Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursite 123 i prośba o usunięcie.

Boshi 12 Gru 2015 11:08 885 3
  • CControls
  • #2 12 Gru 2015 11:27
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk -> C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126




    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...WD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126&q={searchTerms}
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...WD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126&q={searchTerms}earchScopes: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1\
    BHO: Brak nazwy -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Brak pliku
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF SelectedSearchEngine: yoursites123
    FF Homepage: about:home
    FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <nie znaleziono>
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    U3 afuzaanf; C:\Windows\system32\Drivers\afuzaanf.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 alzl2qs5; C:\Windows\system32\Drivers\alzl2qs5.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    R4 ccSet_NIS; \SystemRoot\system32\drivers\NIS\1605050.00F\ccSetx86.sys [X]
    S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    R4 IDSVix86; \??\C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVix86.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    R4 SRTSPX; \SystemRoot\system32\drivers\NIS\1605050.00F\SRTSPX.SYS [X]
    R4 SymEFASI; system32\drivers\NIS\1605050.00F\SYMEFASI.SYS [X]
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Brak podpisu cyfrowego]
    U2 V2iMount; Brak ImagePath
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    2015-12-09 08:43 - 2015-12-09 08:45 - 00000000 ____D C:\ProgramData\rWdMr
    2015-12-09 08:37 - 2015-12-09 08:38 - 00000000 ____D C:\ProgramData\5WdM5
    2015-12-12 11:03 - 2014-11-03 01:49 - 00000000 ____D C:\AdwCleaner
    C:\Users\lenovo\setup_av_free.exe
    C:\Users\lenovo\AppData\Local\Temp\SEVINST.EXE
    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 12 Gru 2015 11:31
    Kolobos
    Spec od komputerów

    @Boshi fixlist od @krzychupar nie jest poprawny.

    Odinstaluj SpyHunter.

    Fixlist.txt dla FRST:
    Task: {02A9166A-234B-4839-A446-B774B8E89148} - System32\Tasks\{997B41D8-515C-4F3A-9940-6FC5B2A9252C} => c:\program files\opera\opera.exe
    Task: {2CDA097E-3F80-4FBB-A7B8-0047F3F9CD16} - System32\Tasks\{49520FC4-37A5-4A5B-BC4E-854D17CF7A37} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {30DA92E4-D0A4-415F-BC46-F1C9A3664FF2} - System32\Tasks\{FA53A32A-6B12-441B-8009-1403317C1139} => c:\program files\opera\opera.exe
    Task: {3F83101B-BA37-423B-A246-6E8F5DB7BCBC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-10] (Enigma Software Group USA, LLC.)
    Task: {8696CAEB-D01C-4319-B846-3BC2D721657D} - System32\Tasks\{A98775AC-D591-45B4-87FF-383FEBF72BE7} => pcalua.exe -a "D:\Desktop\Nowy folder\CorelDraw 12 PL\instmsiw.exe" -d "D:\Desktop\Nowy folder\CorelDraw 12 PL"
    Task: {896FEE28-5137-4939-B062-6364AEC1403F} - System32\Tasks\{77F174F3-8E74-4391-A0A7-7F025242E1AF} => pcalua.exe -a F:\MK4_CVR.pl\Mortal_Kombat_4\Setup.exe -d F:\MK4_CVR.pl\Mortal_Kombat_4
    Task: {8AD6E2EF-4B82-4B3C-832E-4762EC965768} - System32\Tasks\{82D9CAA3-4065-492D-A904-106E42BCA8E8} => pcalua.exe -a D:\Downloads\magic_pkt.exe -d "C:\Program Files\Mozilla Firefox"
    Task: {C491D418-7FED-4D0E-85CE-BEF3D9650516} - System32\Tasks\{2B31B074-F76D-419B-BB48-E1C96EF1619D} => pcalua.exe -a D:\Desktop\GoogleSketchUpWEN.exe -d "C:\Program Files\Mozilla Firefox" -c file:///D:/Downloads/GoogleSketchUpWEN.exe
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk -> C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe () -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126 <==== UWAGA
    (TFuns LIMITED) C:\ProgramData\rWdMr\WdMan.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    HKLM\...\Policies\Explorer\Run: [] => 1
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: H - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {05ec4210-4c50-11e2-be02-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {05ec421b-4c50-11e2-be02-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {05ec4227-4c50-11e2-be02-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {30749c38-9b61-11e0-ae33-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {4a5d4104-3acd-11e5-8e4b-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {4ba86997-7a4b-11e2-9593-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {59ec5f05-dac6-11e4-a52c-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {5e27894b-3a72-11e5-a2fe-806e6f6e6963} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {9752eaab-638d-11e5-b4fd-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {9752eab4-638d-11e5-b4fd-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {b753a4ff-d93a-11e4-af68-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {b753a508-d93a-11e4-af68-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {c6261808-fc7e-11e2-aed5-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {c6261827-fc7e-11e2-aed5-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {c626186c-fc7e-11e2-aed5-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {cd75a333-02c8-11e3-85f0-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {d4874402-43ea-11e4-bd8b-00265eae9c9c} - H:\AutoRun.exe
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\...\MountPoints2: {f59334f0-6448-11e5-9b1b-00265eae9c9c} - H:\AutoRun.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...WD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126&q={searchTerms}
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    HKU\S-1-5-21-3572675596-2457513243-2865254529-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...WD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO: Brak nazwy -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Brak pliku
    Toolbar: HKU\S-1-5-21-3572675596-2457513243-2865254529-1004 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF SelectedSearchEngine: yoursites123
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD3200BEVT-22ZCT0_WD-WXE0A79U5126U5126
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <nie znaleziono>
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2015-12-10] (Enigma Software Group USA, LLC.)
    R2 WdMan; C:\ProgramData\rWdMr\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-12-10] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-12-10] ()
    U3 afuzaanf; C:\Windows\system32\Drivers\afuzaanf.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 alzl2qs5; C:\Windows\system32\Drivers\alzl2qs5.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    R4 ccSet_NIS; \SystemRoot\system32\drivers\NIS\1605050.00F\ccSetx86.sys [X]
    S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    R4 IDSVix86; \??\C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVix86.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    R4 SRTSPX; \SystemRoot\system32\drivers\NIS\1605050.00F\SRTSPX.SYS [X]
    R4 SymEFASI; system32\drivers\NIS\1605050.00F\SYMEFASI.SYS [X]
    U2 V2iMount; Brak ImagePath
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    2015-12-10 11:30 - 2015-12-10 11:30 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-10 11:30 - 2015-12-10 11:30 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Enigma Software Group
    2015-12-10 11:30 - 2015-12-10 11:30 - 00000000 ____D C:\sh4ldr
    2015-12-10 11:30 - 2015-12-10 11:30 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-12-10 09:46 - 2015-12-10 09:46 - 00000001 _____ C:\Windows\system32\pl.html
    2015-12-09 08:43 - 2015-12-09 08:45 - 00000000 ____D C:\ProgramData\rWdMr
    2015-12-09 08:37 - 2015-12-09 08:38 - 00000000 ____D C:\ProgramData\5WdM5
    2015-12-12 11:03 - 2014-11-03 01:49 - 00000000 ____D C:\AdwCleaner
    2013-06-26 13:53 - 2014-06-23 14:42 - 0003731 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    2009-12-03 22:14 - 2009-07-07 15:16 - 0076407 _____ () C:\Users\lenovo\AppData\Roaming\Smiley.ico
    2010-02-06 19:48 - 2015-06-17 14:45 - 0007808 _____ () C:\Users\lenovo\AppData\Local\d3d9caps.dat
    2014-07-12 09:10 - 2014-07-15 12:30 - 0089088 _____ () C:\Users\lenovo\AppData\Local\nedjqqef.gdb
    2014-07-12 09:10 - 2014-07-15 12:32 - 0945516 _____ () C:\Users\lenovo\AppData\Local\nedjqqef.gss
    2010-12-13 12:08 - 2011-01-30 19:29 - 0000088 __RSH () C:\ProgramData\3B09A9A533.sys
    C:\Users\lenovo\setup_av_free.exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    @krzychupar za kazdym razem pomijasz infekcje. Takie sprawdzanie nie ma sensu. Do tego usuwasz sterownik unlockera:
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Brak podpisu cyfrowego]

    0
  • #4 13 Gru 2015 12:01
    Boshi
    Poziom 12  

    Dziękuję za pomoc, wszystko chodzi :)

    0