Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:12-12-2015 01 Uruchomiony przez User (2015-12-12 21:45:35) Run:1 Uruchomiony z C:\Users\User\Downloads\F Załadowane profile: User (Dostępne profile: User) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKU\S-1-5-21-456985443-2800898146-1698058886-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKU\S-1-5-21-456985443-2800898146-1698058886-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G Task: {40AF427D-F9F6-45DE-8F74-399E3CCA8940} - System32\Tasks\{A59CB6FD-436C-4DF0-95F2-B0E91368165E} => pcalua.exe -a "D:\Program Files\Microsoft Games\Gears of War\gow_12_czplhu.exe" -d "D:\Program Files\Microsoft Games\Gears of War" Task: {5C1FE545-42B6-4485-B631-FFF2BAE4C1A3} - System32\Tasks\0 => Iexplore.exe <==== UWAGA Task: {FB15F665-04B2-40B4-8EEC-AAC11970049A} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== UWAGA Winlogon\Notify\ScCertProp: wlnotify.dll [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku R2 Watsvc; C:\Program Files\Blazers\Watsvc.exe [107160 2015-04-16] (TODO: ) S2 BEWConfigSrv; E:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\yoursites123Software RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\Blazers RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{5F29DC5A-546A-4DC4-A0A1-6241FCE3EC1F} RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{4701EB8F-0885-406D-BE06-5FE37AF0E898} RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{3ED57B8A-F8EC-4849-BC28-205D03C195FC} RemoveDirectory: C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} CMD: del /q C:\Users\Public\Desktop\BOSSAFX.lnk CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-456985443-2800898146-1698058886-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-456985443-2800898146-1698058886-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => klucz nie znaleziono. HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000} => klucz nie znaleziono. Chrome HomePage => pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\Mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com => Wartość pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40AF427D-F9F6-45DE-8F74-399E3CCA8940}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40AF427D-F9F6-45DE-8F74-399E3CCA8940}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{A59CB6FD-436C-4DF0-95F2-B0E91368165E} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A59CB6FD-436C-4DF0-95F2-B0E91368165E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C1FE545-42B6-4485-B631-FFF2BAE4C1A3}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C1FE545-42B6-4485-B631-FFF2BAE4C1A3}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\0 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB15F665-04B2-40B4-8EEC-AAC11970049A}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB15F665-04B2-40B4-8EEC-AAC11970049A}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\4596 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4596" => klucz pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => klucz pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => klucz pomyślnie usunięto HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. Watsvc => Usługa pomyślnie zatrzymana. Watsvc => serwis pomyślnie usunięto BEWConfigSrv => serwis pomyślnie usunięto vtany => serwis pomyślnie usunięto xhunter1 => serwis pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => klucz pomyślnie usunięto HKLM\SOFTWARE\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\yoursites123Software => klucz pomyślnie usunięto "C:\AdwCleaner" => pomyślnie usunięto. niepowodzenie przy usuwaniu "C:\Program Files\Blazers\wac.exe" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files\Blazers" => Zaplanowany do usunięcia przy restarcie. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks" => pomyślnie usunięto. "C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{5F29DC5A-546A-4DC4-A0A1-6241FCE3EC1F}" => pomyślnie usunięto. "C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{4701EB8F-0885-406D-BE06-5FE37AF0E898}" => pomyślnie usunięto. "C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{3ED57B8A-F8EC-4849-BC28-205D03C195FC}" => pomyślnie usunięto. "C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" => pomyślnie usunięto. ========= del /q C:\Users\Public\Desktop\BOSSAFX.lnk ========= ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 750.8 MB danych tymczasowych Usunięto. Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-12-12 21:50:12) C:\Program Files\Blazers\wac.exe => pomyślnie usunięto C:\Program Files\Blazers => pomyślnie usunięto ==== Koniec Fixlog 21:50:12 ====