Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 - prośba o analizę logów.

tlukas 12 Gru 2015 13:23 450 4
  • Pomocny post
    #2 12 Gru 2015 13:48
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850 <==== UWAGA
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850 <==== UWAGA
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850 <==== UWAGA
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850 <==== UWAGA
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850 <====
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3063504456-873415951-1018554796-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...&uid=ST750LM022XHN-M750MBB_S2UQJ9BC807850




    SearchScopes: HKU\S-1-5-21-3063504456-873415951-1018554796-1002 -> DefaultScope {D14CC0BB-15EC-424E-9DA1-C3B34F0CAE48} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3063504456-873415951-1018554796-1002 -> {D14CC0BB-15EC-424E-9DA1-C3B34F0CAE48} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO-x32: Discovery App -> {ba32987d-db80-4ccb-a8bb-f812b5421c0f} -> C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll => Brak pliku
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    2015-12-12 07:43 - 2015-12-12 08:18 - 00000000 ____D C:\AdwCleaner
    2015-12-11 19:42 - 2015-12-11 19:44 - 00000000 ____D C:\ProgramData\SWdMS

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • Pomocny post
    #3 12 Gru 2015 14:13
    Kolobos
    Spec od komputerów

    Jeszcze:
    2015-12-12 07:30 - 2015-12-12 07:30 - 00000000 _____ C:\prefs.js
    2015-06-26 08:11 - 2015-06-26 08:11 - 0628688 _____ (CMI Limited) C:\Users\User\AppData\Local\nsm8BAA.tmp

    0
  • #4 12 Gru 2015 14:50
    tlukas
    Poziom 9  

    Piękne dzięki Panowie!
    Wreszcie się tego pozbyłem.
    Pozdrawiam.

    0