Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Puszczyk (2015-12-11 10:56:06) Run:1 Uruchomiony z C:\Users\Puszczyk\Documents Załadowane profile: Puszczyk (Dostępne profile: Puszczyk) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] ShortcutWithArgument: C:\Users\Puszczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P <==== UWAGA ShortcutWithArgument: C:\Users\Puszczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P <==== UWAGA ShortcutWithArgument: C:\Users\Puszczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P <==== UWAGA CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P" CHR DefaultSearchURL: Default -> hxxp://www.yoursearching.com/web/?type=ds&ts=1449170298&z=98e347c5468016b45f17c19g9zaz3t9g1m9ecoft1t&from=smt&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-850205820-2377325791-3494594986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} HKU\S-1-5-21-850205820-2377325791-3494594986-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} SearchScopes: HKU\S-1-5-21-850205820-2377325791-3494594986-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449713104&z=afdea68724a82add41b7a4bg8z8zctdm1g6c8gbedz&from=ient07021&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P&q={searchTerms} Toolbar: HKU\S-1-5-21-850205820-2377325791-3494594986-1001 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1449170298&z=98e347c5468016b45f17c19g9zaz3t9g1m9ecoft1t&from=smt&uid=ST1000LM014-1EJ164_W770KP4PXXXXW770KP4P Task: {0633FBDD-97DB-417F-8861-E3EDCFD55116} - System32\Tasks\{33F4D19B-1EE9-44C8-90CD-5E99E4A76862} => pcalua.exe -a C:\Users\Puszczyk\Downloads\monitorfix.exe -d C:\Users\Puszczyk\Desktop C:\Program Files (x86)\GUMF13.tmp C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\Norton 360 C:\Program Files (x86)\Opera C:\Program Files (x86)\SFK C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\ProgramData\3WdM3 C:\ProgramData\3WMiniPro3 C:\ProgramData\Norton C:\ProgramData\NortonInstaller C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTX Box Team C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype C:\Users\Puszczyk\AppData\Local\{91311D3A-6951-4FCC-B2BA-02DA8B22CF0E} C:\Users\Puszczyk\AppData\Roaming\TSv C:\Users\Puszczyk\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk C:\Users\Puszczyk\Downloads\SpyHunter-Installer.exe C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. WdMan => serwis pomyślnie usunięto C:\Users\Puszczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Puszczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Puszczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. Chrome StartupUrls => pomyślnie usunięto Chrome DefaultSearchURL => pomyślnie usunięto "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto "HKU\S-1-5-21-850205820-2377325791-3494594986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-850205820-2377325791-3494594986-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-850205820-2377325791-3494594986-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-850205820-2377325791-3494594986-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wartość pomyślnie usunięto "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0633FBDD-97DB-417F-8861-E3EDCFD55116}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0633FBDD-97DB-417F-8861-E3EDCFD55116}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{33F4D19B-1EE9-44C8-90CD-5E99E4A76862} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33F4D19B-1EE9-44C8-90CD-5E99E4A76862}" => klucz pomyślnie usunięto C:\Program Files (x86)\GUMF13.tmp => pomyślnie przeniesiono C:\Program Files (x86)\Mozilla Firefox => pomyślnie przeniesiono C:\Program Files (x86)\Norton 360 => pomyślnie przeniesiono C:\Program Files (x86)\Opera => pomyślnie przeniesiono C:\Program Files (x86)\SFK => pomyślnie przeniesiono C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono C:\ProgramData\3WdM3 => pomyślnie przeniesiono C:\ProgramData\3WMiniPro3 => pomyślnie przeniesiono C:\ProgramData\Norton => pomyślnie przeniesiono C:\ProgramData\NortonInstaller => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTX Box Team => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype => pomyślnie przeniesiono C:\Users\Puszczyk\AppData\Local\{91311D3A-6951-4FCC-B2BA-02DA8B22CF0E} => pomyślnie przeniesiono C:\Users\Puszczyk\AppData\Roaming\TSv => pomyślnie przeniesiono C:\Users\Puszczyk\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk => pomyślnie przeniesiono C:\Users\Puszczyk\Downloads\SpyHunter-Installer.exe => pomyślnie przeniesiono C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => pomyślnie przeniesiono ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 1.2 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 10:56:13 ====