Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:14-12-2015
Uruchomiony przez Netria (2015-12-25 11:39:13) Run:3
Uruchomiony z C:\Users\Netria\Desktop\1
Załadowane profile: Netria (Dostępne profile: Netria)
Tryb startu: Safe Mode (minimal)
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467 <==== UWAGA
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1450117305&z=5017f4b7e3a2e2190d34647g6z3wbe8g1g4m7cceez&from=wpm07173&uid=LITEONXITXSCS-256L9S_002524133467
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-975397881-311121922-3298233510-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {41C5C6AE-0848-435F-889B-2D6EF5FFF5CA} - System32\Tasks\{28F55E72-5DFA-4B99-BA1C-4CE9A7C3F1E1} => C:\Users\Netria\Desktop\BESTplayer.exe
Task: {A865E466-49B2-4793-9615-B34A731E578C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f
Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f
RemoveDirectory: C:\Program Files (x86)\WinZipper
RemoveDirectory: C:\ProgramData\nWdMn
RemoveDirectory: C:\ProgramData\vWdMv
RemoveDirectory: C:\Users\Netria\AppData\Roaming\TSv
RemoveDirectory: C:\Users\Netria\AppData\Roaming\WinZipper
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Netria\Downloads\sh-remover.exe
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Błąd: Punkt przywracania można utworzyć tylko w trybie normalnym.
C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Netria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono
C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Netria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
Chrome HomePage => pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
HKU\S-1-5-21-975397881-311121922-3298233510-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41C5C6AE-0848-435F-889B-2D6EF5FFF5CA}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41C5C6AE-0848-435F-889B-2D6EF5FFF5CA}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\{28F55E72-5DFA-4B99-BA1C-4CE9A7C3F1E1} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28F55E72-5DFA-4B99-BA1C-4CE9A7C3F1E1}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A865E466-49B2-4793-9615-B34A731E578C}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A865E466-49B2-4793-9615-B34A731E578C}" => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => klucz pomyślnie usunięto
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto
HKCU\Software\dobreprogramy => klucz pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz nie znaleziono. 

========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========

"C:\Program Files (x86)\WinZipper" => pomyślnie usunięto.
"C:\ProgramData\nWdMn" => pomyślnie usunięto.
"C:\ProgramData\vWdMv" => pomyślnie usunięto.
"C:\Users\Netria\AppData\Roaming\TSv" => pomyślnie usunięto.
"C:\Users\Netria\AppData\Roaming\WinZipper" => pomyślnie usunięto.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono
C:\Users\Netria\Downloads\sh-remover.exe => pomyślnie przeniesiono
EmptyTemp: => 1.1 GB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 11:39:38 ====