Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Waldek (2015-12-10 17:39:45) Run:1 Uruchomiony z C:\Users\Waldek\Desktop\Nowy folder (2) Załadowane profile: Waldek (Dostępne profile: Waldek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T <==== UWAGA ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T <==== UWAGA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449655338&z=48ac688c744cb71b3ed9c4ag0zbzftfq5wdwec7c3m&from=ient07021&uid=ST1000DM003-1SB10C_Z9A0124TXXXXZ9A0124T OPR Session Restore: -> [funkcja włączona] Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WdMan" /f S4 WdMan; C:\ProgramData\pWdMp\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] C:\Program Files (x86)\Enigma Software Group c:\Windows\system32\Drivers\EsgScanner.sys 2015-12-09 11:03 - 2015-12-09 11:04 - 00000000 ____D C:\ProgramData\pWdMp 2015-12-09 11:02 - 2015-12-09 11:02 - 00000000 ____D C:\ProgramData\9WdM9 C:\Windows\Minidump\*.dmp EmptyTemp: ***************** C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => nie znaleziono. C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk => nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Opera.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono OPR Session Restore: -> [funkcja włączona] => pomyślnie usunięto ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WdMan" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= Koniec Reg: ========= WdMan => Usługa pomyślnie zatrzymana. WdMan => serwis pomyślnie usunięto esgiguard => serwis nie znaleziono. MSICDSetup => serwis pomyślnie usunięto NTIOLib_1_0_C => serwis pomyślnie usunięto "C:\Program Files (x86)\Enigma Software Group" => nie znaleziono. "c:\Windows\system32\Drivers\EsgScanner.sys" => nie znaleziono. "C:\ProgramData\pWdMp" => nie znaleziono. "C:\ProgramData\9WdM9" => nie znaleziono. =========== "C:\Windows\Minidump\*.dmp" ========== nie znaleziono ========= Koniec -> "C:\Windows\Minidump\*.dmp" ======== EmptyTemp: => 929.3 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 17:39:53 ====