Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:13-12-2015 Uruchomiony przez PHUFOTOSET (2015-12-14 09:47:43) Run:3 Uruchomiony z C:\Users\PHUFOTOSET\Desktop Załadowane profile: PHUFOTOSET (Dostępne profile: PHUFOTOSET) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {4F02E149-6197-42CB-BCC1-7318720BD7C5} - System32\Tasks\{52C0F868-2DBB-44C9-A944-10396542A68F} => pcalua.exe -a D:\Gry\097\Resident_Evil\RESDEVIL\setup.exe -d D:\Gry\097\Resident_Evil\RESDEVIL Task: {8A12B773-979D-464E-AEE6-962B15CFB951} - System32\Tasks\SeductivenessEmpathyV2 => Rundll32.exe GoodlyCrusades.dll,main 7 1 Task: {9AB0214B-9D3C-45F4-B1A1-EE140FFEDF0E} - \Price Fountain -> Brak pliku <==== UWAGA HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /regrun HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\...\Run: [mcuozzcu] => C:\Users\PHUFOT~1\AppData\Local\Temp\ybdepcs.exe <===== UWAGA HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\...\Run: [lvqhczna] => C:\Users\PHUFOT~1\AppData\Local\Temp\ueyrhgg.exe <===== UWAGA AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll => Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130862563191920000&GUID=87B809CA-CACB-45F5-AFB5-D469BC20751F HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130862563191940000&GUID=87B809CA-CACB-45F5-AFB5-D469BC20751F URLSearchHook: HKLM -> Domyślne = {74198672-5F7D-4FE9-A611-4AC1D5A66A15} URLSearchHook: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> Domyślne = {74198672-5F7D-4FE9-A611-4AC1D5A66A15} SearchScopes: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> DefaultScope {4C110C67-9F6F-4701-B6A6-9F8C5046DE27} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3250318AS_6VM2PMWEXXXX6VM2PMWE&ts=1425901183&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> {4C110C67-9F6F-4701-B6A6-9F8C5046DE27} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2349542156-1443959456-3792940041-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1448872916&z=f7e2bbe9f6566c789bf6151gdzdzcbebfmboct4q7z&from=cor&uid=ST3250318AS_6VM2PMWEXXXX6VM2PMWE FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [Brak pliku] FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09] S4 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [X] S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [X] S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [X] DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 C:\Program Files\Mozilla Firefox\browser\searchplugins C:\Program Files\Mozilla Firefox\plugins C:\ProgramData\lWMiniProl C:\ProgramData\Microsoft\Windows\GameExplorer\{BDDBD384-63A5-4C9E-A84D-8773790B35A9} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{FC5B774D-B897-4D89-80C2-7CBEC01166E9} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{DD863A59-5454-4241-80C1-0B259EC1219E} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{AFE88BC5-0BE2-4B96-91D8-71EE4013BF3D} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{5D601695-EE24-4D4D-A469-283A7BC62F02} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{4E816B95-7D36-44BB-A465-CB7905F02F50} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{4D05857D-05AB-4A30-B026-B0B0D0ABD288} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{472947D6-979D-4F1F-AA75-8D491DAE70CA} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{251E19C9-FF9A-42C1-88F6-541DCBD4C43E} C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{153DF683-65AE-4910-908D-1A2B2B2C001F} C:\Users\PHUFOTOSET\AppData\Local\SeductivenessEmpathy C:\Users\PHUFOTOSET\AppData\Roaming\dmst101b C:\Users\PHUFOTOSET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM C:\Users\PHUFOTOSET\Desktop\S_yH_nter 4 C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F02E149-6197-42CB-BCC1-7318720BD7C5}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F02E149-6197-42CB-BCC1-7318720BD7C5}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{52C0F868-2DBB-44C9-A944-10396542A68F} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52C0F868-2DBB-44C9-A944-10396542A68F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A12B773-979D-464E-AEE6-962B15CFB951}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A12B773-979D-464E-AEE6-962B15CFB951}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\SeductivenessEmpathyV2 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SeductivenessEmpathyV2" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AB0214B-9D3C-45F4-B1A1-EE140FFEDF0E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AB0214B-9D3C-45F4-B1A1-EE140FFEDF0E}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain" => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => klucz nie znaleziono. HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Wartość pomyślnie usunięto HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mcuozzcu => Wartość pomyślnie usunięto HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Windows\CurrentVersion\Run\\lvqhczna => Wartość pomyślnie usunięto "c:\progra~1\kasper~1\kasper~1.0\r3hook.dll" => Dane wartości pomyślnie usunięto. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Wartość pomyślnie usunięto HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Wartość pomyślnie usunięto HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => klucz pomyślnie usunięto HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => klucz nie znaleziono. "HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C110C67-9F6F-4701-B6A6-9F8C5046DE27}" => klucz pomyślnie usunięto HKCR\CLSID\{4C110C67-9F6F-4701-B6A6-9F8C5046DE27} => klucz nie znaleziono. "HKU\S-1-5-21-2349542156-1443959456-3792940041-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => klucz pomyślnie usunięto HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" => klucz pomyślnie usunięto HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => klucz pomyślnie usunięto "HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono "HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => klucz pomyślnie usunięto "HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => klucz pomyślnie usunięto HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Wartość pomyślnie usunięto HKLM\Software\Mozilla\Firefox\Extensions\\pdf_architect_4_conv@pdfarchitect.org => Wartość pomyślnie usunięto C:\Program Files\mozilla firefox\defaults\pref\itms.js => pomyślnie przeniesiono FileMonitor => serwis pomyślnie usunięto RegFilter => serwis pomyślnie usunięto UrlFilter => serwis pomyślnie usunięto HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => klucz pomyślnie usunięto C:\Program Files\Mozilla Firefox\browser\searchplugins => pomyślnie przeniesiono C:\Program Files\Mozilla Firefox\plugins => pomyślnie przeniesiono C:\ProgramData\lWMiniProl => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\GameExplorer\{BDDBD384-63A5-4C9E-A84D-8773790B35A9} => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake => pomyślnie przeniesiono =========== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk" ========== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk => pomyślnie przeniesiono ========= Koniec -> "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk" ======== C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{FC5B774D-B897-4D89-80C2-7CBEC01166E9} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{DD863A59-5454-4241-80C1-0B259EC1219E} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{AFE88BC5-0BE2-4B96-91D8-71EE4013BF3D} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{5D601695-EE24-4D4D-A469-283A7BC62F02} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{4E816B95-7D36-44BB-A465-CB7905F02F50} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{4D05857D-05AB-4A30-B026-B0B0D0ABD288} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{472947D6-979D-4F1F-AA75-8D491DAE70CA} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{251E19C9-FF9A-42C1-88F6-541DCBD4C43E} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\Microsoft\Windows\GameExplorer\{153DF683-65AE-4910-908D-1A2B2B2C001F} => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Local\SeductivenessEmpathy => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Roaming\dmst101b => pomyślnie przeniesiono C:\Users\PHUFOTOSET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM => pomyślnie przeniesiono C:\Users\PHUFOTOSET\Desktop\S_yH_nter 4 => pomyślnie przeniesiono C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => pomyślnie przeniesiono C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 159.5 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 09:51:42 ====