Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Abi (2015-12-10 19:00:46) Run:2 Uruchomiony z C:\Users\Abi\Desktop Załadowane profile: Abi & UpdatusUser (Dostępne profile: Abi & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 <==== UWAGA StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} HKU\S-1-5-21-252401917-279108963-3015472662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} SearchScopes: HKU\S-1-5-21-252401917-279108963-3015472662-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449660022&z=1bb7b9aafc52a62b753ae84g2zdzft3q7q5e1e6gem&from=ient07021&uid=3219913727_198313_7AEE78B6&q={searchTerms} CHR HKU\S-1-5-21-252401917-279108963-3015472662-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx Task: {A7128EF3-E9BB-40DB-A807-1C7187921A1A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKU\S-1-5-21-252401917-279108963-3015472662-1001\...\MountPoints2: {8d15eacd-77a1-11e2-a143-806e6f6e6963} - E:\DisneySplash.exe C:\Users\admin\Documents\Euro Truck Simulator 2\readme.rtf.lnk RemoveDirectory: C:\Program Files (x86)\Lenovo RemoveDirectory: C:\Program Files (x86)\Opera RemoveDirectory: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default RemoveDirectory: C:\Users\admin\AppData\Local\Lenovo RemoveDirectory: C:\Users\admin\AppData\Local\Opera Software RemoveDirectory: C:\Users\admin\AppData\Roaming\Opera Software RemoveDirectory: C:\Users\admin\AppData\Roaming\Shortcut RemoveDirectory: C:\Users\admin\AppData\Roaming\WarThunder RemoveDirectory: C:\Users\admin\REACHit RemoveDirectory: C:\Windows\System32\Tasks\Lenovo Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => nie znaleziono. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => nie znaleziono. C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => nie znaleziono. C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-252401917-279108963-3015472662-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Błąd przy ustawianiu wartości. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-252401917-279108963-3015472662-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKU\S-1-5-21-252401917-279108963-3015472662-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7128EF3-E9BB-40DB-A807-1C7187921A1A} => klucz nie znaleziono. C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => klucz nie znaleziono. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => klucz nie znaleziono. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => Wartość nie znaleziono. HKU\S-1-5-21-252401917-279108963-3015472662-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d15eacd-77a1-11e2-a143-806e6f6e6963} => klucz nie znaleziono. HKCR\CLSID\{8d15eacd-77a1-11e2-a143-806e6f6e6963} => klucz nie znaleziono. "C:\Users\admin\Documents\Euro Truck Simulator 2\readme.rtf.lnk" => nie znaleziono. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Lenovo\REACHit\webStorage64.dll" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Lenovo" => Zaplanowany do usunięcia przy restarcie. "C:\Program Files (x86)\Opera" => nie znaleziono. "C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default" => nie znaleziono. "C:\Users\admin\AppData\Local\Lenovo" => nie znaleziono. "C:\Users\admin\AppData\Local\Opera Software" => nie znaleziono. "C:\Users\admin\AppData\Roaming\Opera Software" => nie znaleziono. "C:\Users\admin\AppData\Roaming\Shortcut" => nie znaleziono. "C:\Users\admin\AppData\Roaming\WarThunder" => nie znaleziono. "C:\Users\admin\REACHit" => nie znaleziono. "C:\Windows\System32\Tasks\Lenovo" => pomyślnie usunięto. ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= EmptyTemp: => 1.7 GB danych tymczasowych Usunięto. Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2015-12-10 19:04:37) C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll => pomyślnie usunięto C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll => pomyślnie usunięto C:\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll => pomyślnie usunięto C:\Program Files (x86)\Lenovo\REACHit\webStorage64.dll => pomyślnie usunięto C:\Program Files (x86)\Lenovo => pomyślnie usunięto ==== Koniec Fixlog 19:04:38 ====