Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

yoursites123 - Jak usunąć?

Norbert64 08 Sty 2016 16:19 1167 3
  • CControls
  • Pomocny post
    #2 08 Sty 2016 16:49
    krzychupar
    Poziom 40  

    Przeskanuj komputer tym https://toolslib.net/downloads/viewdownload/1-adwcleaner/ (skanuj-usuń)
    Otwórz notatnik systemowy i wklej:
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    (tsvr.com) C:\Users\expert\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Windows\Temp\_avast_\unp134094572.tmp
    (TODO: <公司名>) C:\Windows\Temp\_avast_\unp134094572.tmp
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\CurrentVersion\Windows: [Load] C:\Users\expert\LOCALS~1\Temp\ccalwm.exe <===== UWAGA
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: G - G:\AutoRun.exe




    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {019991a4-f367-11e1-833b-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {1b15f090-3011-11e2-b1d3-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {1b15f095-3011-11e2-b1d3-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {3d441fcb-5018-11e2-ac39-001e101fa1f5} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {4f2c6c17-b216-11e5-944f-bcaec564cb2b} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {50e497fd-f37f-11e1-a23b-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {8749f390-f697-11e0-9bc2-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {87a11e4f-f5a1-11e1-8372-001e101f1ed9} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {8e0caa26-af16-11e5-917d-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {8e0caa2b-af16-11e5-917d-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {92bd3843-f368-11e1-bbcd-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {9c02bffd-bbfc-11e4-963a-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {baf15c8c-daad-11e0-8fa2-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {baf15c9e-daad-11e0-8fa2-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {e4d6cd37-eb34-11e0-b1f6-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {e54e568f-ec1a-11e0-874f-e0b9a52f7ca6} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\MountPoints2: {f215d576-001c-11e3-8840-001e101faa49} - F:\AutoRun.exe
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    R2 IhPul; C:\Users\expert\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R1 {8aefbcaf-640f-4dca-9a92-ed05ee387238}w64; C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys [48776 2014-12-21] (StdLib)
    S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    2016-01-08 11:34 - 2016-01-08 15:00 - 00000000 ____D C:\Program Files (x86)\SFK
    2016-01-08 11:34 - 2016-01-08 11:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-01-08 11:34 - 2016-01-08 11:34 - 00000000 ____D C:\Users\expert\AppData\Roaming\WinZipper
    2016-01-08 11:34 - 2016-01-08 11:34 - 00000000 ____D C:\Users\expert\AppData\Roaming\TSv
    2016-01-08 11:33 - 2016-01-08 11:34 - 00000000 ____D C:\ProgramData\aWdMa
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • Pomocny post
    #3 08 Sty 2016 16:57
    Acorus 20
    Spec od komputerów

    Odinstaluj ASUS WebStorage. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {99917B16-0CC1-4A54-B36B-3260D3B74FDC} - System32\Tasks\{BC853196-D88A-40A6-B0F2-CDED04310E74} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.114/pl/abandoninstall?page=tsMain
    Task: {F545F45E-4A54-4C71-85A5-009E591366B3} - System32\Tasks\{E4B08FC5-7356-467F-8A40-49B67A83CD96} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.114/pl/abandoninstall?page=tsProgressBar
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    ShortcutWithArgument: C:\Users\expert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-08-17] (ecareme)
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\...\CurrentVersion\Windows: [Load] C:\Users\expert\LOCALS~1\Temp\ccalwm.exe <===== UWAGA
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...d=WDCXWD5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958
    HKU\S-1-5-21-1054956784-3089589168-1226077571-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...D5000BPVT-80HXZT1_WD-WXD1EC0HE958HE958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-1054956784-3089589168-1226077571-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    R2 IhPul; C:\Users\expert\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R1 {8aefbcaf-640f-4dca-9a92-ed05ee387238}w64; C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys [48776 2014-12-21] (StdLib)
    S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    2016-01-08 11:34 - 2016-01-08 15:00 - 00000000 ____D C:\Program Files (x86)\SFK
    2016-01-08 11:34 - 2016-01-08 11:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-01-08 11:34 - 2016-01-08 11:34 - 00000000 ____D C:\Users\expert\AppData\Roaming\WinZipper
    2016-01-08 11:34 - 2016-01-08 11:34 - 00000000 ____D C:\Users\expert\AppData\Roaming\TSv
    2016-01-08 11:33 - 2016-01-08 11:34 - 00000000 ____D C:\ProgramData\aWdMa
    2015-12-14 12:36 - 2016-01-08 11:33 - 00000000 ____D C:\ProgramData\Tmp0x0x
    2015-12-14 12:36 - 2015-12-14 13:05 - 00000000 ____D C:\Users\expert\AppData\Roaming\istartpageing
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #4 08 Sty 2016 17:10
    Norbert64
    Poziom 2  

    Postępowałem zgodnie z Państwa instrukcjami, pomogło!

    Ogromnie Panom dziękuję!

    0