Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:17-12-2015
Uruchomiony przez Marcin (2015-12-18 19:32:23) Run:1
Uruchomiony z C:\Users\Marcin\Downloads
Załadowane profile: Marcin (Dostępne profile: Marcin)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3148115178-2301685078-862424154-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446580349&z=16c7d313d9cc5dafe9e5e40g6z3z0q6w7b5e7e3m6o&from=cor&uid=ADATAXSP920SS_8E302000294120002941
Edge HomeButtonPage: HKU\S-1-5-21-3148115178-2301685078-862424154-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1450082137&z=988513a45eadc00e82a2b66g7z0wde8e0b8o1g4o1z&from=wpm07173&uid=ADATAXSP920SS_8E302000294120002941
OPR Session Restore: -> [funkcja włączona]
Task: {04DF777C-77EF-4C7E-A608-2C019F33BD79} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
Task: {1AD9D468-7A76-4C7A-A054-A38EC281E1BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {43E6EC14-A2F4-4BA2-AE40-9232788C9BC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {53C2CB2C-B62C-4AF5-B5A5-B7FECCA29373} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe [2015-12-14] ()
Task: {8563FE0A-89C1-4559-AE11-4546B65E89FF} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe <==== UWAGA
Task: {A225C590-680B-4E1D-B453-D549D1E05150} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {BEE73AE1-9228-43CD-B7B9-4A73156E7377} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {EDE475D1-651B-4AAA-B91F-B50D9C69C8E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
S3 4F966B02736503C9; C:\WINDOWS\TEMP\160C40E.sys [165104 2015-12-16] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-16] ()
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files\DrWeb
RemoveDirectory: C:\Program Files\Common Files\Doctor Web
RemoveDirectory: C:\Program Files\Common Files\McAfee
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\Doctor Web
RemoveDirectory: C:\ProgramData\gWMiniProg
RemoveDirectory: C:\ProgramData\McAfee
RemoveDirectory: C:\Users\Marcin\AppData\Roaming\TSv
RemoveDirectory: C:\Users\Marcin\Doctor Web
RemoveDirectory: C:\Windows\System32\Tasks\Doctor Web
RemoveDirectory: C:\Windows\System32\Tasks\McAfee
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\system32\Drivers\dw_wfp.sys.delete-later-189796
C:\Windows\System32\Drivers\EsgScanner.sys
C:\Windows\System32\drivers\mfeelamk.sys
C:\Windows\SysWOW64\data.bin
C:\Windows\SysWOW64\pl.html
CMDL netsh advfirewall reset
EmptyTemp:

*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto.
C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Skrót - argument pomyślnie usunięto.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKU\S-1-5-21-3148115178-2301685078-862424154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKU\S-1-5-21-3148115178-2301685078-862424154-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => Wartość pomyślnie przywrócono
OPR Session Restore: -> [funkcja włączona] => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04DF777C-77EF-4C7E-A608-2C019F33BD79}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04DF777C-77EF-4C7E-A608-2C019F33BD79}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Pending Update" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AD9D468-7A76-4C7A-A054-A38EC281E1BA}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD9D468-7A76-4C7A-A054-A38EC281E1BA}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43E6EC14-A2F4-4BA2-AE40-9232788C9BC4}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43E6EC14-A2F4-4BA2-AE40-9232788C9BC4}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53C2CB2C-B62C-4AF5-B5A5-B7FECCA29373}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C2CB2C-B62C-4AF5-B5A5-B7FECCA29373}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8563FE0A-89C1-4559-AE11-4546B65E89FF}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8563FE0A-89C1-4559-AE11-4546B65E89FF}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordFly Auto Updater 1.10.0.28 Core" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A225C590-680B-4E1D-B453-D549D1E05150}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A225C590-680B-4E1D-B453-D549D1E05150}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEE73AE1-9228-43CD-B7B9-4A73156E7377}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEE73AE1-9228-43CD-B7B9-4A73156E7377}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDE475D1-651B-4AAA-B91F-B50D9C69C8E9}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDE475D1-651B-4AAA-B91F-B50D9C69C8E9}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => klucz pomyślnie usunięto