Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niestety mnie tez dopadło yoursites123

Mediox 12 Gru 2015 00:09 564 2
  • #1 12 Gru 2015 00:09
    Mediox
    Poziom 2  

    Witam.
    Tak jak w temacie.Niestety tez mnie dopadło to cholerstwo i za bardzo nie wiem jak sobie tym poradzić,więc proszę o pomoc.W załącznikach dodaję to co chyba jest potrzebne.
    Z góry dziękuję.

    0 2
  • CControls
  • #2 12 Gru 2015 00:18
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    Task: {C4173CDD-D602-4A8F-9286-1ED806FDB885} - System32\Tasks\{86839954-6BA3-4A12-A32A-FE827E3DA250} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pl/abandoninstall?page=tsProgressBar
    ShortcutWithArgument: C:\Users\marek_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS <==== UWAGA
    (DTools LIMITED) C:\ProgramData\3WMiniPro3\WMiniPro.exe
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-2281891925-1549341010-1073042292-1002\...\MountPoints2: {5fb20d8c-764d-11e4-8273-645a04c3e701} - "E:\autoplay.exe"
    HKU\S-1-5-21-2281891925-1549341010-1073042292-1002\...\MountPoints2: {92c9400b-8070-11e3-8255-806e6f6e6963} - "D:\cda_menu.exe"
    HKU\S-1-5-21-2281891925-1549341010-1073042292-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...OSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS&q={searchTerms}




    URLSearchHook: [S-1-5-21-2281891925-1549341010-1073042292-1001] UWAGA => Brak domyślnego URLSearchHook
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\marek_000\AppData\Roaming\Mozilla\Firefox\Profiles\d52h1bck.default\extensions\sidebarff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\marek_000\AppData\Roaming\Mozilla\Firefox\Profiles\l56o1grs.default-1449086781684\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\marek_000\AppData\Roaming\Mozilla\Firefox\Profiles\l56o1grs.default-1449086781684\extensions\yahooprotected@gmail.com => nie znaleziono
    CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1447...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS
    CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1447162286&z=7db20d5e90e058f56462447g3zcz0mbg5qeo3o2b4t&from=wpm07163&uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS"
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\marek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\marek_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_Z3JMS00MSXXZ3JMS00MS
    R2 WdsManPro; C:\ProgramData\3WMiniPro3\WMiniPro.exe [302592 2015-11-30] (DTools LIMITED) [Brak podpisu cyfrowego]
    2015-12-02 20:52 - 2015-12-02 20:53 - 00000000 ____D C:\ProgramData\3WMiniPro3
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0
  • CControls
  • #3 12 Gru 2015 00:56
    Mediox
    Poziom 2  

    Wielkie dzięki.Pomogło.

    0