Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Kolejna osoba z yoursites123.

MoniqueV 11 Gru 2015 11:31 468 2
  • CControls
  • Pomocny post
    #2 11 Gru 2015 11:40
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AVG PC TuneUp 2015
    Java(TM) 6 Update 23
    Java(TM) 6 Update 30 (64-bit)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {0A66FB47-C57C-4B26-A93D-EC2AACCAD966} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-20] ()
    Task: {2539FD3C-41DC-4C1D-B39A-82CBF5A97634} - System32\Tasks\{77FE5D8E-6043-402A-86F0-9F95AF5DAF5B} => pcalua.exe -a E:\SetupReg.exe -d E:\
    Task: {2D06DF31-DBAC-46E0-827E-6CA3331FA5DB} - System32\Tasks\{D096D575-D52E-4DFB-A091-EB4A1B9E0948} => pcalua.exe -a E:\ELECTR~1\NEEDFO~1\UNWISE.EXE -c E:\ELECTR~1\NEEDFO~1\INSTALL.LOG
    Task: {5F6D4865-5078-45D2-A614-03396E410DDB} - System32\Tasks\{6981ACF0-5DEA-4C08-891D-46F0DA71D047} => pcalua.exe -a E:\CHNP\UNWISE.EXE -c E:\CHNP\INSTALL.LOG
    Task: {7340E5BD-076D-447B-95AD-ADB43F1BBE5A} - System32\Tasks\{F63E6A50-8A87-43D2-8FED-985B208E20FB} => pcalua.exe -a "C:\Users\jan pawel 2\Desktop\WindowsPhone.exe" -d "C:\Users\jan pawel 2\Desktop"
    Task: {8434CF1D-1235-4C69-82C2-FB584BB90871} - System32\Tasks\{D5AFF827-B41C-4ABC-AE4F-30A8755228B6} => pcalua.exe -a O:\Setup.exe -d O:\
    Task: {D75BD730-26CA-4879-B603-21F5115095C2} - System32\Tasks\{273A6A61-72EE-4148-9E00-2803A481F596} => pcalua.exe -a O:\Setup.exe -d O:\
    Task: {E37B7CD7-5795-4769-BFAF-0A6F08CBE65F} - System32\Tasks\{CD097853-628D-4A4E-A815-29E0FE66FCCB} => pcalua.exe -a "E:\NFS Underground 2.exe" -d E:\
    Task: {F1A48EF7-F09C-4E87-9C43-BFAB23D96D96} - System32\Tasks\{DBF0A8C0-A0B0-439D-9C96-BCB82592B79D} => pcalua.exe -a C:\Windows\IsUninst.exe -c -fE:\Uninst.isu
    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION




    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\Users\jan pawel 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153 <==== ATTENTION
    (tsvr.com) C:\Users\jan pawel 2\AppData\Roaming\TSv\TSvr.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: I - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: N - N:\autorun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: O - O:\setup.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: T - T:\LGAutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {0a08830e-0580-11e4-b02d-a6bcb8fc0789} - I:\Launcher.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {0a088333-0580-11e4-b02d-a6bcb8fc0789} - I:\Launcher.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {3038ca1b-d60c-11e4-9201-b4f218f95915} - J:\launcher.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {34586ae1-2c57-11e4-87d1-cb6d75b05ab8} - O:\install.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {3767bb0e-6ffc-11e4-9235-c363402571e7} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {3767bb8e-6ffc-11e4-9235-c363402571e7} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {3ca9a567-5a4a-11e4-a72d-ece623b7feb2} - J:\setup\rsrc\Autorun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {5523f04f-067b-11e4-a6c3-dcac2e5b68b5} - I:\Launcher.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {658d7758-0f33-11e4-bb86-bb66b792bb8f} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {7d39c1e1-d790-11e4-8312-c498ddfa1d20} - N:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {7f88a970-a888-11e3-9cc6-d6dd46b6828c} - G:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {7f88a975-a888-11e3-9cc6-d6dd46b6828c} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {92802ccd-a88a-11e3-9a7a-001e101f36d9} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {94461caa-6b17-11e4-bcf8-a4d114c531d2} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {94461cad-6b17-11e4-bcf8-a4d114c531d2} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {9c50d226-0cbd-11e4-93b6-8dd95f6be08f} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {a3d6e8b2-6b22-11e4-983d-806e6f6e6963} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {c53272fb-6b21-11e4-922e-806e6f6e6963} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {c5327346-6b21-11e4-922e-a3326efc4a3f} - F:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {c63efab5-0e5e-11e4-8b50-f60cb9edcf8f} - I:\AutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {ea90b600-1bee-11e4-8bd4-eff74b976e94} - T:\LGAutoRun.exe
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\...\MountPoints2: {eaa0aa27-d531-11e4-b4b6-b008097ac73d} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-07] (Microsoft Corporation)
    IFEO\consumer_cpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    BootExecute: autocheck autochk /p \??\S:autocheck autochk *
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://pl.msn.com/
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    HKU\S-1-5-21-3850064543-296339651-616788230-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    SearchScopes: HKU\S-1-5-21-3850064543-296339651-616788230-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3850064543-296339651-616788230-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    Toolbar: HKU\S-1-5-21-3850064543-296339651-616788230-1000 -> No Name - {BF920CDA-58A5-4961-BE11-EF61DC1949B4} - No File
    CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449802257&z=2786dbfc775668f2dd1ed74g2z0zet0b6eeo4o2wfq&from=ient07021&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153"
    CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&...XWD10EZEX-75ZF5A0_WD-WCC1S382015320153&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\jan pawel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\jan pawel 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S382015320153
    R2 IhPul; C:\Users\jan pawel 2\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-12-11 03:51 - 2015-12-11 10:16 - 00000000 ____D C:\ProgramData\BWdMB
    2015-12-11 03:51 - 2015-12-11 10:16 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-11 03:51 - 2015-12-11 09:52 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2015-12-11 03:51 - 2015-12-11 03:51 - 00000000 ____D C:\Users\jan pawel 2\AppData\Roaming\TSv
    2015-12-11 03:50 - 2015-12-11 10:30 - 00000000 ____D C:\ProgramData\rWdMr
    2015-11-18 10:50 - 2015-12-10 11:48 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408647807
    2015-10-30 00:17 - 2015-12-11 03:51 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-10-30 00:17 - 2015-12-11 03:50 - 00000000 ____D C:\ProgramData\OWMiniProO
    2015-10-30 00:17 - 2015-10-30 00:20 - 00000000 ____D C:\Users\jan pawel 2\AppData\Roaming\istartsurf
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • #3 11 Gru 2015 13:08
    MoniqueV
    Poziom 2  

    Dziękuję ślicznie. Pomogło. :)
    Kolejna osoba z yoursites123.

    0