Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 - - usunięcie prośba o pomoc

rysiu_pl 14 Gru 2015 18:22 456 1
  • CControls
  • #2 14 Gru 2015 23:53
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {57CDE1A8-043A-4586-9296-5E8F245B567A} - System32\Tasks\{48A517CE-BC89-4144-883F-BE2788CAE4F6} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-07-16] (pdfforge GmbH)
    Task: {7F4299C9-8354-4AF9-AFB2-01BA850C95BF} - System32\Tasks\Opera scheduled Autoupdate 1446019232 => C:\Program Files (x86)\Opera\launcher.exe
    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA




    ShortcutWithArgument: C:\Users\Symon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK <==== UWAGA
    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
    () C:\Program Files (x86)\RayDld\ihpmServer.exe
    (tsvr.com) C:\Users\Symon\AppData\Roaming\TSv\TSvr.exe
    (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TFuns LIMITED) C:\ProgramData\lWdMl\WdMan.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-10-30] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655936 2013-10-28] (Filefacts.net)
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {03cd32e0-848f-11e0-b58d-485b395fd21b} - F:\Setup.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {0be78415-508d-11e5-b859-485b395fd21b} - I:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {555c55d3-ece4-11e0-9c0f-485b395fd21b} - G:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {5bc51e2d-c0fb-11e0-be52-485b395fd21b} - G:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {81d86c9d-59e4-11e2-a6df-00a0c6000000} - G:\Windows/Autorun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {d3a214fc-1be6-11e4-a6f0-485b395fd21b} - H:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {d3a2150d-1be6-11e4-a6f0-485b395fd21b} - H:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {e9533eac-c0f8-11e0-84dc-485b395fd21b} - G:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {e9533ec7-c0f8-11e0-84dc-485b395fd21b} - G:\AutoRun.exe
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\...\MountPoints2: {ed68c2f2-9b61-11e4-939b-485b395fd21b} - H:\AutoRun.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...p;uid=st9500325as_5vealsskxxxx5vealssk&q={searchTerms}
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    HKU\S-1-5-21-3229609731-930157721-2003629928-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&a...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    FF SelectedSearchEngine: yoursites123
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Symon\AppData\Roaming\Mozilla\Firefox\Profiles\771jgm53.default-1434399526970\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Symon\AppData\Roaming\Mozilla\Firefox\Profiles\771jgm53.default-1434399526970\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Symon\AppData\Roaming\Mozilla\Firefox\Profiles\771jgm53.default-1434399526970\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Symon\AppData\Roaming\Mozilla\Firefox\Profiles\771jgm53.default-1434399526970\extensions\yahooprotected@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449646778&z=3795cdf2ef5ffa8881c50b6g5zfz5t8q0zbq0m2b9q&from=ient07021&uid=ST9500325AS_5VEALSSKXXXX5VEALSSK"
    CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx <nie znaleziono>
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271592 2015-11-03] ()
    R2 IhPul; C:\Users\Symon\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    R2 WdMan; C:\ProgramData\lWdMl\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [X]
    S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-14] ()
    U3 adckxqoh; C:\Windows\System32\Drivers\adckxqoh.sys [0 ] (JMicron Technology Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 af7bxt7o; Brak ImagePath
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    U3 tmlwf; Brak ImagePath
    U3 tmwfp; Brak ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2015-12-14 16:42 - 2015-12-14 16:42 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-14 16:41 - 2015-12-14 16:41 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Symon\Downloads\SpyHunter-Installer(1).exe
    2015-12-11 15:36 - 2015-12-11 15:36 - 00000000 __SHD C:\found.000
    2015-12-09 08:40 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-09 08:40 - 2015-12-09 08:41 - 00000000 ____D C:\ProgramData\lWdMl
    2015-12-09 08:40 - 2015-12-09 08:40 - 00000000 ____D C:\Users\Symon\AppData\Roaming\TSv
    2015-12-09 08:39 - 2015-12-09 08:39 - 00000000 ____D C:\ProgramData\iWdMi
    2015-12-09 08:39 - 2015-10-28 09:00 - 00000000 ____D C:\ProgramData\MWMiniProM
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0