Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015
Uruchomiony przez 7 (2015-12-09 19:04:30) Run:2
Uruchomiony z C:\Users\7\Downloads
Załadowane profile: 7 (Dostępne profile: 7)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9 <==== UWAGA
ShortcutWithArgument: C:\Users\7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9 <==== UWAGA
ShortcutWithArgument: C:\Users\7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\FIFA 15.lnk -> E:\Program Files (x86)\FIFA 15\FIFA 15\Launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9 <==== UWAGA
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4265689537-3529688487-1946468061-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4265689537-3529688487-1946468061-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660685&z=0e7c6e7dcacd502db5a0f58g1z4z6t4qeq1eaqcbfz&from=ient07021&uid=WDCXWD10EZRX-00L4HB0_WD-WCC4J6P9NAK99NAK9&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-4265689537-3529688487-1946468061-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
Task: {3E2EC08B-73CA-46FB-874A-271FABADA93E} - \Steam_x64-S-2-106-91 -> Brak pliku <==== UWAGA
Task: {9E8E992F-D811-4698-AF9F-5C93310C695C} - System32\Tasks\{6B8F8BFA-4EC5-41E3-868D-B7ED528CB070} => pcalua.exe -a C:\Users\7\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 CmdAgent; Brak ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
C:\Program Files\ACD Systems
C:\Program Files (x86)\Google
C:\Program Files (x86)\Opera
C:\ProgramData\Avg
C:\ProgramData\FWdMF
C:\ProgramData\lWdMl
C:\ProgramData\MFAData
C:\Users\7\AppData\Local\ACD Systems
C:\Users\7\AppData\Local\Avg
C:\Users\7\AppData\Local\AvgSetupLog
C:\Users\7\AppData\Local\Google
C:\Users\7\AppData\Local\MFAData
C:\Users\7\AppData\Roaming\AVG
C:\Users\7\AppData\Roaming\Enigma Software Group
C:\Users\7\AppData\Roaming\TuneUp Software
C:\Users\7\Documents\Euro Truck Simulator 2\readme.rtf.lnk
C:\Users\7\Downloads\SpyHunter-Installer.exe
C:\Windows\pss\Download.lnk.Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\Windows\SysWOW64\pl.html
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download.lnk" /
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VCVS01EN" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
DisableService: PLAY ONLINE. RunOuc
CMD: netsh advfirewall reset
CMD: net user ASPNET /delete
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono
C:\Users\7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Public\Desktop\FIFA 15.lnk => Skrót - argument pomyślnie usunięto.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKU\S-1-5-21-4265689537-3529688487-1946468061-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
"HKU\S-1-5-21-4265689537-3529688487-1946468061-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
"HKU\S-1-5-21-4265689537-3529688487-1946468061-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E2EC08B-73CA-46FB-874A-271FABADA93E}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2EC08B-73CA-46FB-874A-271FABADA93E}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E8E992F-D811-4698-AF9F-5C93310C695C}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E8E992F-D811-4698-AF9F-5C93310C695C}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\{6B8F8BFA-4EC5-41E3-868D-B7ED528CB070} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B8F8BFA-4EC5-41E3-868D-B7ED528CB070}" => klucz pomyślnie usunięto
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => klucz pomyślnie usunięto
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => klucz pomyślnie usunięto
AppMgmt => serwis pomyślnie usunięto
catchme => serwis pomyślnie usunięto
CmdAgent => serwis pomyślnie usunięto
ewusbnet => serwis pomyślnie usunięto
gdrv => serwis pomyślnie usunięto
MBAMSwissArmy => serwis pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => klucz pomyślnie usunięto
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => klucz pomyślnie usunięto
C:\Program Files\ACD Systems => pomyślnie przeniesiono
C:\Program Files (x86)\Google => pomyślnie przeniesiono
C:\Program Files (x86)\Opera => pomyślnie przeniesiono
C:\ProgramData\Avg => pomyślnie przeniesiono
C:\ProgramData\FWdMF => pomyślnie przeniesiono
C:\ProgramData\lWdMl => pomyślnie przeniesiono
C:\ProgramData\MFAData => pomyślnie przeniesiono
C:\Users\7\AppData\Local\ACD Systems => pomyślnie przeniesiono
C:\Users\7\AppData\Local\Avg => pomyślnie przeniesiono
C:\Users\7\AppData\Local\AvgSetupLog => pomyślnie przeniesiono
C:\Users\7\AppData\Local\Google => pomyślnie przeniesiono
C:\Users\7\AppData\Local\MFAData => pomyślnie przeniesiono
C:\Users\7\AppData\Roaming\AVG => pomyślnie przeniesiono
C:\Users\7\AppData\Roaming\Enigma Software Group => pomyślnie przeniesiono
C:\Users\7\AppData\Roaming\TuneUp Software => pomyślnie przeniesiono
C:\Users\7\Documents\Euro Truck Simulator 2\readme.rtf.lnk => pomyślnie przeniesiono
C:\Users\7\Downloads\SpyHunter-Installer.exe => pomyślnie przeniesiono
C:\Windows\pss\Download.lnk.Startup => pomyślnie przeniesiono
C:\Windows\system32\Drivers\EsgScanner.sys => pomyślnie przeniesiono
C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono

========= reg delete HKCU\Software\Google /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Google /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download.lnk" / =========

BŁĄD: Nieprawidłowa składania.
Aby poznać sposób użycia, wpisz "REG DELETE /?".


========= Koniec  Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VCVS01EN" /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukończona pomyślnie.


========= Koniec  Reg: =========

PLAY ONLINE. RunOuc => usługę wyłączono

=========  netsh advfirewall reset =========

Ok.


========= Koniec  CMD: =========


=========  net user ASPNET /delete =========

Polecenie zosta�o wykonane pomy�lnie.


========= Koniec  CMD: =========

EmptyTemp: => 112.3 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 19:05:15 ====