Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:13-12-2015 Uruchomiony przez Magda (2015-12-14 18:11:51) Run:1 Uruchomiony z E:\FRST ZaÅ‚adowane profile: Magda (DostÄ™pne profile: Magda) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\HWdMH\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] U4 eabfiltr; Brak ImagePath GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ShortcutWithArgument: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA ShortcutWithArgument: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA ShortcutWithArgument: C:\Users\Magda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA ShortcutWithArgument: C:\Users\Magda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004&q={searchTerms} HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 SearchScopes: HKU\S-1-5-21-1690032049-1338340778-4026156367-1006 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004&q={searchTerms} BHO: Brak nazwy -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> Brak pliku Toolbar: HKLM - Brak nazwy - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Brak pliku Toolbar: HKU\S-1-5-21-1690032049-1338340778-4026156367-1006 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449653867&z=517fc3f79fedffe469acf36gdzbz3tfq3wfc6bcm3o&from=ient07021&uid=WDCXWD1200BEVS-60UST0_WD-WXE907G8700487004 HKLM\...\Run: [] => [X] Task: {17780549-88F0-465B-9BDE-E5192A885349} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe Task: {2755BEF1-FA08-4B4A-BE23-1A820D3353F8} - System32\Tasks\{59DB60CC-AE7F-40CB-8122-E90F65D71699} => pcalua.exe -a "C:\Program Files\Picexa\uninstall.exe" Task: {67D2ED1D-DA0A-4F35-A303-1B7A5113A195} - System32\Tasks\{FDC55BFE-4E9A-457C-8DF8-34F10D3D1543} => pcalua.exe -a C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_235_Plugin.exe -c -maintain plugin Task: {7C0B8F11-B67E-4066-9906-9037FD5044B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {D9B9D8C2-B79D-4186-9CB8-CD5DA1F28A55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\Google RemoveDirectory: C:\Program Files\Opera RemoveDirectory: C:\ProgramData\HWdMH RemoveDirectory: C:\Users\Magda\AppData\Local\Opera Software RemoveDirectory: C:\Users\Magda\AppData\Roaming\Opera Software RemoveDirectory: C:\Users\Magda\AppData\Roaming\Shortcut RemoveDirectory: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Program Files\Common Files\*.DLL C:\Users\Public\AdwCleaner.exe C:\Windows\system32\pl.html CMD: newtsh advfirewall reset EmptyTemp: ***************** Procesy zostaÅ‚y pomyÅ›lnie zamkniÄ™te. Punkt przywracania zostaÅ‚ pomyÅ›lnie utworzony. WdMan => serwis pomyÅ›lnie usuniÄ™to eabfiltr => serwis pomyÅ›lnie usuniÄ™to C:\Windows\system32\GroupPolicy\Machine => pomyÅ›lnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => klucz pomyÅ›lnie usuniÄ™to C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyÅ›lnie przywrócono C:\Users\Magda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\Users\Magda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyÅ›lnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyÅ›lnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyÅ›lnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyÅ›lnie przywrócono HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyÅ›lnie przywrócono HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyÅ›lnie przywrócono "HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyÅ›lnie usuniÄ™to HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => klucz pomyÅ›lnie usuniÄ™to HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Wartość pomyÅ›lnie usuniÄ™to HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => klucz nie znaleziono. HKU\S-1-5-21-1690032049-1338340778-4026156367-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Wartość pomyÅ›lnie usuniÄ™to HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => klucz nie znaleziono. "HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5" => klucz pomyÅ›lnie usuniÄ™to c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => pomyÅ›lnie przeniesiono HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Wartość pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyÅ›lnie przywrócono HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wartość nie znaleziono. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17780549-88F0-465B-9BDE-E5192A885349}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17780549-88F0-465B-9BDE-E5192A885349}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\Opera N Saturday => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera N Saturday" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2755BEF1-FA08-4B4A-BE23-1A820D3353F8}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2755BEF1-FA08-4B4A-BE23-1A820D3353F8}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\{59DB60CC-AE7F-40CB-8122-E90F65D71699} => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{59DB60CC-AE7F-40CB-8122-E90F65D71699}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67D2ED1D-DA0A-4F35-A303-1B7A5113A195}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D2ED1D-DA0A-4F35-A303-1B7A5113A195}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\{FDC55BFE-4E9A-457C-8DF8-34F10D3D1543} => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDC55BFE-4E9A-457C-8DF8-34F10D3D1543}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C0B8F11-B67E-4066-9906-9037FD5044B6}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C0B8F11-B67E-4066-9906-9037FD5044B6}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9B9D8C2-B79D-4186-9CB8-CD5DA1F28A55}" => klucz pomyÅ›lnie usuniÄ™to "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9B9D8C2-B79D-4186-9CB8-CD5DA1F28A55}" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => pomyÅ›lnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => klucz pomyÅ›lnie usuniÄ™to C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => pomyÅ›lnie przeniesiono C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => pomyÅ›lnie przeniesiono HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz pomyÅ›lnie usuniÄ™to HKCU\Software\dobreprogramy => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejÅ›ciu (ErrorCode: C0000121), zobacz kolejnÄ… liniÄ™. HKLM\SOFTWARE\yoursites123Software => klucz pomyÅ›lnie usuniÄ™to HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyÅ›lnie usuniÄ™to HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyÅ›lnie usuniÄ™to HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => klucz pomyÅ›lnie usuniÄ™to "C:\AdwCleaner" => pomyÅ›lnie usuniÄ™to. "C:\Program Files\Google" => pomyÅ›lnie usuniÄ™to. "C:\Program Files\Opera" => pomyÅ›lnie usuniÄ™to. "C:\ProgramData\HWdMH" => pomyÅ›lnie usuniÄ™to. "C:\Users\Magda\AppData\Local\Opera Software" => pomyÅ›lnie usuniÄ™to. "C:\Users\Magda\AppData\Roaming\Opera Software" => pomyÅ›lnie usuniÄ™to. "C:\Users\Magda\AppData\Roaming\Shortcut" => pomyÅ›lnie usuniÄ™to. "C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" => pomyÅ›lnie usuniÄ™to. =========== "C:\Program Files\Common Files\*.DLL" ========== C:\Program Files\Common Files\IRAABOUT.DLL => pomyÅ›lnie przeniesiono C:\Program Files\Common Files\IRALPTTR.DLL => pomyÅ›lnie przeniesiono C:\Program Files\Common Files\IRAMDMTR.DLL => pomyÅ›lnie przeniesiono C:\Program Files\Common Files\IRAREG.DLL => pomyÅ›lnie przeniesiono C:\Program Files\Common Files\IRASRIAL.DLL => pomyÅ›lnie przeniesiono C:\Program Files\Common Files\IRAWEBTR.DLL => pomyÅ›lnie przeniesiono ========= Koniec -> "C:\Program Files\Common Files\*.DLL" ======== C:\Users\Public\AdwCleaner.exe => pomyÅ›lnie przeniesiono C:\Windows\system32\pl.html => pomyÅ›lnie przeniesiono ========= newtsh advfirewall reset ========= Nazwa 'newtsh' nie jest rozpoznawana jako polecenie wewn©trzne lub zewn©trzne, program wykonywalny lub plik wsadowy. ========= Koniec CMD: ========= EmptyTemp: => 384.4 MB danych tymczasowych UsuniÄ™to. System wymagaÅ‚ restartu. ==== Koniec Fixlog 18:17:12 ====