Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:09-12-2015
Uruchomiony przez Abi (2015-12-12 11:06:30) Run:2
Uruchomiony z C:\Users\Abi\Desktop
Załadowane profile: Abi & UpdatusUser (Dostępne profile: Abi & UpdatusUser)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
R2 WdsManPro; C:\ProgramData\8WMiniPro8\WMiniPro.exe [295424 2015-10-30] (DTools LIMITED)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
ShortcutWithArgument: C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470 <==== UWAGA
ShortcutWithArgument: C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470 <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms}
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470
SearchScopes: HKU\S-1-5-21-3847855972-3002420087-1142518147-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447139335&z=4ec24fdcbd88e4c99428f57g8z9z7meg3catdc7c8c&from=wpm07163&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3847855972-3002420087-1142518147-1000 -> {4DAC8EC6-E867-4F51-83DA-FF0C89CAB1B8} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\e7augnnl.default-1432884363237\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\e7augnnl.default-1432884363237\extensions\deskCutv2@gmail.com => nie znaleziono
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
RemoveDirectory: C:\FRST\Quarantine
RemoveDirectory: C:\MATS
RemoveDirectory: C:\Program Files (x86)\SalePlus
RemoveDirectory: C:\ProgramData\6WdsManPro6
RemoveDirectory: C:\ProgramData\8WMiniPro8
RemoveDirectory: C:\ProgramData\Avg_Update_0215tb
RemoveDirectory: C:\ProgramData\Avg_Update_1214tb
CMD: sc config CryptSvc start= auto
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
WdsManPro => serwis pomyślnie usunięto
WtuSystemSupport => serwis pomyślnie usunięto
vToolbarUpdater18.4.0 => serwis pomyślnie usunięto
C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
"HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DAC8EC6-E867-4F51-83DA-FF0C89CAB1B8}" => klucz pomyślnie usunięto
HKCR\CLSID\{4DAC8EC6-E867-4F51-83DA-FF0C89CAB1B8} => klucz nie znaleziono. 
HKU\S-1-5-21-3847855972-3002420087-1142518147-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyślnie usunięto
HKCU\Software\dobreprogramy => klucz pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz nie znaleziono. 
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyślnie usunięto
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyślnie usunięto
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyślnie usunięto
"C:\FRST\Quarantine" => pomyślnie usunięto.
"C:\MATS" => pomyślnie usunięto.
"C:\Program Files (x86)\SalePlus" => pomyślnie usunięto.
"C:\ProgramData\6WdsManPro6" => pomyślnie usunięto.
"C:\ProgramData\8WMiniPro8" => pomyślnie usunięto.
"C:\ProgramData\Avg_Update_0215tb" => pomyślnie usunięto.
"C:\ProgramData\Avg_Update_1214tb" => pomyślnie usunięto.

=========  sc config CryptSvc start= auto =========

[SC] ChangeServiceConfig SUKCES

========= Koniec  CMD: =========

EmptyTemp: => 479.7 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 11:07:28 ====