Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:27-01-2016
Uruchomiony przez Admin (2016-01-28 23:54:28) Run:2
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
Task: {B9BBDC9E-EAD4-40AD-8389-8C4D091CE0D1} - System32\Tasks\Opera scheduled Autoupdate 1436970632 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software) 
ShortcutWithArgument: C:\Users\wara\Desktop\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\launcher — skrót.lnk -> D:\War Thunder\launcher.exe (Gaijin Entertainment) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 <==== UWAGA 
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe 
(tsvr.com) C:\Users\wara\AppData\Roaming\TSv\TSvr.exe 
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe 
(TFuns LIMITED) C:\ProgramData\3WdM3\WdMan.exe 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\...\MountPoints2: {06961b07-2af9-11e5-a15d-806e6f6e6963} - F:\cda_menu.exe 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/w...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/w...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/w...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/w...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/we...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/we...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2547876878-1029913848-782516458-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/we...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2547876878-1029913848-782516458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/...979101&type=default&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2547876878-1029913848-782516458-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/...979101&type=default&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2547876878-1029913848-782516458-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/we...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-2547876878-1029913848-782516458-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/...979101&type=default&q={searchTerms} 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?...1000524AS 6VPBP2C9XXXX6VPBP2C9 
CHR HomePage: Default -> hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449852554&z=06aba22ad51ed8ee153328eg0z3z9tbbew1o8wdw8e&from=ient07021&uid=ST31000524AS_6VPBP2C9XXXX6VPBP2C9"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/we...AS 6VPBP2C9XXXX6VPBP2C9&q={searchTerms} 
CHR DefaultSearchKeyword: Default -> yoursites123 
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?t...1000524AS 6VPBP2C9XXXX6VPBP2C9 
R2 IhPul; C:\Users\wara\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) 
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [731784 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited) 
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) 
R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X] 
2015-12-11 17:52 - 2015-12-11 20:50 - 00000000 ____D C:\Program Files (x86)\Picexa 
2015-12-11 17:52 - 2015-12-11 17:52 - 00000000 ____D C:\Users\wara\AppData\Roaming\Picexa Viewer 
2015-12-11 17:52 - 2015-12-11 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa 
2015-12-11 17:50 - 2015-12-11 17:51 - 00000000 ____D C:\ProgramData\3WdM3 
2015-12-02 20:58 - 2015-12-03 00:58 - 00000000 _____ C:\Windows\SysWOW64\pl6.exe 
2015-12-11 17:50 - 2015-10-15 14:47 - 00000000 ____D C:\Users\wara\AppData\Roaming\TSv 
2015-12-11 17:50 - 2015-10-15 14:45 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 
2015-12-10 17:08 - 2015-07-15 15:30 - 00003898 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436970632 
EmptyTemp:

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9BBDC9E-EAD4-40AD-8389-8C4D091CE0D1} => klucz nie znaleziono. 
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436970632 => nie znaleziono.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1436970632 => klucz nie znaleziono. 
C:\Users\wara\Desktop\Internet Explorer (64-bit).lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => nie znaleziono.
C:\Users\wara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\launcher — skrót.lnk => nie znaleziono.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => nie znaleziono.
"C:\ProgramData\TEMP" => ":1CE11B51" ADS nie znaleziono.
C:\Program Files (x86)\Picexa\picexasvc.exe => Nie odnaleziono uruchomionego procesu
C:\Users\wara\AppData\Roaming\TSv\TSvr.exe => Nie odnaleziono uruchomionego procesu
C:\Program Files (x86)\SFK\SSFK.exe => Nie odnaleziono uruchomionego procesu
C:\ProgramData\3WdM3\WdMan.exe => Nie odnaleziono uruchomionego procesu
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06961b07-2af9-11e5-a15d-806e6f6e6963} => klucz nie znaleziono. 
HKCR\CLSID\{06961b07-2af9-11e5-a15d-806e6f6e6963} => klucz nie znaleziono. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Błąd przy ustawianiu wartości.
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Błąd przy ustawianiu wartości.
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Błąd przy ustawianiu wartości.
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Błąd przy ustawianiu wartości.
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość nie znaleziono.
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => klucz nie znaleziono. 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => klucz nie znaleziono. 
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => klucz nie znaleziono. 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKU\S-1-5-21-2547876878-1029913848-782516458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => klucz nie znaleziono. 
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => klucz nie znaleziono. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
Chrome HomePage => pomyślnie usunięto
Chrome StartupUrls => pomyślnie usunięto
Chrome DefaultSearchURL => pomyślnie usunięto
Chrome DefaultSearchKeyword => pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => Wartość pomyślnie przywrócono
IhPul => serwis nie znaleziono.
PicexaService => serwis nie znaleziono.
SSFK => serwis nie znaleziono.
WdMan => serwis nie znaleziono.
VGPU => serwis nie znaleziono.
wafd_vt_1_10_0_20 => serwis nie znaleziono.
"C:\Program Files (x86)\Picexa" => nie znaleziono.
"C:\Users\wara\AppData\Roaming\Picexa Viewer" => nie znaleziono.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa" => nie znaleziono.
"C:\ProgramData\3WdM3" => nie znaleziono.
"C:\Windows\SysWOW64\pl6.exe" => nie znaleziono.
"C:\Users\wara\AppData\Roaming\TSv" => nie znaleziono.
"C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => nie znaleziono.
"C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436970632" => nie znaleziono.
EmptyTemp: => 25.6 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 23:55:18 ====