Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015 Uruchomiony przez Abi (2015-12-11 11:10:49) Run:1 Uruchomiony z C:\Users\Abi\Desktop Załadowane profile: Abi & UpdatusUser (Dostępne profile: Abi & UpdatusUser) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449644687&z=2f07f83743f2f9bc147c009gczcz4t7q7zdzdq7b1c&from=ient07021&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk -> C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer\launcher.exe (ETS2MP Team) -> hxxp://www.yoursites123.com/?type=sc&ts=1449644687&z=2f07f83743f2f9bc147c009gczcz4t7q7zdzdq7b1c&from=ient07021&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470 <==== UWAGA StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449644687&z=2f07f83743f2f9bc147c009gczcz4t7q7zdzdq7b1c&from=ient07021&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470 StartMenuInternet: IEXPLORE.EXE - iexplore.exe HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449644687&z=2f07f83743f2f9bc147c009gczcz4t7q7zdzdq7b1c&from=ient07021&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms} HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449644687&z=2f07f83743f2f9bc147c009gczcz4t7q7zdzdq7b1c&from=ient07021&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms} SearchScopes: HKU\S-1-5-21-3847855972-3002420087-1142518147-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-3847855972-3002420087-1142518147-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Task: {135D86D9-737A-4E48-B50D-46E92641E737} - System32\Tasks\{DCBF8732-9BCF-43B7-8B8F-4A4A9818293F} => pcalua.exe -a "D:\Programy\Sterowniki lapek\Stery\IN1WLN70WW1.exe" -d "D:\Programy\Sterowniki lapek\Stery" Task: {208A3324-87C2-49BF-802C-82C5F1A0EF71} - System32\Tasks\PCOF => C:\Users\Abi\AppData\Roaming\PCOF.exe <==== UWAGA Task: {2FAEDEEA-D79C-46AA-8F66-CD0EDD015AEA} - System32\Tasks\{241D0177-6E07-4D1C-81A4-158DB340A70B} => C:\Users\Abi\Desktop\ProxyFinder.exe Task: {40B98BB2-4C47-412D-B3AA-CED1D1A5A29F} - System32\Tasks\{FB128A9D-3C8C-43ED-8152-9533CC3B9D1D} => pcalua.exe -a "D:\Programy\Sterowniki lapek\Stery\IN1TBT03WW5.exe" -d "D:\Programy\Sterowniki lapek\Stery" Task: {582A9711-35C8-42DC-83D2-06BCE9629AA6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {77BAAFFF-F245-4973-8D76-DA8068601984} - System32\Tasks\{B1CF4304-5A90-4E4C-932D-7AFAF5F2718C} => pcalua.exe -a "D:\Programy\Sterowniki lapek\Stery\IN1IPS03WW5.exe" -d "D:\Programy\Sterowniki lapek\Stery" Task: {AC3C5091-E68C-49D3-8A23-B9BC563EADD0} - System32\Tasks\{36BE186F-B880-4802-9495-B324D1A9EEF6} => pcalua.exe -a "D:\Programy\stery HP c3180.exe" -d D:\Programy Task: {E7895A30-25A5-4DBC-8792-FE1764FDC3B5} - System32\Tasks\{66024759-9582-4639-825D-8859DCC38CC5} => pcalua.exe -a C:\Users\Abi\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== UWAGA Task: {F0E3F864-EC7C-487D-8E1F-7E32EC81DDA6} - System32\Tasks\{C4E16B32-3D7D-447A-A4D6-7A0A15D1E696} => pcalua.exe -a "D:\Programy\Sterowniki lapek\Stery\IN1CHP27WW5.exe" -d "D:\Programy\Sterowniki lapek\Stery" Task: C:\Windows\Tasks\PCOF.job => C:\Users\Abi\AppData\Roaming\PCOF.exe <==== UWAGA S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X] C:\Program Files (x86)\Wondershare C:\ProgramData\JWdMJ C:\ProgramData\UWdMU C:\ProgramData\Wondershare C:\Users\Abi\.android C:\Users\Abi\AppData\Local\nsh4E70.tmp C:\Users\Abi\AppData\Local\nsxF9BC.tmp C:\Users\Abi\AppData\Local\Wondershare C:\Users\Abi\AppData\Local\Microsoft\Windows\GameExplorer\{10CD0FDE-CE8F-4659-8915-8EB56B3936D4} C:\Users\Abi\AppData\Roaming\LSGKZOLJ C:\Users\Abi\AppData\Roaming\OPKUK C:\Users\Abi\AppData\Roaming\PCOF C:\Users\Abi\AppData\Roaming\Thumbs.db C:\Users\Abi\AppData\Roaming\HMYGSetting C:\Users\Abi\AppData\Roaming\Wondershare C:\Users\Abi\AppData\Roaming\Microsoft\Windows\SendTo\Android (ALLPlayer Pilot).lnk C:\Windows\pss\deltemp.bat.Startup C:\Windows\SysWOW64\pl.html Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Abi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^deltemp.bat" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Extensions" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget" /f CMD: netsh advfirewall reset Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk => Skrót - argument pomyślnie usunięto. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-21-3847855972-3002420087-1142518147-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość nie znaleziono. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => Wartość pomyślnie usunięto HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => Wartość pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{135D86D9-737A-4E48-B50D-46E92641E737}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{135D86D9-737A-4E48-B50D-46E92641E737}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{DCBF8732-9BCF-43B7-8B8F-4A4A9818293F} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DCBF8732-9BCF-43B7-8B8F-4A4A9818293F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{208A3324-87C2-49BF-802C-82C5F1A0EF71}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{208A3324-87C2-49BF-802C-82C5F1A0EF71}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\PCOF => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCOF" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FAEDEEA-D79C-46AA-8F66-CD0EDD015AEA}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FAEDEEA-D79C-46AA-8F66-CD0EDD015AEA}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{241D0177-6E07-4D1C-81A4-158DB340A70B} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{241D0177-6E07-4D1C-81A4-158DB340A70B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B98BB2-4C47-412D-B3AA-CED1D1A5A29F}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B98BB2-4C47-412D-B3AA-CED1D1A5A29F}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{FB128A9D-3C8C-43ED-8152-9533CC3B9D1D} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB128A9D-3C8C-43ED-8152-9533CC3B9D1D}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{582A9711-35C8-42DC-83D2-06BCE9629AA6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{582A9711-35C8-42DC-83D2-06BCE9629AA6}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77BAAFFF-F245-4973-8D76-DA8068601984}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77BAAFFF-F245-4973-8D76-DA8068601984}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{B1CF4304-5A90-4E4C-932D-7AFAF5F2718C} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B1CF4304-5A90-4E4C-932D-7AFAF5F2718C}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC3C5091-E68C-49D3-8A23-B9BC563EADD0}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC3C5091-E68C-49D3-8A23-B9BC563EADD0}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{36BE186F-B880-4802-9495-B324D1A9EEF6} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36BE186F-B880-4802-9495-B324D1A9EEF6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7895A30-25A5-4DBC-8792-FE1764FDC3B5}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7895A30-25A5-4DBC-8792-FE1764FDC3B5}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{66024759-9582-4639-825D-8859DCC38CC5} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66024759-9582-4639-825D-8859DCC38CC5}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0E3F864-EC7C-487D-8E1F-7E32EC81DDA6}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0E3F864-EC7C-487D-8E1F-7E32EC81DDA6}" => klucz pomyślnie usunięto C:\Windows\System32\Tasks\{C4E16B32-3D7D-447A-A4D6-7A0A15D1E696} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C4E16B32-3D7D-447A-A4D6-7A0A15D1E696}" => klucz pomyślnie usunięto C:\Windows\Tasks\PCOF.job => pomyślnie przeniesiono MBAMSwissArmy => serwis nie znaleziono. WsDrvInst => serwis pomyślnie usunięto C:\Program Files (x86)\Wondershare => pomyślnie przeniesiono C:\ProgramData\JWdMJ => pomyślnie przeniesiono C:\ProgramData\UWdMU => pomyślnie przeniesiono C:\ProgramData\Wondershare => pomyślnie przeniesiono C:\Users\Abi\.android => pomyślnie przeniesiono C:\Users\Abi\AppData\Local\nsh4E70.tmp => pomyślnie przeniesiono C:\Users\Abi\AppData\Local\nsxF9BC.tmp => pomyślnie przeniesiono C:\Users\Abi\AppData\Local\Wondershare => pomyślnie przeniesiono C:\Users\Abi\AppData\Local\Microsoft\Windows\GameExplorer\{10CD0FDE-CE8F-4659-8915-8EB56B3936D4} => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\LSGKZOLJ => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\OPKUK => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\PCOF => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\Thumbs.db => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\HMYGSetting => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\Wondershare => pomyślnie przeniesiono C:\Users\Abi\AppData\Roaming\Microsoft\Windows\SendTo\Android (ALLPlayer Pilot).lnk => pomyślnie przeniesiono C:\Windows\pss\deltemp.bat.Startup => pomyślnie przeniesiono C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono ========= reg delete HKCU\Software\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= Koniec Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Abi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^deltemp.bat" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Extensions" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget" /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. EmptyTemp: => 508.5 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 11:12:03 ====