Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:12-12-2015 01 Uruchomiony przez Zbigniew (2015-12-13 21:39:31) Run:1 Uruchomiony z C:\Users\Zbigniew\Downloads Załadowane profile: Zbigniew (Dostępne profile: Zbigniew) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 IhPul; C:\Users\Zbigniew\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S1 tcfd_vt_1_10_0_24; system32\drivers\tcfd_vt_1_10_0_24.sys [X] ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0\WSE on the Web.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 <==== UWAGA StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1444060415&z=d8a8cb95ff410f3fb7e296cgczfz4z9e5qeeao2edm&from=cor&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447327649&z=6820463b20cf14770caee9bgcz5z5mbcao9m0qazfc&from=wpm07163&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447327649&z=6820463b20cf14770caee9bgcz5z5mbcao9m0qazfc&from=wpm07163&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449654288&z=2e5e8c2133f565e17cce9f2g9z7z1teq7w5z8ofb7w&from=ient07021&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447327649&z=6820463b20cf14770caee9bgcz5z5mbcao9m0qazfc&from=wpm07163&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447327649&z=6820463b20cf14770caee9bgcz5z5mbcao9m0qazfc&from=wpm07163&uid=WDCXWD5000BEVT-75A0RT0_WD-WXD1A90J9041J9041&q={searchTerms} HKU\S-1-5-21-783652867-2950568372-415723759-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.wp.pl={searchTerms} HKU\S-1-5-21-783652867-2950568372-415723759-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wp.pl/ SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-783652867-2950568372-415723759-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-783652867-2950568372-415723759-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Brak pliku Toolbar: HKU\S-1-5-21-783652867-2950568372-415723759-1001 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Zbigniew\AppData\Roaming\Mozilla\Firefox\Profiles\dfi2ayg4.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Zbigniew\AppData\Roaming\Mozilla\Firefox\Profiles\dfi2ayg4.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Zbigniew\AppData\Roaming\Mozilla\Firefox\Profiles\dfi2ayg4.default\extensions\default_newtabff@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Zbigniew\AppData\Roaming\Mozilla\Firefox\Profiles\dfi2ayg4.default\extensions\yahooprotected@gmail.com => nie znaleziono Task: {F460B39B-2EE8-4FF8-A32C-8517493A9A55} - System32\Tasks\{E4427224-3079-400E-8AFA-269F2729D808} => pcalua.exe -a C:\Users\Zbigniew\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\Program Files (x86)\SFK RemoveDirectory: C:\Program Files (x86)\WinZipper RemoveDirectory: C:\ProgramData\7WdM7 RemoveDirectory: C:\ProgramData\JWMiniProJ RemoveDirectory: C:\ProgramData\WWMiniProW RemoveDirectory: C:\ProgramData\ZWdMZ RemoveDirectory: C:\Users\Zbigniew\AppData\Roaming\TSv CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk" CMD: del /q "C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk" CMD: del /q "C:\Users\Zbigniew\Documents\Umowa Licencyjna.lnk" CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. IhPul => serwis pomyślnie usunięto SSFK => Usługa pomyślnie zatrzymana. SSFK => serwis pomyślnie usunięto WdMan => serwis pomyślnie usunięto tcfd_vt_1_10_0_24 => serwis pomyślnie usunięto C:\Users\Zbigniew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0\WSE on the Web.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Zbigniew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-783652867-2950568372-415723759-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-783652867-2950568372-415723759-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => klucz pomyślnie usunięto HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\ielnksrch => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => klucz nie znaleziono. "HKU\S-1-5-21-783652867-2950568372-415723759-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-783652867-2950568372-415723759-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => klucz pomyślnie usunięto HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => klucz pomyślnie usunięto "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => klucz pomyślnie usunięto HKU\S-1-5-21-783652867-2950568372-415723759-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Wartość pomyślnie usunięto HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => klucz nie znaleziono. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F460B39B-2EE8-4FF8-A32C-8517493A9A55}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F460B39B-2EE8-4FF8-A32C-8517493A9A55}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{E4427224-3079-400E-8AFA-269F2729D808} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4427224-3079-400E-8AFA-269F2729D808}" => klucz pomyślnie usunięto HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto HKCU\Software\dobreprogramy => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto "C:\Program Files (x86)\SFK" => pomyślnie usunięto. "C:\Program Files (x86)\WinZipper" => pomyślnie usunięto. "C:\ProgramData\7WdM7" => pomyślnie usunięto. "C:\ProgramData\JWMiniProJ" => pomyślnie usunięto. "C:\ProgramData\WWMiniProW" => pomyślnie usunięto. "C:\ProgramData\ZWdMZ" => pomyślnie usunięto. "C:\Users\Zbigniew\AppData\Roaming\TSv" => pomyślnie usunięto. ========= del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ========= ========= Koniec CMD: ========= ========= del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk" ========= ========= Koniec CMD: ========= ========= del /q "C:\Users\Zbigniew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk" ========= ========= Koniec CMD: ========= ========= del /q "C:\Users\Zbigniew\Documents\Umowa Licencyjna.lnk" ========= ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 1.5 GB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 21:41:12 ====