Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:04-10-2015 Uruchomiony przez MAGDA (2015-10-06 10:31:06) Run:2 Uruchomiony z C:\Users\MAGDA\Downloads\program FRST Załadowane profile: MAGDA (Dostępne profile: MAGDA) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Task: {F582B5A0-6807-4593-AA40-02B567A16FC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3679323292-2381456270-572968583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WX21E54V4419_WDCWD5000LPVX-22V0TT0&tm=1443701668 SearchScopes: HKU\S-1-5-21-3679323292-2381456270-572968583-1001 -> {98B4F0C1-E3B7-45CA-845E-48519D6FCDED} URL = IE trusted site: HKU\S-1-5-21-3679323292-2381456270-572968583-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3679323292-2381456270-572968583-1001\...\webcompanion.com -> hxxp://webcompanion.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk C:\Windows\System32\Tasks\netupodtep C:\Windows\system32\Drivers\etc\hp.bak DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\netupodtep Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v BitTorrent /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v abDocsDllLoader /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F582B5A0-6807-4593-AA40-02B567A16FC1}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F582B5A0-6807-4593-AA40-02B567A16FC1}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => klucz pomyślnie usunięto HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-3679323292-2381456270-572968583-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono "HKU\S-1-5-21-3679323292-2381456270-572968583-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98B4F0C1-E3B7-45CA-845E-48519D6FCDED}" => klucz pomyślnie usunięto HKCR\CLSID\{98B4F0C1-E3B7-45CA-845E-48519D6FCDED} => klucz nie znaleziono. "HKU\S-1-5-21-3679323292-2381456270-572968583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => klucz pomyślnie usunięto "HKU\S-1-5-21-3679323292-2381456270-572968583-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => klucz pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => pomyślnie przeniesiono C:\Users\MAGDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk => pomyślnie przeniesiono C:\Windows\System32\Tasks\netupodtep => pomyślnie przeniesiono C:\Windows\system32\Drivers\etc\hp.bak => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\netupodtep => klucz pomyślnie usunięto ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v BitTorrent /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v abDocsDllLoader /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ==== Koniec Fixlog 10:31:08 ====