Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o pomoc w usunięciu Yoursites123.

e-lektron1 14 Gru 2015 18:40 555 3
  • #2 14 Gru 2015 19:09
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Agnieszka\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA




    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Users\Agnieszka\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Murder Files.lnk -> C:\Users\Agnieszka\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Program uruchamiający aplikacje Chrome.lnk -> C:\Users\Agnieszka\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ <==== UWAGA
    URLSearchHook: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001 - (Brak nazwy) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-3671366829-3553172144-3072601453-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => nie znaleziono
    F HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\deskCutv2@gmail.com => nie znaleziono
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450110467&z=de3c3e7ecec6c35402d663cg3z4wae7g5g7e4zdq2b&from=wpm07173&uid=ST9500420AS_5VJ9DKCQXXXX5VJ9DKCQ"
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    R2 WdMan; C:\ProgramData\OWdMO\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [X]
    R2 IhPul; Brak ImagePath
    U3 a9xqx66q; C:\Windows\System32\Drivers\a9xqx66q.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    2015-12-14 17:28 - 2015-12-14 17:29 - 00000000 ____D C:\ProgramData\OWdMO
    2015-12-14 17:27 - 2015-12-14 17:28 - 00000000 ____D C:\ProgramData\yWdMy
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat



    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 14 Gru 2015 19:21
    e-lektron1
    Poziom 2  

    Bardzo dziękuję za pomoc! :D

    0
  • #4 14 Gru 2015 19:23
    Kolobos
    Spec od komputerów

    @krzychupar takie sprawdzanie nie ma sensu, kazdy fix trzeba i tak poprawiac. Pomijasz ciagle te same wpisy. Czesci w ogole nie sprawdzasz.
    Do tego ignorujesz to co sie do Ciebie pisze, juz pare razy zwracalem Ci uwage i efektow brak.

    Tym razem tyle pominales:
    (tsvr.com) C:\Users\Agnieszka\AppData\Roaming\TSv\TSvr.exe
    (TFuns LIMITED) C:\ProgramData\OWdMO\WdMan.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    HKU\S-1-5-21-3671366829-3553172144-3072601453-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-3671366829-3553172144-3072601453-1001\...\MountPoints2: {3990e6c0-caaf-11e0-a4a0-806e6f6e6963} - F:\Todo_Office_Professional_Plus_2010_VL.exe
    FF Extension: Default NewTab - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\default_newtabff@gmail.com [2015-12-14] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\yahooprotected@gmail.com [2015-12-14] [Brak podpisu cyfrowego]
    FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{fc533ace-eced-4d32-a36d-9bc5c8d87802} [2015-06-08] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\default_newtabff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\puswqrda.default\extensions\yahooprotected@gmail.com
    [Brak podpisu cyfrowego]
    S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [X]
    R2 IhPul; Brak ImagePath
    2015-12-14 17:29 - 2015-12-14 17:41 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-12-14 17:29 - 2015-12-14 17:29 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-14 17:28 - 2015-12-14 17:28 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\TSv2015-11-23 19:53 - 2015-12-14 17:28 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-11-23 19:53 - 2015-12-14 17:27 - 00000000 ____D C:\ProgramData\WWMiniProW
    2015-11-23 19:52 - 2015-11-23 19:54 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\istartsurf
    2015-11-23 19:52 - 2015-11-23 19:52 - 00003270 _____ C:\Windows\System32\Tasks\Opera N Sunday
    2015-11-23 19:52 - 2015-11-23 19:52 - 00003270 _____ C:\Windows\System32\Tasks\Opera N Saturday
    2013-07-13 12:06 - 2013-07-13 12:06 - 4188160 _____ () C:\Program Files (x86)\GUT280A.tmp

    @e-lektron1 dodaj do fixlist.txt to co podalem.

    0