Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 - po raz enty :|

Procederxxl 20 Gru 2015 22:07 591 2
  • CControls
  • Pomocny post
    #2 21 Gru 2015 01:16
    toska78
    Poziom 15  

    Otwórz notatnik systemowy i wklej poniższe:

    Cytat:

    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-3268231337-3633549296-865315795-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> D:\Users\Browar001\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    Task: {6D0AC628-946C-41F4-8243-5F742EB776D3} - System32\Tasks\{4D99F030-F6CD-438C-8FD7-B2F5E263302E} => pcalua.exe -a D:\Users\Browar001\Desktop\Vista32-64-XP_ver.6.21.70.004\2ksetup.exe -d D:\Users\Browar001\Desktop\Vista32-64-XP_ver.6.21.70.004
    ShortcutWithArgument: D:\Users\Browar001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    ShortcutWithArgument: D:\Users\Browar001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    ShortcutWithArgument: D:\Users\Browar001\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    ShortcutWithArgument: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    ShortcutWithArgument: D:\Users\Public\Desktop\Google Chrome.lnk -> D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX




    AppInit_DLLs: D:\PROGRA~1\SupTab\SEARCH~1.DLL => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=139...achiXHTS543225L9A300_090506FB2F06LLEVZ1NCX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=14501...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=139...achiXHTS543225L9A300_090506FB2F06LLEVZ1NCX&q={searchTerms}
    HKU\S-1-5-21-3268231337-3633549296-865315795-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1...achiXHTS543225L9A300_090506FB2F06LLEVZ1NCX&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=139...achiXHTS543225L9A300_090506FB2F06LLEVZ1NCX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=139...achiXHTS543225L9A300_090506FB2F06LLEVZ1NCX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3268231337-3633549296-865315795-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> D:\Users\Browar001\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - D:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446274...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&t...HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX
    FF SelectedSearchEngine: yoursites123
    FF SearchPlugin: D:\Users\Browar001\AppData\Roaming\Mozilla\Firefox\Profiles\opskpxud.default-1449999578873\searchplugins\yoursites123.xml [2015-12-14]
    FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - D:\Users\Browar001\AppData\Roaming\Mozilla\Firefox\Profiles\bn3rdh4j.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - D:\Users\Browar001\AppData\Roaming\Mozilla\Firefox\Profiles\bn3rdh4j.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - D:\Users\Browar001\AppData\Roaming\Mozilla\Firefox\Profiles\opskpxud.default-1449999578873\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - D:\Users\Browar001\AppData\Roaming\Mozilla\Firefox\Profiles\opskpxud.default-1449999578873\extensions\yahooprotected@gmail.com => nie znaleziono
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450127905&z=e96a56f02d34d06a79e8725g9zaw0eeg0o8m9tce1c&from=wpm07173&uid=HitachiXHTS543225L9A300_090506FB2F06LLEVZ1NCX"
    R2 WdMan; D:\ProgramData\gWdMg\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 Update BrowseMark; "D:\Program Files\BrowseMark\updateBrowseMark.exe" [X]
    S2 Update ClearThink; "D:\Program Files\ClearThink\updateClearThink.exe" [X]
    S3 EsgScanner; D:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-12-14] ()
    R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; D:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [39056 2014-09-19] (StdLib)
    2015-12-14 22:53 - 2015-12-14 22:53 - 00019984 _____ D:\Windows\system32\Drivers\EsgScanner.sys
    D:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys
    2015-12-15 19:57 - 2015-12-15 19:57 - 00000001 _____ D:\Windows\system32\pl.html
    2015-12-14 22:19 - 2015-12-14 22:20 - 00000000 ____D D:\ProgramData\gWdMg
    2015-12-14 22:18 - 2015-12-14 22:18 - 00000000 ____D D:\ProgramData\2WdM2
    2015-10-31 07:55 - 2015-12-14 22:19 - 0000074 _____ () D:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-15 21:50 - 2014-04-12 22:23 - 00000000 ____D D:\Users\Browar001\AppData\Roaming\SupTab
    2015-12-15 21:50 - 2014-04-12 22:23 - 00000000 ____D D:\Program Files\SupTab
    2015-12-14 22:18 - 2015-10-31 07:55 - 00000000 ____D D:\ProgramData\pWMiniProp
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller" /f
    DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
    EmptyTemp:


    Plik zapisz jako fixlist.txt i umieść obok FRST (w tym samym folderze). Uruchom FRST i kliknij w Napraw.

    0
  • CControls
  • #3 21 Gru 2015 07:55
    Procederxxl
    Poziom 2  

    Dziękuję za szybką odpowiedź i fachową pomoc. Yoursites123 usunięty. Można zamknąć.
    Yoursites123 - po raz enty :|

    0