Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:10-01-2015 01
Uruchomiony przez rafka (2016-01-13 22:21:48) Run:1
Uruchomiony z C:\Users\rafka\Downloads
Załadowane profile: rafka (Dostępne profile: rafka)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
ShortcutWithArgument: C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
C:\ProgramData\WWdMW
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
Task: {059FAE78-DB54-4B3F-97CA-49FAB45C099A} - System32\Tasks\{2295A12F-2596-431D-AE79-4B3691C1278E} => pcalua.exe -a C:\Users\rafka\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=cor
Task: {1AEF494A-582E-4FA9-A677-08097B51EF92} - System32\Tasks\ghokswaCheckTask => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-11-24] () <==== UWAGA
Task: {5D155660-68EC-4BCF-AEA5-7D8BCA517279} - System32\Tasks\ghokswaBrowserUpdateCore => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-11-24] () <==== UWAGA
C:\Program Files (x86)\ghokswa Browser
Task: {AF275ABB-5B37-4584-8709-E42B813310EC} - System32\Tasks\ghokswaBrowserUpdateUA => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-11-24] () <==== UWAGA
C:\Users\rafka\AppData\Roaming\istartsurf
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2903780414-2367744016-3413984583-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX&q={searchTerms}
BHO-x32: Jungle Net -> {dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} -> C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll => Brak pliku
BHO-x32: Brak nazwy -> {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -> Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1451299506&z=a89619e430f4d49e31c140fgfz5w7g1oetdt3w4e5m&from=wpm12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX
Edge HomeButtonPage: HKU\S-1-5-21-2903780414-2367744016-3413984583-1001 -> hxxp://www.delta-homes.com/?type=hp&ts=1444324663&z=6d1656cd5e0ac3ab76b48b3gaz7z6z4cfo7z9q4t9m&from=ient07031&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1452633939&z=7c587c82df7af118128a8aag0zewco9q9cbcbt9w3z&from=ient12253&uid=HGSTXHTS545050A7E380_TE85123RCEGGUWCEGGUWX
R2 WdMan; C:\ProgramData\WWdMW\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
C:\WINDOWS\SysWOW64\pl.html
C:\Program Files (x86)\SSFK.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\rafka\Documents\Documents\Youcam\YouCam(Webcam).lnk
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\Pokaz zdjęć z muzyką.lnk
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\_Demo.LNK
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\_TV Anti Cropping.LNK
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
EmptyTemp:
*****************

C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyślnie usunięto.
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => niepowodzenie przy usuwaniu w pierwszym podejściu (ErrorCode: C0000121), zobacz kolejną linię.
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => klucz pomyślnie usunięto
C:\ProgramData\WWdMW => pomyślnie przeniesiono
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => klucz pomyślnie usunięto
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{059FAE78-DB54-4B3F-97CA-49FAB45C099A}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{059FAE78-DB54-4B3F-97CA-49FAB45C099A}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{2295A12F-2596-431D-AE79-4B3691C1278E} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2295A12F-2596-431D-AE79-4B3691C1278E}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AEF494A-582E-4FA9-A677-08097B51EF92}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AEF494A-582E-4FA9-A677-08097B51EF92}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\ghokswaCheckTask => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ghokswaCheckTask" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D155660-68EC-4BCF-AEA5-7D8BCA517279}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D155660-68EC-4BCF-AEA5-7D8BCA517279}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\ghokswaBrowserUpdateCore => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ghokswaBrowserUpdateCore" => klucz pomyślnie usunięto
C:\Program Files (x86)\ghokswa Browser => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF275ABB-5B37-4584-8709-E42B813310EC}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF275ABB-5B37-4584-8709-E42B813310EC}" => klucz pomyślnie usunięto
C:\WINDOWS\System32\Tasks\ghokswaBrowserUpdateUA => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ghokswaBrowserUpdateUA" => klucz pomyślnie usunięto
C:\Users\rafka\AppData\Roaming\istartsurf => pomyślnie przeniesiono
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKU\S-1-5-21-2903780414-2367744016-3413984583-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => klucz pomyślnie usunięto
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}" => klucz pomyślnie usunięto
"HKCR\Wow6432Node\CLSID\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36}" => klucz pomyślnie usunięto
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd4c66b8-f943-4b10-8053-7e9ee39bba4a}" => klucz pomyślnie usunięto
HKCR\Wow6432Node\CLSID\{dd4c66b8-f943-4b10-8053-7e9ee39bba4a} => klucz nie znaleziono. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
HKU\S-1-5-21-2903780414-2367744016-3413984583-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wartość pomyślnie usunięto
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono
WdMan => Nie można zatrzymać usługi.
WdMan => serwis pomyślnie usunięto
C:\WINDOWS\SysWOW64\pl.html => pomyślnie przeniesiono
C:\Program Files (x86)\SSFK.exe => pomyślnie przeniesiono
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => pomyślnie przeniesiono
C:\Users\rafka\Documents\Documents\Youcam\YouCam(Webcam).lnk => pomyślnie przeniesiono
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\Pokaz zdjęć z muzyką.lnk => pomyślnie przeniesiono
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\_Demo.LNK => pomyślnie przeniesiono
C:\Users\rafka\Documents\Documents\MAGIX\Video deluxe 2013\_TV Anti Cropping.LNK => pomyślnie przeniesiono
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => pomyślnie przeniesiono
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk => pomyślnie przeniesiono
C:\Users\rafka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => pomyślnie przeniesiono
EmptyTemp: => 1 GB danych tymczasowych Usunięto.


System wymagał restartu.

==== Koniec  Fixlog 22:22:51 ====