Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites 123 - usuwanie strony startowej

VicettiQ 14 Gru 2015 22:09 921 1
  • #2 14 Gru 2015 22:43
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    Task: {5690C0D8-E590-40B7-A3C2-0878563DE74A} - System32\Tasks\24seven_savings_notification_service => C:\Program Files (x86)\24Seven savings\24seven_savings_notification_service.exe [2015-04-07] (FileProperties_CompanyName) <==== UWAGA
    Task: {2A5E5D81-2C71-469A-8A23-D69783440E99} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-20] (globalUpdate) <==== UWAGA
    Task: {90EDC99D-9DC6-45C5-95A5-07919EEF5066} - System32\Tasks\24seven_savings_updating_service => C:\Program Files (x86)\24Seven savings\24seven_savings_updating_service.exe [2015-04-07] () <==== UWAGA
    Task: {91110735-68DF-4A1A-B9BC-DF51DC588D92} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-20] (globalUpdate) <==== UWAGA
    Task: {978313C2-3E83-4B86-8B13-81F830510F1C} - System32\Tasks\sun_king_notification_service => C:\Program Files (x86)\sun king\sun_king_notification_service.exe [2015-04-07] (FileProperties_CompanyName) <==== UWAGA
    Task: {C6FD4F46-81AE-4DE2-AFF3-4C2AD5ED8F1E} - System32\Tasks\sun_king_updating_service => C:\Program Files (x86)\sun king\sun_king_updating_service.exe <==== UWAGA
    Task: C:\windows\Tasks\24seven_savings_notification_service.job => C:\Program Files (x86)\24Seven savings\24seven_savings_notification_service.exeǫ/url='hxxp:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='24Seven savings' /appid='73143' /srcid='2913' /bic='4c4f4a99e0b8e382dffd845b0680e636' /verifier='25fed2d90fd8068643edbcc8b4a820c2' /installerversion='1.50.3.10' /statsdomain='hxxp:/stats.buildomserv.com/data.gif?' /errorsdomain='hxxp:/stats.buildomserv.com/data.gif?' /monetizationdomain='hxxp:/logs.buildomserv.com/monetization.gif <==== UWAGA
    Task: C:\windows\Tasks\24seven_savings_updating_service.job => C:\Program Files (x86)\24Seven savings\24seven_savings_updating_service.exe° /campid=2913 /verid=1 /url=hxxp:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=24seven_savings_updating_service /funurl=hxxp:/stats.buildomserv.com <==== UWAGA
    Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
    Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== UWAGA
    Task: C:\windows\Tasks\sun_king_notification_service.job => C:\Program Files (x86)\sun king\sun_king_notification_service.exeǤ/url='hxxp:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='sun king' /appid='73143' /srcid='2913' /bic='4c4f4a99e0b8e382dffd845b0680e636' /verifier='25fed2d90fd8068643edbcc8b4a820c2' /installerversion='1.50.3.10' /statsdomain='hxxp:/stats.buildomserv.com/data.gif?' /errorsdomain='hxxp:/stats.buildomserv.com/data.gif?' /monetizationdomain='hxxp:/logs.buildomserv.com/monetization.gif <==== UWAGA




    Task: C:\windows\Tasks\sun_king_updating_service.job => C:\Program Files (x86)\sun king\sun_king_updating_service.exe© /campid=2913 /verid=1 /url=hxxp:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=sun_king_updating_service /funurl=hxxp:/stats.buildomserv.com <==== UWAGA
    ShortcutWithArgument: C:\Users\Majkielek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.piesearch.com/?type=sc&ts=1443535299&uid=&pid=etc29 <==== UWAGA
    ShortcutWithArgument: C:\Users\Majkielek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.piesearch.com/?type=sc&ts=1443535299&uid=&pid=etc29 <==== UWAGA
    ShortcutWithArgument: C:\Users\Majkielek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204 <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204 <==== UWAGA
    (tsvr.com) C:\Users\Majkielek\AppData\Roaming\TSv\TSvr.exe
    (TFuns LIMITED) C:\ProgramData\XWdMX\WdMan.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    (Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    HKU\S-1-5-21-2296566967-4226886364-1317019350-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    HKU\S-1-5-21-2296566967-4226886364-1317019350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKU\S-1-5-21-2296566967-4226886364-1317019350-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...amp;uid=ST1000LM024XHN-M101MBB_S2RQJ9BD300204
    HKU\S-1-5-21-2296566967-4226886364-1317019350-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> DefaultScope {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...=ST1000LM024XHN-M101MBB_S2RQJ9BD300204&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> {5A879D0A-2E76-4C14-AE69-0CA40038BFD2} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: Brak nazwy -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Brak pliku
    BHO: Brak nazwy -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> Brak pliku
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2296566967-4226886364-1317019350-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Majkielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Majkielek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx <nie znaleziono>

    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-20] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-20] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WdMan; C:\ProgramData\XWdMX\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-14] (Sysinternals process Explorer) <==== UWAGA
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-14] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    S3 SBIOSIO; \??\C:\Windows\SysWOW64\sysprep\WinDiag\EXE\ClearPowerOn\SBIOSIO64.SYS [X]
    2015-12-14 21:02 - 2015-12-14 21:02 - 00000000 ____D C:\Users\Majkielek\AppData\Roaming\WinZipper
    2015-12-14 21:02 - 2015-12-14 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    2015-12-14 21:01 - 2015-12-14 21:03 - 00000000 ____D C:\ProgramData\XWdMX
    2015-12-14 20:59 - 2015-12-14 21:01 - 00000000 ____D C:\ProgramData\3WdM3
    2015-12-11 11:16 - 2015-12-11 11:17 - 00000000 ____D C:\ProgramData\vWdMv
    2015-12-14 21:04 - 2015-10-27 10:33 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-14 21:02 - 2014-12-10 11:29 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-12-14 21:01 - 2015-10-27 10:33 - 00000000 ____D C:\Users\Majkielek\AppData\Roaming\TSv
    2015-12-14 20:59 - 2015-10-27 10:33 - 00000000 ____D C:\ProgramData\HWMiniProH
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0