Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:13-12-2015
Uruchomiony przez Mariusz (2015-12-15 09:51:27) Run:1
Uruchomiony z C:\Users\Mariusz\Downloads
Załadowane profile: Mariusz (Dostępne profile: Mariusz & Guest)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\Mariusz\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-14] (tsvr.com)
R2 WdMan; C:\ProgramData\cWdMc\WdMan.exe [333312 2015-12-14] (TFuns LIMITED) [Brak podpisu cyfrowego]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
ShortcutWithArgument: C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N <==== UWAGA
ShortcutWithArgument: C:\Users\Mariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N <==== UWAGA
ShortcutWithArgument: C:\Users\Mariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
HKU\S-1-5-21-2915783206-49812008-3396176740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2915783206-49812008-3396176740-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1448960542&z=c4bd8d7d723de9c92568429g1zaz4bct3qbe0wczcz&from=cor&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
Edge HomeButtonPage: HKU\S-1-5-21-2915783206-49812008-3396176740-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\ag4a6ebu.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\ag4a6ebu.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\ag4a6ebu.default\extensions\yahooprotected@gmail.com => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N"
CHR Session Restore: Default -> [funkcja włączona]
CHR HKU\S-1-5-21-2915783206-49812008-3396176740-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450086581&z=794b06610d81dd46286c89egez5w3ede4b1q1wdbbb&from=wpm07173&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG309837N
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f
RemoveDirectory: C:\ProgramData\cWdMc
RemoveDirectory: C:\ProgramData\QWdMQ
RemoveDirectory: C:\ProgramData\tWMiniProt
RemoveDirectory: C:\Users\Mariusz\AppData\Roaming\istartpageing
RemoveDirectory: C:\Users\Mariusz\AppData\Roaming\TSv
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\SysWOW64\data.bin
C:\Windows\SysWOW64\pl.html
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Błąd: (0) Nie udało się utworzyć punktu przywracania.
IhPul => serwis pomyślnie usunięto
WdMan => serwis pomyślnie usunięto
gdrv => serwis pomyślnie usunięto
C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Mariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Mariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Skrót - argument pomyślnie usunięto.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2915783206-49812008-3396176740-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKU\S-1-5-21-2915783206-49812008-3396176740-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2915783206-49812008-3396176740-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
Chrome StartupUrls => pomyślnie usunięto
Chrome Session Restore: => nie znaleziono.
"HKU\S-1-5-21-2915783206-49812008-3396176740-1001\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => klucz pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => Wartość pomyślnie usunięto
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz nie znaleziono. 
HKCU\Software\dobreprogramy => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię.
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto

========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========


========= reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f =========

Operacja ukoäczona pomylnie.


========= Koniec  Reg: =========

"C:\ProgramData\cWdMc" => pomyślnie usunięto.
"C:\ProgramData\QWdMQ" => pomyślnie usunięto.
"C:\ProgramData\tWMiniProt" => pomyślnie usunięto.
"C:\Users\Mariusz\AppData\Roaming\istartpageing" => pomyślnie usunięto.
"C:\Users\Mariusz\AppData\Roaming\TSv" => pomyślnie usunięto.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono
C:\Windows\SysWOW64\data.bin => pomyślnie przeniesiono
C:\Windows\SysWOW64\pl.html => pomyślnie przeniesiono
EmptyTemp: => 1.1 GB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 09:53:02 ====