Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez szekla (2015-12-11 06:29:43) Run:1 Uruchomiony z C:\Users\szekla\Desktop\FRST_64 Załadowane profile: szekla (Dostępne profile: szekla) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\JWdMJ\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] ShortcutWithArgument: C:\Users\szekla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\Users\szekla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} HKU\S-1-5-21-1299410582-2055644840-134518843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 HKU\S-1-5-21-1299410582-2055644840-134518843-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178&q={searchTerms} SearchScopes: HKU\S-1-5-21-1299410582-2055644840-134518843-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1448999602&z=2a7f9ddf70c79c6ea490f7eg7zfz5bbtdt5tfm2w4e&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1448999602&z=2a7f9ddf70c79c6ea490f7eg7zfz5bbtdt5tfm2w4e&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1448999602&z=2a7f9ddf70c79c6ea490f7eg7zfz5bbtdt5tfm2w4e&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178" CHR Session Restore: Default -> [funkcja włączona] FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\szekla\AppData\Roaming\Mozilla\Firefox\Profiles\e7glssvj.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\szekla\AppData\Roaming\Mozilla\Firefox\Profiles\e7glssvj.default\extensions\yahooprotected@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\szekla\AppData\Roaming\Mozilla\Firefox\Profiles\e7glssvj.default\extensions\default_newtabff@gmail.com => nie znaleziono StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449647965&z=f185757247dc29acc749ba0g2z4z1tbqez9b1gcgfb&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9BG165178 Task: {088ECF11-4F18-456B-93C5-4255F2177782} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo) HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe" DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartpageing uninstall DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\ProgramData\8WdM8 RemoveDirectory: C:\ProgramData\8WMiniPro8 RemoveDirectory: C:\ProgramData\JWdMJ RemoveDirectory: C:\Users\szekla\AppData\Roaming\istartpageing RemoveDirectory: C:\Users\szekla\Desktop\Stare dane programu Firefox C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\szekla\AppData\Local\Google\Chrome\User Data\Default\Web Data C:\Windows\SysWOW64\pl.html EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. WdMan => serwis pomyślnie usunięto C:\Users\szekla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\szekla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\szekla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-1299410582-2055644840-134518843-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-1299410582-2055644840-134518843-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-1299410582-2055644840-134518843-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono Chrome HomePage => pomyślnie usunięto Chrome StartupUrls => pomyślnie usunięto Chrome Session Restore: => nie znaleziono. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088ECF11-4F18-456B-93C5-4255F2177782}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088ECF11-4F18-456B-93C5-4255F2177782}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => klucz pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LenovoUtility => Wartość pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartpageing uninstall => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto "C:\ProgramData\8WdM8" => pomyślnie usunięto. "C:\ProgramData\8WMiniPro8" => pomyślnie usunięto. "C:\ProgramData\JWdMJ" => pomyślnie usunięto. "C:\Users\szekla\AppData\Roaming\istartpageing" => pomyślnie usunięto. "C:\Users\szekla\Desktop\Stare dane programu Firefox" => pomyślnie usunięto. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\Users\szekla\AppData\Local\Google\Chrome\User Data\Default\Web Data => pomyślnie przeniesiono C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono EmptyTemp: => 1.1 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 06:30:16 ====