Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:21-10-2015 01 Uruchomiony przez Dyrekcja (2015-10-23 20:48:21) Run:1 Uruchomiony z C:\Users\Dyrekcja\Desktop\FRST Załadowane profile: UpdatusUser & Dyrekcja (Dostępne profile: UpdatusUser & Dyrekcja) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} HKU\S-1-5-21-777405041-3333386566-970987827-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1435662415&z=42d6f9b3e881ea9a1b1d3dagbz2c3w5qbq6o9zee3w&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&q={searchTerms} SearchScopes: HKU\S-1-5-21-777405041-3333386566-970987827-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&ts=1435662454&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-777405041-3333386566-970987827-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&ts=1435662454&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-777405041-3333386566-970987827-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&ts=1435662454&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-777405041-3333386566-970987827-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&ts=1435662454&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-777405041-3333386566-970987827-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-1DG142_S3P2GY52XXXXS3P2GY52&ts=1435662454&type=default&q={searchTerms} FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe" HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86) Bluetooth Suite\BtvStack.exe HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-777405041-3333386566-970987827-1002\...\Run: [OFFICYNAMM_UPDATE] => C:\Users\Dyrekcja\AppData Roaming\oficynamm\start.exe /exe oficynaup.exe HKU\S-1-5-21-777405041-3333386566-970987827-1002\...\Run: [KALG] => C:\Users\Dyrekcja\AppData\Roaming\oficynamm\start.exe /exe minical.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-02-11] R1 arcawfp; C:\Windows\System32 drivers\arcawfp.sys [60104 2015-07-06] (NetFilterSDK.com) C:\Windows\System32\drivers\arcawfp.sys Task: {22778577-6FB7-4E3B-B88B-EA6CADFFA47B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {2ACA6ADB-538F-45D7-8A16-1545E6B10C99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {593AD690-96CC-4523-AE17-2F6905EE89EC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {5E73CCB7-2FE0-4EE5-AC73-CEA63FF8C31C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {806C1AA3-2EBE-4002-9789-9FB1691920B0} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {98FE147B-7CC4-4A53-8247-49953600DDE2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {BCA70ED2-E34C-48EE-A6B9-3177E28962BF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v KALG /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OFFICYNAMM_UPDATE /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\system32\nvinitx.dll" /f EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-777405041-3333386566-970987827-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-777405041-3333386566-970987827-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-777405041-3333386566-970987827-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKU\S-1-5-21-777405041-3333386566-970987827-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => klucz pomyślnie usunięto HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => klucz nie znaleziono. "HKU\S-1-5-21-777405041-3333386566-970987827-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-777405041-3333386566-970987827-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => klucz pomyślnie usunięto HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => klucz nie znaleziono. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quickprint@hp.com => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence => Wartość pomyślnie usunięto HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\BtvStack => Wartość pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Wartość pomyślnie usunięto HKU\S-1-5-21-777405041-3333386566-970987827-1002\Software\Microsoft\Windows\CurrentVersion\Run\\OFFICYNAMM_UPDATE => Wartość pomyślnie usunięto HKU\S-1-5-21-777405041-3333386566-970987827-1002\Software\Microsoft\Windows\CurrentVersion\Run\\KALG => Wartość pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => pomyślnie przeniesiono arcawfp => Nie można zatrzymać usługi. arcawfp => serwis pomyślnie usunięto C:\Windows\System32\drivers\arcawfp.sys => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22778577-6FB7-4E3B-B88B-EA6CADFFA47B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22778577-6FB7-4E3B-B88B-EA6CADFFA47B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ACA6ADB-538F-45D7-8A16-1545E6B10C99}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ACA6ADB-538F-45D7-8A16-1545E6B10C99}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{593AD690-96CC-4523-AE17-2F6905EE89EC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{593AD690-96CC-4523-AE17-2F6905EE89EC}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E73CCB7-2FE0-4EE5-AC73-CEA63FF8C31C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E73CCB7-2FE0-4EE5-AC73-CEA63FF8C31C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{806C1AA3-2EBE-4002-9789-9FB1691920B0}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{806C1AA3-2EBE-4002-9789-9FB1691920B0}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\ASUS InstantOn Config => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS InstantOn Config" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98FE147B-7CC4-4A53-8247-49953600DDE2}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98FE147B-7CC4-4A53-8247-49953600DDE2}" => klucz pomyślnie usunięto C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCA70ED2-E34C-48EE-A6B9-3177E28962BF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA70ED2-E34C-48EE-A6B9-3177E28962BF}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers => klucz pomyślnie usunięto ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v KALG /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v OFFICYNAMM_UPDATE /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\system32\nvinitx.dll" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= EmptyTemp: => 1.1 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 20:51:10 ====