Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 - proszę o poradę.

darco2 11 Gru 2015 09:58 774 6
  • CControls
  • #2 11 Gru 2015 10:03
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Spybot - Search & Destroy
    SpyHunter

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {30711C81-1DB0-46CF-8A43-79AD0AAE3E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {40BF50D9-A1AD-4461-A408-7C9C4ECF5B86} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-10-15] (Enigma Software Group USA, LLC.)
    Task: {5795D99C-F3F6-4538-9346-5B138DA5D6B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D3CE16D8-074D-40B5-AC78-3E7CC01273B3} - System32\Tasks\{10CE2442-8C77-4636-936A-5C6279A31DBF} => pcalua.exe -a "C:\Users\Darek\Downloads\GTA.4.Razor1911\GTA.4-Razor1911\Grand Theft Auto IV PL 1.00.exe" -d C:\Users\Darek\Downloads\GTA.4.Razor1911\GTA.4-Razor1911
    Task: {E88356C1-A955-464A-838C-8AD23C6A6213} - System32\Tasks\Opera scheduled Autoupdate 1427457510 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
    Task: {F6529E10-0117-4D1E-9891-9FF0012C4AC1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA




    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2779223565-3072923604-3403885278-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-2779223565-3072923604-3403885278-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    HKU\S-1-5-21-2779223565-3072923604-3403885278-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S30YJ9EFB27606&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S30YJ9EFB27606&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    FF SearchPlugin: C:\Users\Darek\AppData\Roaming\Mozilla\Firefox\Profiles\1kzng8uq.default-1448350518694\searchplugins\yoursites123.xml [2015-12-11]
    FF Extension: Brak nazwy - C:\Users\Darek\AppData\Roaming\Mozilla\Firefox\Profiles\1kzng8uq.default-1448350518694\extensions\default_newtabff@gmail.com [nie znaleziono]
    FF Extension: Brak nazwy - C:\Users\Darek\AppData\Roaming\Mozilla\Firefox\Profiles\1kzng8uq.default-1448350518694\extensions\yahooprotected@gmail.com [nie znaleziono]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
    S2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe -svr [X]
    2015-12-11 08:51 - 2015-05-01 13:00 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • #3 11 Gru 2015 10:08
    Acorus 20
    Spec od komputerów

    Odinstaluj Spybot - Search & Destroy, SpyHunter. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {30711C81-1DB0-46CF-8A43-79AD0AAE3E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {5795D99C-F3F6-4538-9346-5B138DA5D6B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {F6529E10-0117-4D1E-9891-9FF0012C4AC1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    ShortcutWithArgument: C:\Users\Darek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606 <==== UWAGA
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2779223565-3072923604-3403885278-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    HKU\S-1-5-21-2779223565-3072923604-3403885278-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S30YJ9EFB27606&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S30YJ9EFB27606&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2779223565-3072923604-3403885278-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    FF SearchPlugin: C:\Users\Darek\AppData\Roaming\Mozilla\Firefox\Profiles\1kzng8uq.default-1448350518694\searchplugins\yoursites123.xml [2015-12-11]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S30YJ9EFB27606
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
    S2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe -svr [X]
    2015-12-11 08:51 - 2015-05-01 13:00 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 11 Gru 2015 10:39
    darco2
    Poziom 12  

    Spybot - Search & Destroy
    SpyHunter

    Nie jest potrzebny? W jaki sposób generować samemu ten plik do naprawy?

    0
  • #5 11 Gru 2015 10:44
    Acorus 20
    Spec od komputerów

    A do czego Ci potrzebne te programy? Infekcji tobie nie usuną. A z tą generacją to nie taka prosta sprawa.

    0
  • #6 11 Gru 2015 10:50
    darco2
    Poziom 12  

    Usuwam czasem jakieś śmieci tymi programami :)

    0