Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mnie tez dopadlo YOURSITES 123 -

mortines 11 Gru 2015 21:41 564 2
  • CControls
  • Pomocny post
    #2 11 Gru 2015 22:01
    Kolobos
    Spec od komputerów

    Nie ma.


    Nie pobieraj z dobrychprogramow przy pomocy ich menadzera pobierania, w ten sposob infekujesz system.
    Pobieraj TYLKO z bezposrednich linkow i ze stron producentow programow.

    Fixlist.txt dla FRST:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {0A5BB866-56B6-4B0B-BF46-B095184ADF17} - System32\Tasks\{00FA56CA-5BDF-4215-BB6C-E5E82199122B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
    Task: {0CF0B1A2-400B-42F4-8014-C2749B8B9E84} - System32\Tasks\{228DC587-9312-4B6B-A4D1-6CF497CBB58A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/pl/abandoninstall?page=tsMain
    Task: {30AC1257-24C3-49BC-80FB-306A17870774} - System32\Tasks\{16887A05-0204-4C3D-BA39-DA29AD55C23F} => pcalua.exe -a C:\Users\Małgorzata\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
    Task: {6E3AC1CD-77C0-47F0-B95E-E11BE48A8F10} - System32\Tasks\{CE2D1201-2B6F-4FD2-A718-F1C11955E9D4} => pcalua.exe -a C:\Users\Małgorzata\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cornl
    Task: {A36D0EF7-2A54-4909-ADD7-200262BAB09A} - \Inst_Rep -> Brak pliku <==== UWAGA
    Task: {A90E91F1-1488-43E5-AACD-87622F0B69CF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {C9A726BD-BE03-43A5-BFD4-4987778DC369} - System32\Tasks\{A8D40AA2-4F20-4658-9B0D-CAA29138F071} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/pl/go/help.faq.installer?LastError=1603
    Task: {DDC388BB-37A5-4875-A795-8AB2F3635CB1} - System32\Tasks\{B8A00A42-61D6-4BA6-AF8E-5DEC7E06EE3D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
    Task: C:\Windows\Tasks\BDs9KcKHhiGGMXh.job => C:\Users\Ma�gorzata\AppData\Roaming\BDs9KcKHhiGGMXh.exe <==== UWAGA
    Task: C:\Windows\Tasks\CEJYRE.job => C:\Users\Ma�gorzata\AppData\Roaming\CEJYRE.exe <==== UWAGA
    Task: C:\Windows\Tasks\k33WU4iVamn1omGgH1TMVN4g.job => C:\Users\Ma�gorzata\AppData\Roaming\k33WU4iVamn1omGgH1TMVN4g.exe <==== UWAGA
    Task: C:\Windows\Tasks\pyYgHp5WOdltE3g.job => C:\Users\Ma�gorzata\AppData\Roaming\pyYgHp5WOdltE3g.exe <==== UWAGA
    Task: C:\Windows\Tasks\XAPEKCH.job => C:\Users\Ma�gorzata\AppData\Roaming\XAPEKCH.exe <==== UWAGA




    ShortcutWithArgument: C:\Users\Małgorzata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX <==== UWAGA
    ShortcutWithArgument: C:\Users\Małgorzata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX <==== UWAGA
    ShortcutWithArgument: C:\Users\Małgorzata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX <==== UWAGA
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    IE trusted site: HKU\S-1-5-21-2880306748-461257826-4214308910-1001\...\webcompanion.com -> hxxp://webcompanion.com
    (tsvr.com) C:\Users\Małgorzata\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TFuns LIMITED) C:\ProgramData\eWdMe\WdMan.exe
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\...\Run: [EpicScale] => 0
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-29] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-29] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-29] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-29] (Lavasoft Limited)
    Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-29] (Lavasoft Limited)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XHTS547550A9E384_J2150050FMURLCFMURLCX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XHTS547550A9E384_J2150050FMURLCFMURLCX&q={searchTerms}
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XHTS547550A9E384_J2150050FMURLCFMURLCX&q={searchTerms}
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    HKU\S-1-5-21-2880306748-461257826-4214308910-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XHTS547550A9E384_J2150050FMURLCFMURLCX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2880306748-461257826-4214308910-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Brak nazwy -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> Brak pliku
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&a...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS547550A9E384_J2150050FMURLCFMURLCX
    R2 IhPul; C:\Users\Małgorzata\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    R2 WdMan; C:\ProgramData\eWdMe\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 SPDRIVER_1463.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1463.0.0.0\jsdrv.sys [X]
    2015-12-11 20:53 - 2015-12-11 20:53 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2015-12-10 11:07 - 2015-12-10 11:07 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-10 11:05 - 2015-12-10 11:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Małgorzata\Downloads\SpyHunter-Installer.exe
    2015-12-09 10:31 - 2015-12-11 21:01 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-09 10:30 - 2015-12-09 10:32 - 00000000 ____D C:\ProgramData\eWdMe
    2015-12-09 10:30 - 2015-12-09 10:30 - 00000000 ____D C:\Users\Małgorzata\AppData\Roaming\TSv
    2015-12-09 10:29 - 2015-12-09 10:30 - 00000000 ____D C:\ProgramData\FWdMF
    2015-11-22 13:38 - 2015-11-22 13:38 - 00000000 ____D C:\Users\Małgorzata\REACHit
    2015-11-22 13:38 - 2015-11-22 13:38 - 00000000 ____D C:\Users\Małgorzata\AppData\Local\Lenovo
    2015-11-22 13:37 - 2015-11-22 13:37 - 00000000 ____D C:\Users\Małgorzata\AppData\Local\Downloaded Installations
    2015-11-22 13:36 - 2015-11-22 13:55 - 00000000 ____D C:\Users\Małgorzata\AppData\Local\Google
    2015-11-22 13:36 - 2015-11-22 13:50 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2015-11-22 13:36 - 2015-11-22 13:50 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2015-11-22 13:35 - 2015-12-09 10:29 - 00000000 ____D C:\ProgramData\WWMiniProW
    2015-11-22 13:35 - 2015-11-22 13:56 - 00000000 ____D C:\Users\Małgorzata\AppData\Roaming\istartsurf
    2015-11-22 13:32 - 2015-11-22 13:32 - 00962128 _____ (Installer Soft Program ) C:\Users\Małgorzata\Downloads\Picasa-12733-dp.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Małgorzata\AppData\Roaming\BDs9KcKHhiGGMXh
    2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Małgorzata\AppData\Roaming\CEJYRE
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Małgorzata\AppData\Roaming\k33WU4iVamn1omGgH1TMVN4g
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Małgorzata\AppData\Roaming\pyYgHp5WOdltE3g
    2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Małgorzata\AppData\Roaming\XAPEKCH
    2015-06-19 14:29 - 2015-06-19 14:29 - 0628688 _____ (CMI Limited) C:\Users\Małgorzata\AppData\Local\nsa30F1.tmp
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Odinstaluj: globalupdate Helper

    0
  • CControls
  • #3 11 Gru 2015 22:41
    mortines
    Poziom 2  

    Wszystko ok.
    Dziękuję bardzo za pomoc.

    0