Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-04-2017 Uruchomiony przez Sławny (22-04-2017 08:50:26) Run:3 Uruchomiony z C:\Users\Sławny\Desktop\FRST Załadowane profile: Sławny (Dostępne profile: Sławny & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} HKU\S-1-5-21-2928031591-3755042668-476525210-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu7AylGRx230evXqe-RyAwF_kPZKwEXN9fTzUSlVGaTaWCoCYd0Pybhz0KeX7gDkv6-frGp38HMMGrpS7em1VouLnp4nKOfMTmsSN2LFrsc9Y4lu2dDbsJbvF4pvo2xUkZZ3CR_5h1NEQ-0mICnQBOLzhwVw,, HKU\S-1-5-21-2928031591-3755042668-476525210-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu7AylGRx230evXqe-RyAwF_kPZKwEXN9fTzUSlVGaTaWCoCYd0Pybhz0KeX7gDkv2txfhHl14xn80Rfm5mX0F4_HCTTpKydPB4jxA5kdPPBZfu4Un-Ss_rssgJZJ49rvAmrvlnDy_xnSyEEBXY4YeCxTYWQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793&q={searchTerms} SearchScopes: HKU\S-1-5-21-2928031591-3755042668-476525210-1003 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu7AylGRx230evXqe-RyAwF_kPZKwEXN9fTzUSlVGaTaWCoCYd0Pybhz0KeX7gDkv2txfhHl14xn80Rfm5mX0F4_HCTTpKydPB4jxA5kdPPBZfu4Un-Ss_rssgJZJ49rvAmrvlnDy_xnSyEEBXY4YeCxTYWQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2928031591-3755042668-476525210-1003 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu7AylGRx230evXqe-RyAwF_kPZKwEXN9fTzUSlVGaTaWCoCYd0Pybhz0KeX7gDkv2txfhHl14xn80Rfm5mX0F4_HCTTpKydPB4jxA5kdPPBZfu4Un-Ss_rssgJZJ49rvAmrvlnDy_xnSyEEBXY4YeCxTYWQ,,&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492589291&z=0919894df89a5868cdab4fcg6z5t2o2web4teo6t6o&from=che0812&uid=SAMSUNGXHD502IJ_S13TJ1CQ405793 ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\SAWNY~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\SAWNY~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Sławny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\SAWNY~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ FirewallRules: [{579ACB29-0326-42FE-A2C8-F4B80AEA545E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Sławny\Desktop\Wszystko\Driver Easy.lnk C:\Users\Sławny\Desktop\Wszystko\Mozilla Firefox.lnk Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Sławny\AppData\Local\Mozilla C:\Users\Sławny\AppData\Roaming\Mozilla C:\Users\Sławny\AppData\Roaming\Profiles EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Wartość nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => Wartość nie znaleziono. HKCR\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => klucz nie znaleziono. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Wartość nie znaleziono. HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2928031591-3755042668-476525210-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-2928031591-3755042668-476525210-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Błąd przy ustawianiu wartości. HKU\S-1-5-21-2928031591-3755042668-476525210-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Błąd przy ustawianiu wartości. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono.