Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:27-04-2016 Uruchomiony przez lenovo (2016-04-27 22:37:37) Run:2 Uruchomiony z C:\Users\lenovo\Downloads Załadowane profile: lenovo (Dostępne profile: lenovo) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: AppInit_DLLs: C:\ProgramData\Quotenamron\Namdom.dll => C:\ProgramData\Quotenamron\Namdom.dll [361984 2016-04-21] () AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Zathphase.dll => C:\ProgramData\Quotenamron\Zathphase.dll [257536 2016-04-21] () S4 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [1213440 2016-04-21] () [Brak podpisu cyfrowego] Task: {CB89FE5D-81B9-4051-A7FD-DF229395DA6D} - System32\Tasks\lenovoMuttsDisincliningV2 => Rundll32.exe ScriptsPosting.dll,main 7 1 <==== UWAGA HKLM-x32\...\Run: [] => [X] HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2576432662-3230786984-552761320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqSciBFdziUGE6gglZlFyyg1GpYsnl5IYW79hHEEwLADzmSVXLIa2x-DF9rzptx8Pp7yFfQs_CSIA5rcPprDT3Xv2ic&q={searchTerms} HKU\S-1-5-21-2576432662-3230786984-552761320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqebI93e0NwtMs8fFEisMHuEuhxqdaStf1zv9facjht4K78RiOemXSepAQQ4IMN6D4ddmr6jmmbudMVyDFnq4Sg1LML HKU\S-1-5-21-2576432662-3230786984-552761320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqSciBFdziUGE6gglZlFyyg1GpYsnl5IYW79hHEEwLADzmSVXLIa2x-DF9rzptx8Pp7yFfQs_CSIA5rcPprDT3Xv2ic&q={searchTerms} HKU\S-1-5-21-2576432662-3230786984-552761320-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqSciBFdziUGE6gglZlFyyg1GpYsnl5IYW79hHEEwLADzmSVXLIa2x-DF9rzptx8Pp7yFfQs_CSIA5rcPprDT3Xv2ic&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqSciBFdziUGE6gglZlFyyg1GpYsnl5IYW79hHEEwLADzmSVXLIa2x-DF9rzptx8Pp7yFfQs_CSIA5rcPprDT3Xv2ic&q={searchTerms} SearchScopes: HKU\S-1-5-21-2576432662-3230786984-552761320-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT3GOWsi_8CTz4dOKbTmMTs4JCnrAQ5sdmH5aGx5m6x4OlP83972DXA1ygaHX645CVfHfYMJWFHNwXEqSciBFdziUGE6gglZlFyyg1GpYsnl5IYW79hHEEwLADzmSVXLIa2x-DF9rzptx8Pp7y CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\ProgramData\Quotenamron C:\ProgramData\Quotenamrons C:\Users\lenovo\AppData\Local\MuttsDisinclining C:\Users\lenovo\AppData\Roaming\*.* C:\Users\lenovo\AppData\Roaming\{0AA72162-031C-D2D3-7C26-757935C77ABA} C:\Users\lenovo\AppData\Roaming\Mozilla C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\allegro.pl .lnk C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk C:\WINDOWS\SysWOW64\findit.xml RemoveDirectory: C:\Users\TEMP EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "C:\ProgramData\Quotenamron\Namdom.dll" => Dane wartości nie znaleziono. "C:\ProgramData\Quotenamron\Zathphase.dll" => Dane wartości nie znaleziono. Quotenamron => serwis nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB89FE5D-81B9-4051-A7FD-DF229395DA6D}" => klucz pomyślnie usunięto