Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

yoursites123 - proszę o poradę

bubul222 12 Gru 2015 22:02 666 4
  • CControls
  • Pomocny post
    #2 12 Gru 2015 23:06
    Kolobos
    Spec od komputerów

    ATTENTION: ====> FRST version is 748 days old and could be outdated
    Starszej wersji nie miales? Masz uzyc najnowszej:
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/


    Odinstaluj:
    HiJackThis (Version: 1.0.0)
    SpyHunter (Version: 4.12.13.4202)
    SpyHunter 4 (Version: 4.20.9.4533)

    Fixlist.txt dla FRST:
    Task: {02290A20-590E-4096-9D47-C9BB72F31963} - \497129ce-f0bf-4aef-bfcb-fdd34321bb62-3 No Task File
    Task: {3A1B57C2-223D-4372-9611-BFD5A0C5A3ED} - \497129ce-f0bf-4aef-bfcb-fdd34321bb62-4 No Task File
    Task: {4910A2F9-C5EF-49E6-864F-D51AA189D6A3} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-6 => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-6.exe
    Task: {57DEE637-35E4-4AAE-9595-21BDC814C451} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10_user => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10.exe
    Task: {8663C8A8-E7E5-4448-9BE0-B72AF62C759B} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-7 => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-7.exe
    Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {AAB70589-FC73-4C40-9122-6A9826A1483E} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-08-11] (Enigma Software Group USA, LLC.)
    Task: {CC519894-3417-47DF-9E02-7AF2F5660954} - System32\Tasks\avastBCLRestartS-1-5-21-475819803-870332510-1857090547-1000 => Firefox.exe
    Task: {DA1D58D6-389A-47EE-9452-502DE84DCF75} - System32\Tasks\Opera scheduled Autoupdate 1439214444 => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10_user.job => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (© 2015 Microsoft Corporation) C:\Users\hih\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKCU\...\Run: [BingSvc] - C:\Users\hih\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\Sonia\...\Run: [AdobeBridge] - [x]
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursites123.com/?type=hp&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com




    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yoursites123.com/?type=hp&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.yoursites123.com/web/?type=ds&...TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.yoursites123.com/web/?type=ds&...TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS&q={searchTerms}
    SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM - {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKCU - {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\phs9u7h5.default\extensions\defsearchp@gmail.com
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\phs9u7h5.default\extensions\deskCutv2@gmail.com
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\uib6avj2.default-1448441057705\extensions\default_newtabff@gmail.com
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\uib6avj2.default-1448441057705\extensions\yahooprotected@gmail.com
    FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [769920 2013-01-14] (Enigma Software Group USA, LLC.)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [x]
    S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [x]
    2015-12-10 11:23 - 2015-12-10 11:23 - 00000000 ____D C:\Users\hih\AppData\Roaming\eCyber
    2015-12-10 09:11 - 2015-12-10 09:12 - 00000000 ____D C:\ProgramData\HWdMH
    2015-12-10 09:10 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\iWdMi
    2015-11-14 23:28 - 2015-12-10 09:11 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-11-14 23:28 - 2015-12-10 09:10 - 00000000 ____D C:\ProgramData\gWMiniProg
    2015-11-14 23:28 - 2015-11-15 00:48 - 00000000 ____D C:\Users\hih\AppData\Roaming\istartsurf
    2015-11-14 23:27 - 2015-11-14 23:27 - 00958448 _____ (Prog soft ) C:\Users\hih\Downloads\JPEG-to-PDF-22953-dp.exe
    EmptyTemp:

    Po wykonaniu daj nowe logi z najnowszej wersji FRST.

    0
  • CControls
  • Pomocny post
    #4 12 Gru 2015 23:56
    Kolobos
    Spec od komputerów

    Dlaczego nie wykonales fixlist?

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {02290A20-590E-4096-9D47-C9BB72F31963} - \497129ce-f0bf-4aef-bfcb-fdd34321bb62-3 -> Brak pliku <==== UWAGA
    Task: {3A1B57C2-223D-4372-9611-BFD5A0C5A3ED} - \497129ce-f0bf-4aef-bfcb-fdd34321bb62-4 -> Brak pliku <==== UWAGA
    Task: {4910A2F9-C5EF-49E6-864F-D51AA189D6A3} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-6 => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-6.exe <==== UWAGA
    Task: {57DEE637-35E4-4AAE-9595-21BDC814C451} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10_user => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10.exe <==== UWAGA
    Task: {8663C8A8-E7E5-4448-9BE0-B72AF62C759B} - System32\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-7 => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-7.exe <==== UWAGA
    Task: {CC519894-3417-47DF-9E02-7AF2F5660954} - System32\Tasks\avastBCLRestartS-1-5-21-475819803-870332510-1857090547-1000 => Firefox.exe
    Task: {DA1D58D6-389A-47EE-9452-502DE84DCF75} - System32\Tasks\Opera scheduled Autoupdate 1439214444 => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10_user.job => C:\Program Files\SavePass 1.1\497129ce-f0bf-4aef-bfcb-fdd34321bb62-10.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\hih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\Users\hih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\Users\hih\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\Users\hih\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS <==== UWAGA
    AlternateDataStreams: C:\ProgramData\TEMP:FC420CE6
    (© 2015 Microsoft Corporation) C:\Users\hih\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKLM\...\Run: [eRecoveryService] => [X]
    HKLM\...\Run: [MSConfig] => C:\Windows\system32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation)
    HKU\S-1-5-21-475819803-870332510-1857090547-1006\...\Run: [BingSvc] => C:\Users\hih\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-475819803-870332510-1857090547-1006\...\MountPoints2: {1506a479-c0ec-11e4-bb78-001b38e3b546} - H:\Setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\S-1-5-21-475819803-870332510-1857090547-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    HKU\S-1-5-21-475819803-870332510-1857090547-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
    HKU\S-1-5-21-475819803-870332510-1857090547-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS&q={searchTerms}
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-475819803-870332510-1857090547-1006 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-475819803-870332510-1857090547-1006 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-475819803-870332510-1857090547-1006 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    Toolbar: HKLM - Brak nazwy - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Brak pliku
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\phs9u7h5.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\phs9u7h5.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\uib6avj2.default-1448441057705\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\hih\AppData\Roaming\Mozilla\Firefox\Profiles\uib6avj2.default-1448441057705\extensions\yahooprotected@gmail.com => nie znaleziono
    FF HKU\S-1-5-21-475819803-870332510-1857090547-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...mp;uid=TOSHIBAXMK1246GSX_485QFNQXSXX485QFNQXS
    CHR HKU\S-1-5-21-475819803-870332510-1857090547-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
    S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
    2015-12-10 11:23 - 2015-12-10 11:23 - 00000000 ____D C:\Users\hih\AppData\Roaming\eCyber
    2015-12-10 09:11 - 2015-12-10 09:12 - 00000000 ____D C:\ProgramData\HWdMH
    2015-12-10 09:10 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\iWdMi
    2015-11-19 19:55 - 2015-11-19 19:55 - 00000000 _____ C:\Windows\system32\REN5812.tmp
    2015-11-19 19:55 - 2015-11-19 19:55 - 00000000 _____ C:\Windows\system32\REN5811.tmp
    2015-11-14 23:28 - 2015-12-10 09:11 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-11-14 23:28 - 2015-12-10 09:10 - 00000000 ____D C:\ProgramData\gWMiniProg
    2015-11-14 23:28 - 2015-11-15 00:48 - 00000000 ____D C:\Users\hih\AppData\Roaming\istartsurf
    2015-11-14 23:27 - 2015-11-14 23:27 - 00958448 _____ (Prog soft ) C:\Users\hih\Downloads\JPEG-to-PDF-22953-dp.exe
    2015-09-17 21:00 - 2015-09-17 21:00 - 6420480 _____ () C:\Program Files\GUT448F.tmp
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 13 Gru 2015 00:17
    bubul222
    Poziom 9  

    Jesteś wielki ! :) dziekuję

    0