Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:23-12-2015 Uruchomiony przez Naxi (2016-01-04 22:33:52) Run:1 Uruchomiony z C:\Documents and Settings\Naxi\Pulpit Załadowane profile: Naxi (Dostępne profile: Naxi & Administrator) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== UWAGA Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== UWAGA Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== UWAGA C:\PROGRA~1\COMMON~1\System\SysMenu.dll CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF&q={searchTerms} HKU\S-1-5-21-790525478-1957994488-682003330-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF HKU\S-1-5-21-790525478-1957994488-682003330-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439228067&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=ST380013AS_5JV9PJPF&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1957994488-682003330-1005 -> {szukaj.gazeta.pl} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST380013AS_5JV9PJPF&ts=1439228168&type=default&q={searchTerms} BHO: Coupon Time 1.0.0.7 -> {b7f975e4-2467-475f-9cfd-994f39ab5bb5} -> Brak pliku Toolbar: HKLM - Brak nazwy - {e6eeb20c-cf4a-4789-becf-64f78340708f} - Brak pliku StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1400135433&from=tt4u&uid=ST380013AS_5JV9PJPF S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X] S3 DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [X] S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X] S3 NTACCESS; \??\D:\NTACCESS.sys [X] S3 NVR0Dev; \??\C:\WINDOWS\nvoclock.sys [X] S3 RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys [X] S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X] S1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}t; system32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}t.sys [X] C:\Documents and Settings\Naxi\TempWmicBatchFile.bat EmptyTemp: ***************** C:\WINDOWS\Tasks\SMupdate1.job => pomyślnie przeniesiono C:\WINDOWS\Tasks\SMupdate2.job => pomyślnie przeniesiono C:\WINDOWS\Tasks\SMupdate3.job => pomyślnie przeniesiono "C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => nie znaleziono. "HKLM\SOFTWARE\Policies\Google" => klucz pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-790525478-1957994488-682003330-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-790525478-1957994488-682003330-1005\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto "HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. "HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => klucz pomyślnie usunięto HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => klucz nie znaleziono. "HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => klucz pomyślnie usunięto HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => klucz nie znaleziono. "HKU\S-1-5-21-790525478-1957994488-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl}" => klucz pomyślnie usunięto HKCR\CLSID\{szukaj.gazeta.pl} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7f975e4-2467-475f-9cfd-994f39ab5bb5}" => klucz pomyślnie usunięto