Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:13-12-2015
Uruchomiony przez Damian (2015-12-14 17:25:21) Run:1
Uruchomiony z C:\Users\Damian\Downloads
Załadowane profile: Damian (Dostępne profile: Damian)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246 <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2426139859-1562633933-961591751-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2426139859-1562633933-961591751-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246&q={searchTerms}
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Brak pliku
BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6w3xar.default\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6w3xar.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6w3xar.default\extensions\sidebarff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6w3xar.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6w3xar.default\extensions\yahooprotected@gmail.com => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1450101041&z=c53dd7c2fef391ab8baa0a0gez4w2e2gae2g7e2zeg&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ9AQ845246
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [] => [X]
R2 IhPul; C:\Users\Damian\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <???>)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-12-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main
RemoveDirectory: C:\Program Files (x86)\Mozilla Firefox\plugins
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\Program Files (x86)\WinZipper
RemoveDirectory: C:\Qoobox
RemoveDirectory: C:\Users\Damian\AppData\Roaming\RHEng
RemoveDirectory: C:\Users\Damian\AppData\Roaming\TSv
RemoveDirectory: C:\Users\Damian\Desktop\Stare dane programu Firefox
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:
*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Skrót - argument pomyślnie przywrócono
C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
"HKU\S-1-5-21-2426139859-1562633933-961591751-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKU\S-1-5-21-2426139859-1562633933-961591751-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto
"HKU\S-1-5-21-2426139859-1562633933-961591751-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => klucz pomyślnie usunięto
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => klucz nie znaleziono. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => klucz pomyślnie usunięto
C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => pomyślnie przeniesiono
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sidebarff@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => Wartość pomyślnie usunięto
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => Wartość pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => Wartość pomyślnie usunięto
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wartość pomyślnie usunięto
IhPul => serwis pomyślnie usunięto
SSFK => Nie można zatrzymać usługi.
SSFK => serwis pomyślnie usunięto
GVTDrv64 => serwis pomyślnie usunięto
catchme => serwis pomyślnie usunięto
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => klucz nie znaleziono. 
HKCU\Software\dobreprogramy => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię.
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię.
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main => klucz pomyślnie usunięto
"C:\Program Files (x86)\Mozilla Firefox\plugins" => pomyślnie usunięto.
"C:\Program Files (x86)\SFK" => pomyślnie usunięto.
"C:\Program Files (x86)\WinZipper" => pomyślnie usunięto.
"C:\Qoobox" => pomyślnie usunięto.
"C:\Users\Damian\AppData\Roaming\RHEng" => pomyślnie usunięto.
"C:\Users\Damian\AppData\Roaming\TSv" => pomyślnie usunięto.
"C:\Users\Damian\Desktop\Stare dane programu Firefox" => pomyślnie usunięto.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono
EmptyTemp: => 218.8 MB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 17:25:51 ====