Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Męka z yoursite123 - jak usunąć?

anutek2015 11 Gru 2015 09:48 873 2
  • CControls
  • Pomocny post
    #2 11 Gru 2015 09:57
    Kolobos
    Spec od komputerów

    Uzyj: http://www.bleepingcomputer.com/download/adwcleaner/ nacisnij Szukaj, a pozniej Usun.
    Po uzyciu Odinstaluj.

    Odinstaluj: Picexa

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {8268D114-A066-4455-801B-FF67388F9A5D} - System32\Tasks\Opera scheduled Autoupdate 1434471141 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA




    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\ANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153 <==== UWAGA
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
    (RayDl) C:\Program Files (x86)\RayDld\ihpmServer.exe
    (tsvr.com) C:\Users\ANNA\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TFuns LIMITED) C:\ProgramData\SWdMS\WdMan.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...p;uid=goodramxc40_de3f075116c601377153&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...p;uid=goodramxc40_de3f075116c601377153&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...p;uid=goodramxc40_de3f075116c601377153&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...p;uid=goodramxc40_de3f075116c601377153&q={searchTerms}
    HKU\S-1-5-21-3134841167-3493209116-4055102021-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=GOODRAMXC40_DE3F075116C601377153&q={searchTerms}
    HKU\S-1-5-21-3134841167-3493209116-4055102021-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
    HKU\S-1-5-21-3134841167-3493209116-4055102021-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=GOODRAMXC40_DE3F075116C601377153&q={searchTerms}
    HKU\S-1-5-21-3134841167-3493209116-4055102021-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
    HKU\S-1-5-21-3134841167-3493209116-4055102021-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    URLSearchHook: [S-1-5-21-3134841167-3493209116-4055102021-1002] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-3134841167-3493209116-4055102021-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1&rlz=1I7GGHP_plPL645
    SearchScopes: HKU\S-1-5-21-3134841167-3493209116-4055102021-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=GOODRAMXC40_DE3F075116C601377153&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3134841167-3493209116-4055102021-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1&rlz=1I7GGHP_plPL645
    BHO-x32: Sale Clipper -> {b18906df-1dfa-4d50-8a1f-7d076a8c87b7} -> C:\Program Files (x86)\Sale Clipper\Extensions\b18906df-1dfa-4d50-8a1f-7d076a8c87b7.dll => Brak pliku
    BHO-x32: Middle Rush -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> C:\Program Files (x86)\Middle Rush\Extensions\d00ab4cc-662c-40b6-a85f-d53086f4bb16.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=...ornl&uid=GOODRAMXC40_DE3F075116C601377153
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: yoursites123
    FF SelectedSearchEngine: yoursites123
    FF SearchPlugin: C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\searchplugins\webssearches.xml [2015-12-09]
    FF SearchPlugin: C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\searchplugins\yoursites123.xml [2015-12-09]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartpageing.xml [2015-11-29]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2015-06-25]
    FF Extension: YahooToolsProtected - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\yahooprotected@gmail.com [2015-11-29] [Brak podpisu cyfrowego]
    FF Extension: Default NewTab - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\default_newtabff@gmail.com [2015-12-09] [Brak podpisu cyfrowego]
    FF Extension: Middle Rush - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\Extensions\{43b43a3e-6977-4b1d-a372-a2f807c0dd6c}.xpi [2015-11-29] [Brak podpisu cyfrowego]
    FF Extension: Sale Clipper - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\Extensions\{4e4e0b18-68b4-44ac-a4f7-48001b39d827}.xpi [2015-06-25] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\searchffv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\yahooprotected@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\ANNA\AppData\Roaming\Mozilla\Firefox\Profiles\56lg15tl.default\extensions\default_newtabff@gmail.com
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=GOODRAMXC40_DE3F075116C601377153
    CHR Extension: (Middle Rush) - C:\Users\ANNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccipnnlbefbajeigflfmjncgdljikkef [2015-11-30] [UpdateUrl: hxxp://cdn.middlerush.com/update] <==== UWAGA
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [275176 2015-11-25] (RayDl)
    R2 IhPul; C:\Users\ANNA\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [731784 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    R2 WdMan; C:\ProgramData\SWdMS\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S1 tcfd_vw_1_10_0_24; system32\drivers\tcfd_vw_1_10_0_24.sys [X]
    S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
    2015-12-09 12:20 - 2015-12-10 14:51 - 00000000 ____D C:\Program Files (x86)\Picexa
    2015-12-09 12:20 - 2015-12-09 12:20 - 00001592 _____ C:\Users\Public\Desktop\Picexa.lnk
    2015-12-09 12:20 - 2015-12-09 12:20 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\Picexa Viewer
    2015-12-09 12:20 - 2015-12-09 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
    2015-12-09 12:19 - 2015-12-11 09:28 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-09 12:19 - 2015-12-11 09:20 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html
    2015-12-09 12:19 - 2015-12-09 12:20 - 00000000 ____D C:\ProgramData\SWdMS
    2015-12-09 12:19 - 2015-12-09 12:19 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\TSv
    2015-12-09 12:19 - 2015-12-09 12:19 - 00000000 ____D C:\ProgramData\OWdMO
    2015-11-29 23:10 - 2015-12-09 12:19 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-11-29 23:10 - 2015-12-09 12:19 - 00000000 ____D C:\ProgramData\tWMiniProt
    2015-11-29 23:10 - 2015-12-01 11:20 - 00000000 ____D C:\Users\ANNA\AppData\Roaming\yoursearching
    2015-11-29 22:38 - 2015-11-29 22:38 - 00000000 ____D C:\Program Files (x86)\RayDld
    2015-12-09 21:10 - 2015-06-16 17:12 - 00003880 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434471141
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • #3 11 Gru 2015 10:24
    anutek2015
    Poziom 2  

    Ufff, nie ma tego dziadostwa!
    Zamotałam się, ale dałam radę.:)
    Jeszcze raz bardzo, bardzo dziękuję!
    Męka z yoursite123 - jak usunąć?

    0