Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Aga (2015-12-11 21:16:36) Run:3 Uruchomiony z C:\Users\Aga\Desktop Załadowane profile: Aga (Dostępne profile: Aga) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ShortcutWithArgument: C:\Users\Aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 <==== UWAGA ShortcutWithArgument: C:\Users\Aga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 <==== UWAGA ShortcutWithArgument: C:\Users\Aga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 <==== UWAGA StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516&q={searchTerms} HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516&q={searchTerms} HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516 HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449649350&z=f0df68a003f99d2b693cad6g3z9zbt5q8z6t8c1cae&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD905516&q={searchTerms} BHO: Brak nazwy -> {a67b4363-a3cb-4d4b-8096-15e591237473} -> Brak pliku Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => Brak pliku Task: {1EB73ECB-BD17-4C0A-966B-A25356D0FA2D} - System32\Tasks\{EC2002C0-EECA-4DC1-A46A-4A7B4B6ED139} => pcalua.exe -a C:\Users\Aga\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor Task: {6461DD60-6297-473E-9880-A457CF2877ED} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo) Task: {96E2AD16-89A2-4AB3-ADE0-83E1F30D80E5} - System32\Tasks\e-pity2015_styczen => F:\Programy\e-pity2014\Assets\signxml.exe Task: {9C35AF3D-9F6B-4852-A821-6489F3C63589} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe Task: {E17DB99A-861B-438B-BE35-545E52AB74AC} - System32\Tasks\e-pity2015_kwiecien => F:\Programy\e-pity2014\Assets\signxml.exe Task: {ED49699B-5BAE-4E70-8197-BDC5D9FC1E32} - System32\Tasks\{3C52BE1F-44AC-4801-94F9-2BA372C05B97} => pcalua.exe -a C:\Users\Aga\AppData\Roaming\do-search\UninstallManager.exe -c -ptid=cor Task: {EEEDB4C9-F32D-497D-BD01-964DC19D2BC6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v HotKeysCmds /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v IgfxTray /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Persistence /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "BlueStacks Agent" /f RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\GridinSoft Anti-Malware RemoveDirectory: C:\Program Files (x86)\AVG RemoveDirectory: C:\Program Files (x86)\Kippt RemoveDirectory: C:\ProgramData\AVG RemoveDirectory: C:\ProgramData\5WdM5 RemoveDirectory: C:\ProgramData\FWdMF RemoveDirectory: C:\ProgramData\GridinSoft RemoveDirectory: C:\ProgramData\HitmanPro RemoveDirectory: C:\ProgramData\Malwarebytes RemoveDirectory: C:\ProgramData\Temp RemoveDirectory: C:\Users\Aga\AppData\Local\Avg RemoveDirectory: C:\Users\Aga\AppData\Local\AvgSetupLog RemoveDirectory: C:\Users\Aga\Desktop\Stare dane programu Firefox C:\WINDOWS\system32\.crusader C:\WINDOWS\SysWOW64\pl.html EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. WdMan => serwis nie znaleziono. sptd => serwis nie znaleziono. C:\Users\Aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Aga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Aga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Policies\Google => klucz nie znaleziono. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-230584855-1871568997-2477479041-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a67b4363-a3cb-4d4b-8096-15e591237473} => klucz nie znaleziono. HKCR\CLSID\{a67b4363-a3cb-4d4b-8096-15e591237473} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Wartość nie znaleziono. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => klucz nie znaleziono. HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => klucz nie znaleziono. HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => klucz nie znaleziono. HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => klucz nie znaleziono. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => klucz nie znaleziono. HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB73ECB-BD17-4C0A-966B-A25356D0FA2D} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\{EC2002C0-EECA-4DC1-A46A-4A7B4B6ED139} => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC2002C0-EECA-4DC1-A46A-4A7B4B6ED139} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6461DD60-6297-473E-9880-A457CF2877ED} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E2AD16-89A2-4AB3-ADE0-83E1F30D80E5} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\e-pity2015_styczen => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2015_styczen => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C35AF3D-9F6B-4852-A821-6489F3C63589} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\GridinSoft Anti-Malware => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GridinSoft Anti-Malware => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17DB99A-861B-438B-BE35-545E52AB74AC} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\e-pity2015_kwiecien => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2015_kwiecien => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED49699B-5BAE-4E70-8197-BDC5D9FC1E32} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\{3C52BE1F-44AC-4801-94F9-2BA372C05B97} => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C52BE1F-44AC-4801-94F9-2BA372C05B97} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEEDB4C9-F32D-497D-BD01-964DC19D2BC6} => klucz nie znaleziono. C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 => klucz nie znaleziono. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => klucz nie znaleziono. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => klucz nie znaleziono. HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz nie znaleziono. HKCU\Software\dobreprogramy => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Google\Chrome => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz nie znaleziono. HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => klucz nie znaleziono. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "DAEMON Tools Lite" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v HotKeysCmds /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v IgfxTray /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Persistence /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "BlueStacks Agent" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= Koniec Reg: ========= "C:\AdwCleaner" => nie znaleziono. "C:\Program Files\GridinSoft Anti-Malware" => nie znaleziono. "C:\Program Files (x86)\AVG" => nie znaleziono. "C:\Program Files (x86)\Kippt" => nie znaleziono. "C:\ProgramData\AVG" => nie znaleziono. "C:\ProgramData\5WdM5" => nie znaleziono. "C:\ProgramData\FWdMF" => nie znaleziono. "C:\ProgramData\GridinSoft" => nie znaleziono. "C:\ProgramData\HitmanPro" => nie znaleziono. "C:\ProgramData\Malwarebytes" => nie znaleziono. "C:\ProgramData\Temp" => nie znaleziono. "C:\Users\Aga\AppData\Local\Avg" => nie znaleziono. "C:\Users\Aga\AppData\Local\AvgSetupLog" => nie znaleziono. "C:\Users\Aga\Desktop\Stare dane programu Firefox" => nie znaleziono. "C:\WINDOWS\system32\.crusader" => nie znaleziono. "C:\WINDOWS\SysWOW64\pl.html" => nie znaleziono. EmptyTemp: => 13.7 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 21:18:52 ====