Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:12-12-2015 01 Uruchomiony przez Użytkownik (2015-12-13 12:54:06) Run:1 Uruchomiony z C:\Users\Użytkownik\Desktop\Dokumenty Kuby\Programy i instalki\FRST Załadowane profile: Użytkownik (Dostępne profile: Użytkownik) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [X] ShortcutWithArgument: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 <==== UWAGA ShortcutWithArgument: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKU\S-1-5-21-3743986464-4091518637-4251773603-1002 -> {A68C464B-3CC5-450D-AC4B-798EDA78107F} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 Task: {076B7068-802E-4411-A2AB-04837C6054B8} - System32\Tasks\{68E393EB-2F96-4510-A58F-C68918B08BD9} => pcalua.exe -a C:\Users\Użytkownik\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor Task: {FE882CAB-92A1-4608-8756-B53190134358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3743986464-4091518637-4251773603-1002Core => C:\Users\Użytkownik\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9695 AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9733 AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9831 DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\ProgramData\UWdMU RemoveDirectory: C:\ProgramData\ZWdMZ CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: del /q C:\ProgramData\lbogtyso.zat CMD: del /q C:\ProgramData\mntemp CMD: del /q C:\Users\Public\GROUP.dat CMD: del /q C:\Windows\SysWOW64\pl.html EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte.