Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:31-12-2015
Uruchomiony przez Niagara (2016-01-02 21:20:13) Run:1
Uruchomiony z C:\Users\Niagara\Downloads
Załadowane profile: UpdatusUser & Niagara (Dostępne profile: UpdatusUser & Niagara)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CustomCLSID: HKU\S-1-5-21-1581660641-4088170054-1556520515-1001_Classes\CLSID\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.2030\IEToolbar64.dll (Eshield)
Task: {387A011C-3825-45F6-BC5C-19F08DF66162} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-12-17] () <==== UWAGA
Task: {3A205834-516B-466D-986D-005A065521C3} - System32\Tasks\UpdateAdmin => C:\Users\Niagara\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2015-09-14] () <==== UWAGA
Task: {636493DF-2E8F-468B-8991-3FAC7855CA15} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-17] () <==== UWAGA
Task: {7D33940E-A16F-44EC-9749-72C597C3A5EE} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-17] () <==== UWAGA
Task: {9E272657-D373-499C-8BDA-B0839181C325} - System32\Tasks\RocketTab => /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== UWAGA
Task: {F15B4306-91A4-4105-A668-AC673E1F16A6} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2015-12-27] () <==== UWAGA
C:\Program Files (x86)\OneSystemCare
C:\Program Files (x86)\Search Extensions
C:\Users\Niagara\AppData\Local\UpdateAdmin
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1581660641-4088170054-1556520515-1000\...\Run: [] => [X]
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\...\Run: [BingSvc] => C:\Users\Niagara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\...\Run: [UpdateAdmin] => C:\Users\Niagara\AppData\Local\UpdateAdmin\UpdateAdmin.exe [237840 2015-09-14] ()
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
ProxyServer: [.DEFAULT] => http=127.0.0.1:49722;https=127.0.0.1:49722
ProxyEnable: [S-1-5-21-1581660641-4088170054-1556520515-1001] => Proxy [funkcja włączona]
ProxyServer: [S-1-5-21-1581660641-4088170054-1556520515-1001] => http=127.0.0.1:49360;https=127.0.0.1:49360
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&i=
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&i=
SearchScopes: HKU\S-1-5-21-1581660641-4088170054-1556520515-1000 -> {CE95908F-8160-4595-B6F6-1DA44EC7B955} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1581660641-4088170054-1556520515-1001 -> DefaultScope {384788A7-0AE3-4EB1-8A8C-86002C19FECC} URL = hxxp://search.eshield.com/serp?guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1581660641-4088170054-1556520515-1001 -> {2C13F046-83B4-44EE-B962-032D22CB04E8} URL =
SearchScopes: HKU\S-1-5-21-1581660641-4088170054-1556520515-1001 -> {384788A7-0AE3-4EB1-8A8C-86002C19FECC} URL = hxxp://search.eshield.com/serp?guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1581660641-4088170054-1556520515-1001 -> {F446DF6D-F2A7-430D-B131-6AA3BE80A89E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
BHO-x32: Money Viking -> {c7c5384f-d9e9-4db1-8c72-135ecccbc571} -> C:\Program Files (x86)\Money Viking\Extensions\c7c5384f-d9e9-4db1-8c72-135ecccbc571.dll [2015-12-27] ()
C:\Program Files (x86)\Money Viking
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
Toolbar: HKLM - eShield - {BE5B8FE0-05AC-41E6-882B-58E6C02BF266} - C:\Program Files (x86)\TNT2\2.0.0.2030\IEToolbar64.dll [2015-12-27] (Eshield)
C:\Program Files (x86)\TNT2
Toolbar: HKLM-x32 - eShield - {BE5B8FE0-05AC-41E6-882B-58E6C02BF266} - C:\Program Files (x86)\TNT2\2.0.0.2030\IEToolbar.dll [2015-12-27] (Eshield)
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&i=
FF DefaultSearchEngine: eShield Safe Web
FF SelectedSearchEngine: eShield Safe Web
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&action=default_search&k=
FF Plugin HKU\S-1-5-21-1581660641-4088170054-1556520515-1001: @tnt2npapi.com/Plugin -> C:\Users\Niagara\AppData\Local\TNT2\2.0.0.2030\npTNT2.dll [2015-12-27] (Eshield)
FF user.js: detected! => C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\user.js [2015-12-27]
FF SearchPlugin: C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\searchplugins\eshield-safe-web.xml [2016-01-02]
FF Extension: eShield - C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\extensions\toolbar11467@eshield.com.xpi [2015-12-27] [Brak podpisu cyfrowego]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
OPR Extension: (Money Viking) - C:\Users\Niagara\AppData\Roaming\Opera Software\Opera Stable\Extensions\olcdgagdjggaioeibbaohkppnfeoehgl [2015-12-27]
2015-12-27 18:40 - 2015-12-29 20:46 - 00003844 _____ C:\windows\System32\Tasks\UpdateAdmin
2015-12-27 18:40 - 2015-12-29 20:46 - 00000000 ____D C:\Users\Niagara\AppData\Roaming\One System Care
2015-12-27 18:40 - 2015-12-27 18:51 - 00000280 _____ C:\windows\Tasks\One System CarePeriod.job
2015-12-27 18:40 - 2015-12-27 18:40 - 00003572 _____ C:\windows\System32\Tasks\One System Care Task
2015-12-27 18:40 - 2015-12-27 18:40 - 00003248 _____ C:\windows\System32\Tasks\One System Care Monitor
2015-12-27 18:40 - 2015-12-27 18:40 - 00002860 _____ C:\windows\System32\Tasks\One System CarePeriod
2015-12-27 18:40 - 2015-12-27 18:40 - 00001082 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\Users\Niagara\AppData\Local\UpdateAdmin
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\ProgramData\d35a304c-2f63-1
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\ProgramData\d35a304c-12f7-0
2015-12-27 18:40 - 2015-12-27 18:40 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-12-27 18:38 - 2015-12-27 18:48 - 00000000 ____D C:\Program Files (x86)\TNT2
2015-12-27 18:38 - 2015-12-27 18:38 - 00000000 ____D C:\Users\Niagara\AppData\Local\TNT2
2015-12-27 18:38 - 2015-12-27 18:38 - 00000000 ____D C:\Program Files (x86)\Money Viking
EmptyTemp:
*****************

HKU\S-1-5-21-1581660641-4088170054-1556520515-1001_Classes\CLSID\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266} => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{387A011C-3825-45F6-BC5C-19F08DF66162} => klucz nie znaleziono. 
C:\windows\System32\Tasks\One System Care Monitor => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A205834-516B-466D-986D-005A065521C3} => klucz nie znaleziono. 
C:\windows\System32\Tasks\UpdateAdmin => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636493DF-2E8F-468B-8991-3FAC7855CA15} => klucz nie znaleziono. 
C:\windows\System32\Tasks\One System Care Task => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D33940E-A16F-44EC-9749-72C597C3A5EE} => klucz nie znaleziono. 
C:\windows\System32\Tasks\One System CarePeriod => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E272657-D373-499C-8BDA-B0839181C325} => klucz nie znaleziono. 
C:\windows\System32\Tasks\RocketTab => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15B4306-91A4-4105-A668-AC673E1F16A6} => klucz nie znaleziono. 
C:\windows\System32\Tasks\RocketTab Update Task => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task => klucz nie znaleziono. 
"C:\Program Files (x86)\OneSystemCare" => nie znaleziono.
"C:\Program Files (x86)\Search Extensions" => nie znaleziono.
"C:\Users\Niagara\AppData\Local\UpdateAdmin" => nie znaleziono.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto
HKU\S-1-5-21-1581660641-4088170054-1556520515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => Wartość pomyślnie usunięto
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateAdmin => Wartość nie znaleziono.
C:\windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
"HKLM\SOFTWARE\Policies\Google" => klucz pomyślnie usunięto
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Wartość pomyślnie usunięto
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wartość pomyślnie usunięto
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Wartość pomyślnie usunięto
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wartość nie znaleziono.
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
"HKU\S-1-5-21-1581660641-4088170054-1556520515-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE95908F-8160-4595-B6F6-1DA44EC7B955}" => klucz pomyślnie usunięto
HKCR\CLSID\{CE95908F-8160-4595-B6F6-1DA44EC7B955} => klucz nie znaleziono. 
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
"HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C13F046-83B4-44EE-B962-032D22CB04E8}" => klucz pomyślnie usunięto
HKCR\CLSID\{2C13F046-83B4-44EE-B962-032D22CB04E8} => klucz nie znaleziono. 
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{384788A7-0AE3-4EB1-8A8C-86002C19FECC} => klucz nie znaleziono. 
HKCR\CLSID\{384788A7-0AE3-4EB1-8A8C-86002C19FECC} => klucz nie znaleziono. 
"HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F446DF6D-F2A7-430D-B131-6AA3BE80A89E}" => klucz pomyślnie usunięto
HKCR\CLSID\{F446DF6D-F2A7-430D-B131-6AA3BE80A89E} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7c5384f-d9e9-4db1-8c72-135ecccbc571}" => klucz pomyślnie usunięto
"HKCR\Wow6432Node\CLSID\{c7c5384f-d9e9-4db1-8c72-135ecccbc571}" => klucz pomyślnie usunięto
"C:\Program Files (x86)\Money Viking" => nie znaleziono.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266} => Wartość nie znaleziono.
HKCR\CLSID\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266} => klucz nie znaleziono. 
"C:\Program Files (x86)\TNT2" => nie znaleziono.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266} => Wartość nie znaleziono.
HKCR\Wow6432Node\CLSID\{BE5B8FE0-05AC-41E6-882B-58E6C02BF266} => klucz nie znaleziono. 
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&i= => nie znaleziono
FF DefaultSearchEngine: eShield Safe Web => nie znaleziono
FF SelectedSearchEngine: eShield Safe Web => nie znaleziono
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={D8DFC695-E798-4265-A12B-B3AEF2583FC8}&action=default_search&k= => nie znaleziono
HKU\S-1-5-21-1581660641-4088170054-1556520515-1001\Software\MozillaPlugins\@tnt2npapi.com/Plugin => klucz nie znaleziono. 
C:\Users\Niagara\AppData\Local\TNT2\2.0.0.2030\npTNT2.dll => nie znaleziono.
C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\user.js => nie znaleziono.
"C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\searchplugins\eshield-safe-web.xml" => nie znaleziono.
C:\Users\Niagara\AppData\Roaming\Mozilla\Firefox\Profiles\2758wj9a.default\extensions\toolbar11467@eshield.com.xpi => nie znaleziono.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eahebamiopdhefndnmappcihfajigkka" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eahebamiopdhefndnmappcihfajigkka" => klucz pomyślnie usunięto
C:\Users\Niagara\AppData\Roaming\Opera Software\Opera Stable\Extensions\olcdgagdjggaioeibbaohkppnfeoehgl => pomyślnie przeniesiono
"C:\windows\System32\Tasks\UpdateAdmin" => nie znaleziono.
"C:\Users\Niagara\AppData\Roaming\One System Care" => nie znaleziono.
"C:\windows\Tasks\One System CarePeriod.job" => nie znaleziono.
"C:\windows\System32\Tasks\One System Care Task" => nie znaleziono.
"C:\windows\System32\Tasks\One System Care Monitor" => nie znaleziono.
"C:\windows\System32\Tasks\One System CarePeriod" => nie znaleziono.
"C:\Users\Public\Desktop\Launch One System Care.lnk" => nie znaleziono.
"C:\Users\Niagara\AppData\Local\UpdateAdmin" => nie znaleziono.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin" => nie znaleziono.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care" => nie znaleziono.
C:\ProgramData\d35a304c-2f63-1 => pomyślnie przeniesiono
C:\ProgramData\d35a304c-12f7-0 => pomyślnie przeniesiono
"C:\Program Files (x86)\OneSystemCare" => nie znaleziono.
"C:\Program Files (x86)\TNT2" => nie znaleziono.
"C:\Users\Niagara\AppData\Local\TNT2" => nie znaleziono.
"C:\Program Files (x86)\Money Viking" => nie znaleziono.
EmptyTemp: => 443 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 21:20:33 ====