Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

yoursites - uciazliwa wyszukiwarka

lukas100as 18 Mar 2016 19:17 342 1
  • CControls
  • #2 18 Mar 2016 19:30
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:
    ShortcutWithArgument: C:\Documents and Settings\Dominikk\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=14...5203&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    ShortcutWithArgument: C:\Documents and Settings\Dominikk\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Uruchom przeglądarkę Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=14...5203&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...0314&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...0314&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}




    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...0314&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}
    HKU\S-1-5-21-1229272821-2147086677-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...0314&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C
    URLSearchHook: HKU\S-1-5-21-1229272821-2147086677-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1229272821-2147086677-682003330-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1229272821-2147086677-682003330-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}
    CHR HomePage: Default -> hxxp://www.msn.com/pl-pl/?pc=__PARAM__&ocid=__PARAM__DHP
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1458323844&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm0314&uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C"
    CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3160215AS_6RA3PM5CXXXX6RA3PM5C&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    S3 catchme; \??\C:\DOCUME~1\Dominikk\USTAWI~1\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\DOCUME~1\Dominikk\USTAWI~1\Temp\cpuz134\cpuz134_x32.sys [X]
    S4 IntelIde; Brak ImagePath
    2016-03-18 19:07 - 2016-03-18 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\7WdM7
    2016-03-18 19:02 - 2016-03-18 19:02 - 02048349 _____ (Update) C:\WINDOWS\system32\pl4.exe
    2016-03-18 18:58 - 2016-03-18 18:58 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\1WdM1
    2016-03-18 18:57 - 2016-03-18 19:04 - 00000633 _____ C:\yoursites123.xml
    2016-03-18 18:53 - 2016-03-18 18:59 - 00000000 __SHD C:\RECYCLER(3)
    2016-03-18 18:51 - 2016-03-18 18:59 - 00000000 ____D C:\RECYCLER(2)
    2016-03-18 18:23 - 2016-03-18 18:23 - 00008113 _____ C:\ComboFix.txt
    2016-03-17 14:13 - 2016-03-18 19:07 - 00000146 _____ C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2016-03-17 14:13 - 2016-03-18 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\2WdM2
    2016-03-17 14:08 - 2016-03-18 19:02 - 00000000 ____D C:\WINDOWS\system32\_tWm
    2016-03-18 19:04 - 2015-09-22 12:44 - 00000000 ____D C:\Documents and Settings\Dominikk\Dane aplikacji\TSv
    2016-03-18 14:00 - 2015-02-19 09:03 - 00000468 _____ C:\WINDOWS\Tasks\At4.job
    2016-03-18 13:48 - 2006-03-02 13:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
    2016-03-15 10:10 - 2015-02-19 09:03 - 00000468 _____ C:\WINDOWS\Tasks\At1.job
    2016-03-13 09:03 - 2015-02-19 09:03 - 00000468 _____ C:\WINDOWS\Tasks\At3.job
    2016-03-10 15:41 - 2014-12-13 04:44 - 00000188 ___SH C:\Documents and Settings\Dominikk\ntuser.ini
    2016-03-08 20:40 - 2015-02-19 09:03 - 00000468 _____ C:\WINDOWS\Tasks\At2.job
    2015-02-20 09:49 - 2016-02-06 17:59 - 0013824 _____ () C:\Documents and Settings\Dominikk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-19 09:03 - 2015-02-19 09:03 - 0000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini
    2015-02-19 09:41 - 2015-02-19 09:44 - 0000372 _____ () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
    2016-03-17 14:13 - 2016-03-18 19:07 - 0000146 _____ () C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Documents and Settings\Dominikk\Moje dokumenty\Downloads\FRST (1).exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0