsoft 25.04.2016 16:20 Mirillis 26.02.2016 16:44 Mozilla 07.09.2016 21:45 opera_helper 12.03.2017 12:49 PC Purifier 22.02.2016 23:39 Riot Games 03.07.2017 11:50 Skype 30.11.2015 18:37 Synaptics 28.01.2017 23:39 System Monitor 10.12.2015 16:02 Trove 01.05.2017 13:08 TS3Client 02.04.2016 00:33 Tunngle 02.07.2017 20:38 uTorrent 0 File(s) 0 bytes 28 Dir(s) 419˙258˙138˙624 bytes free ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23434375 B Java, Flash, Steam htmlcache => 256830292 B Windows/system/drivers => 2435197 B Edge => 173000071 B Chrome => 40996238 B Firefox => 375868065 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 5050 B NetworkService => 46882 B katar => 68102588 B RecycleBin => 0 B EmptyTemp: => 902.9 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 13:58:25 ====