Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus yoursites123 - jak usunąć?

Patgon 30 Gru 2015 19:25 687 2
  • CControls
  • Pomocny post
    #2 30 Gru 2015 19:33
    Kolobos
    Spec od komputerów

    Odinstaluj: REACHit

    Fixlist.txt dla FRST:
    Task: {1244F688-F762-4EE6-9BC4-261F43CACC7A} - System32\Tasks\{AF059A6F-9908-424B-9C9D-CC28713B6DFB} => pcalua.exe -a C:\Users\Piotrek\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
    Task: {B1369A60-0741-4CD3-AEAB-A49962E69C04} - System32\Tasks\Opera scheduled Autoupdate 1444416537 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-07] (Opera Software)
    Task: {C088107E-F3C9-4C80-B601-FA1BFFBEFC54} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {DD832CFF-915F-4A91-8240-335D1BA16341} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {F5EF529D-7D41-4743-869F-BCC70D8B1841} - System32\Tasks\{EF9DE27A-90C3-4C7D-A71B-509973287513} => pcalua.exe -a "C:\drivers\WLAN Driver (Broadcom, Qualcomm)\Setup.exe" -d "C:\drivers\WLAN Driver (Broadcom, Qualcomm)"
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1386137172-1396506535-3104258125-1000\...\MountPoints2: {4e5e0bcc-6ad6-11e5-ab2a-806e6f6e6963} - D:\SETUP.EXE
    HKU\S-1-5-21-1386137172-1396506535-3104258125-1000\...\MountPoints2: {a825218e-76ed-11e5-9076-142d27fd0832} - E:\Startme.exe
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1...&uid=ST1000LM024XHN-M101MBB_S30YJ9CF835080&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1...&uid=ST1000LM024XHN-M101MBB_S30YJ9CF835080&q={searchTerms}
    CHR HKU\S-1-5-21-1386137172-1396506535-3104258125-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-12-30 18:42 - 2015-12-30 18:48 - 00000000 ____D C:\AdwCleaner
    2015-12-30 15:54 - 2015-12-30 17:54 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2015-12-24 11:33 - 2015-12-24 11:35 - 00000000 ____D C:\ProgramData\iWdMi
    2015-12-24 11:32 - 2015-12-24 11:33 - 00000000 ____D C:\ProgramData\pWdMp
    2015-12-24 11:32 - 2015-12-24 11:32 - 02770377 _____ (iBank) C:\Program Files (x86)\SSFK.exe
    2015-12-09 08:45 - 2015-12-09 08:46 - 00000000 ____D C:\ProgramData\4WdM4
    2015-12-09 08:44 - 2015-12-09 08:45 - 00000000 ____D C:\ProgramData\9WdM9
    C:\Users\Piotrek\setup.exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • #3 30 Gru 2015 19:49
    Patgon
    Poziom 2  

    Bardzo dziękuję

    0