Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 14.03.2018 Uruchomiony przez proj01 (16-03-2018 08:14:07) Run:1 Uruchomiony z C:\Users\proj01\Desktop Załadowane profile: UpdatusUser & proj01 (Dostępne profile: UpdatusUser & proj01) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1423819233&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1423819224&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1423819233&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1423819224&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://smartsputnik.ru/?ri=1&uid=d90b17b6c5d699e4a156e30a7640e5a4&q={searchTerms} HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=C85694DE8013A3C6&affID=125036&tsp=5039 HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://smartsputnik.ru/?ri=1&uid=d90b17b6c5d699e4a156e30a7640e5a4&q={searchTerms} URLSearchHook: [S-1-5-21-1204853592-1244451205-1784681606-1004] UWAGA => Brak domyślnego URLSearchHook URLSearchHook: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1423819224&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1423819224&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1423819224&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=d90b17b6c5d699e4a156e30a7640e5a4&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&ts=1423819244&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=d90b17b6c5d699e4a156e30a7640e5a4&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://smartsputnik.ru/?ri=1&uid=d90b17b6c5d699e4a156e30a7640e5a4&q= SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&ts=1423819244&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&ts=1423819244&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX&ts=1423819244&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383641646&from=cor&uid=TOSHIBAXDT01ACA050_538BTV9NSXX538BTV9NSX HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\...\Policies\Explorer: [] CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA S2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [0 2016-11-18] () <==== UWAGA (zerobajtowy plik/folder) S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] S1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [23552 2009-10-25] (Flint Incorporation) [Brak podpisu cyfrowego] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] MSCONFIG\startupreg: oskb => C:\Windows\system32\oskb\oskb.exe Task: {0496B978-4038-47D1-A3F7-71C012BAB4C9} - System32\Tasks\{924DD76E-070A-4EFB-8D34-2073A4DD95F9} => C:\Windows\system32\pcalua.exe -a C:\Users\proj01\Desktop\PDT_Gru.2.02.11\PDT_Gru.2.02.11.exe -d C:\Users\proj01\Desktop\PDT_Gru.2.02.11 Task: {ACDFD66A-2495-4734-8177-CDB239D9D651} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {B10B92F5-6B0E-4E4D-A42A-9CF6E31790B7} - System32\Tasks\{AE9022E9-4E7D-4277-8277-2D992A30FFA2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Zuzia9\Hasp\hinstall.exe" -d "C:\Program Files (x86)\Zuzia9\Hasp" Task: {B6DFA886-3197-4729-840A-66BF8F2E172F} - System32\Tasks\{EC1323C8-D1D6-4B1C-98E6-137D01607CBE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Gstarsoft\GstarCAD2016\setup.exe" Task: {BF3A5097-5510-4BFA-BF9B-279EF58B1E73} - System32\Tasks\{7E130134-05F3-4C89-9C4D-377D4DB70CC6} => C:\Windows\system32\pcalua.exe -a C:\Users\proj01\Desktop\2010-07-12_7-16_WAVPL_DOR.exe -d C:\Users\proj01\Desktop Task: {BF5E9219-8703-4C9C-8824-E4937CCAF385} - System32\Tasks\{5E0C6FD2-9F9F-4A99-BFBF-BF2E496A2705} => C:\Windows\system32\pcalua.exe -a C:\Users\proj01\Desktop\kml_tools_pro_x32\Setup.exe -d C:\Users\proj01\Desktop\kml_tools_pro_x32 CustomCLSID: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1204853592-1244451205-1784681606-1004_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe => Brak pliku FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Brak pliku] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Brak pliku] StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions C:\ProgramData\TEMP C:\Users\proj01\AppData\Local\{*} C:\Users\proj01\AppData\Roaming\Microsoft\*.* C:\Users\proj01\AppData\Local\Google\Chrome\User Data\Default C:\Users\proj01\AppData\Local\Google\Chrome\User Data\Profile 1 C:\Users\proj01\AppData\Local\Google\Chrome\User Data\System Profile C:\Windows\system32\Drivers\*.tmp C:\Windows\System32\Drivers\VD_FileDisk.sys C:\Windows\SysWOW64\UTSCSI.EXE C:\Windows\SysWow64\Drivers\Kmm4xNT.sys Folder: C:\Windows\SysWOW64\oskb File: C:\Windows\SysWOW64\oskb\oskb.exe Hosts: cmd: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page" => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono Nie można przywrócić Domyślne URLSearchHook. "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D}" => nie znaleziono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => nie znaleziono "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope" => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => nie znaleziono HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => nie znaleziono HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => nie znaleziono HKLM\Software\Classes\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => nie znaleziono HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => nie znaleziono HKLM\Software\Classes\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => nie znaleziono "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => nie znaleziono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => pomyślnie usunięto "HKLM\SOFTWARE\Policies\Google" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\UTSCSI" => pomyślnie usunięto UTSCSI => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Kmm4xNT" => pomyślnie usunięto Kmm4xNT => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\VD_FileDisk" => pomyślnie usunięto VD_FileDisk => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\ewusbmbb" => pomyślnie usunięto ewusbmbb => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\ew_hwusbdev" => pomyślnie usunięto ew_hwusbdev => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\gdrv" => pomyślnie usunięto gdrv => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\huawei_enumerator" => pomyślnie usunięto huawei_enumerator => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\hwdatacard" => pomyślnie usunięto hwdatacard => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0" => pomyślnie usunięto Nero BackItUp Scheduler 4.0 => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\pccsmcfd" => pomyślnie usunięto pccsmcfd => serwis pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\oskb" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0496B978-4038-47D1-A3F7-71C012BAB4C9}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0496B978-4038-47D1-A3F7-71C012BAB4C9}" => pomyślnie usunięto C:\Windows\System32\Tasks\{924DD76E-070A-4EFB-8D34-2073A4DD95F9} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{924DD76E-070A-4EFB-8D34-2073A4DD95F9}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{ACDFD66A-2495-4734-8177-CDB239D9D651}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDFD66A-2495-4734-8177-CDB239D9D651}" => pomyślnie usunięto C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B10B92F5-6B0E-4E4D-A42A-9CF6E31790B7}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B10B92F5-6B0E-4E4D-A42A-9CF6E31790B7}" => pomyślnie usunięto C:\Windows\System32\Tasks\{AE9022E9-4E7D-4277-8277-2D992A30FFA2} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE9022E9-4E7D-4277-8277-2D992A30FFA2}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6DFA886-3197-4729-840A-66BF8F2E172F}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6DFA886-3197-4729-840A-66BF8F2E172F}" => pomyślnie usunięto C:\Windows\System32\Tasks\{EC1323C8-D1D6-4B1C-98E6-137D01607CBE} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC1323C8-D1D6-4B1C-98E6-137D01607CBE}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF3A5097-5510-4BFA-BF9B-279EF58B1E73}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF3A5097-5510-4BFA-BF9B-279EF58B1E73}" => pomyślnie usunięto C:\Windows\System32\Tasks\{7E130134-05F3-4C89-9C4D-377D4DB70CC6} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E130134-05F3-4C89-9C4D-377D4DB70CC6}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF5E9219-8703-4C9C-8824-E4937CCAF385}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF5E9219-8703-4C9C-8824-E4937CCAF385}" => pomyślnie usunięto C:\Windows\System32\Tasks\{5E0C6FD2-9F9F-4A99-BFBF-BF2E496A2705} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E0C6FD2-9F9F-4A99-BFBF-BF2E496A2705}" => pomyślnie usunięto "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}" => pomyślnie usunięto "HKU\S-1-5-21-1204853592-1244451205-1784681606-1004_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}" => pomyślnie usunięto HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => nie znaleziono HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => nie znaleziono HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions" => pomyślnie usunięto C:\ProgramData\TEMP => pomyślnie przeniesiono =========== "C:\Users\proj01\AppData\Local\{*}" ========== C:\Users\proj01\AppData\Local\{25B45F6E-4CA2-4197-A14A-18E4B7EC7C95} => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\{3B812EC6-E62D-4A3F-BFA9-F05BD46E22D0} => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\{62D4098B-E7BF-440A-B440-CBCBE89C4735} => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\{66E54E9C-FB83-4B2D-939D-9E1086A6BDDF} => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\{866BC085-F2B1-4F14-B1E2-79790F89A9B0} => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\{BEDE1EF2-F1A1-4350-93B8-BA3A0EC1B6F0} => pomyślnie przeniesiono ========= Koniec -> "C:\Users\proj01\AppData\Local\{*}" ======== =========== "C:\Users\proj01\AppData\Roaming\Microsoft\*.*" ========== C:\Users\proj01\AppData\Roaming\Microsoft\1eaadjc.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\bass.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\kfgresk.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\mjcriu.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\peaadje.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\qwadjb.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\rsaadjd.dll => pomyślnie przeniesiono C:\Users\proj01\AppData\Roaming\Microsoft\~DFK6226a4.tmp => pomyślnie przeniesiono ========= Koniec -> "C:\Users\proj01\AppData\Roaming\Microsoft\*.*" ======== C:\Users\proj01\AppData\Local\Google\Chrome\User Data\Default => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\Google\Chrome\User Data\Profile 1 => pomyślnie przeniesiono C:\Users\proj01\AppData\Local\Google\Chrome\User Data\System Profile => pomyślnie przeniesiono =========== "C:\Windows\system32\Drivers\*.tmp" ========== nie znaleziono ========= Koniec -> "C:\Windows\system32\Drivers\*.tmp" ======== C:\Windows\System32\Drivers\VD_FileDisk.sys => pomyślnie przeniesiono C:\Windows\SysWOW64\UTSCSI.EXE => pomyślnie przeniesiono C:\Windows\SysWow64\Drivers\Kmm4xNT.sys => pomyślnie przeniesiono ========================= Folder: C:\Windows\SysWOW64\oskb ======================== 2009-07-19 10:00 - 2009-07-19 11:00 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\SysWOW64\oskb\bad_keywords.txt 2005-10-13 10:18 - 2005-10-13 11:18 - 000000249 ____A [30088FC48C5648B6D9C3238B9F985917] () C:\Windows\SysWOW64\oskb\kolory.ini 2008-01-30 10:21 - 2008-01-30 10:21 - 000053760 __ASH [769C0CEBA43D2C84333AFD23C07E03AD] (Dyzmond Software) C:\Windows\SysWOW64\oskb\oskb.dll 2009-09-14 13:21 - 2009-09-14 13:21 - 001012224 __ASH [7F9BF71829B97451B206E306FE06DFE5] () C:\Windows\SysWOW64\oskb\oskb.exe 2009-07-19 09:59 - 2009-07-19 10:59 - 000000375 ____A [77C6CE63466BB3A8C254CAEA36B0990C] () C:\Windows\SysWOW64\oskb\oskb.ini 2006-12-05 12:53 - 2006-12-05 13:53 - 000000054 ____A [3F3C5D65540CA663394726CB54D3B5C2] () C:\Windows\SysWOW64\oskb\prog_zab.ini 2008-01-15 12:36 - 2008-01-15 13:36 - 000000092 __ASH [F072187A05B83233BC669A1DFF7D7ADA] () C:\Windows\SysWOW64\oskb\przegladarki.ini 2006-01-11 10:18 - 2006-01-11 10:18 - 000372224 __ASH [5110A27AA7107311BEDA7C9A6A7A9793] (Dyzmond Software) C:\Windows\SysWOW64\oskb\restart.exe 2007-12-02 22:13 - 2007-12-02 22:13 - 000437760 __ASH [EC97A0EF73BA59E538EBF5B2E6697DCD] (Dyzmond Software) C:\Windows\SysWOW64\oskb\sysinfo.dll ====== Koniec Folder: ====== ========================= File: C:\Windows\SysWOW64\oskb\oskb.exe ======================== C:\Windows\SysWOW64\oskb\oskb.exe Brak podpisu cyfrowego MD5: 7F9BF71829B97451B206E306FE06DFE5 Data utworzenia i modyfikacji: 2009-09-14 13:21 - 2009-09-14 13:21 Rozmiar: 001012224 Atrybuty: --ASH Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: 2.6.1.21 Produkt Wersja: 2.6 Prawa autorskie: VirusTotal: https://www.virustotal.com/file/9dac7c8ac53f0a351a2549d8bf6f8280465a08b2fd2e4645d2651469613675e9/analysis/1520519178/ ====== Koniec File: ====== C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11195787 B Java, Flash, Steam htmlcache => 1080 B Windows/system/drivers => 28361287 B Edge => 0 B Chrome => 352363183 B Firefox => 20161032 B Opera => 24654484 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 83659 B systemprofile32 => 4872731 B LocalService => 132244 B NetworkService => 692 B UpdatusUser => 0 B proj01 => 26082621 B RecycleBin => 474076214 B EmptyTemp: => 906.4 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 08:16:20 ====