robusr utworzono 11 grudnia 2015 utworzono 11 grudnia 2015 Witam Przyczepił się domojego kompa yoursite3123 inie mogę sie go pozbyć. W załączeniu pliki. Z góry dziekuje za pomoc
Twój_Anioł_Stróż komentarz 11 grudnia 2015 komentarz 11 grudnia 2015 (edytowane) 1) Odinstaluj ten program: istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== UWAGA 2) Otwórz Notatnik i wklej w nim: Task: {4DCDF719-FF1D-4E94-A099-229AC994E0C0} - \Plus-HD-7.6-enabler -> Brak pliku <==== UWAGA Task: {51F808E8-E449-4CA8-A281-8042FA19F170} - System32\Tasks\{A03A07A3-B7C3-4CF4-9107-4CECA4ADCA3F} => pcalua.exe -a D:\_autorun\autorun.exe -d D:\_autorun Task: {57B4F6B6-B8E3-45E5-AF14-5097FC0978CA} - \Plus-HD-7.6-codedownloader -> Brak pliku <==== UWAGA Task: {7C7CDD4B-DB72-4EEB-8052-A62F03D55725} - \Plus-HD-7.6-firefoxinstaller -> Brak pliku <==== UWAGA Task: {9A6B0759-E4CA-424E-976C-B004CF03DF3C} - \Plus-HD-7.6-updater -> Brak pliku <==== UWAGA Task: {AE1F7319-F665-485E-85AE-BB70BDFB0286} - System32\Tasks\{BE939F04-288A-45BB-A331-CBBBD66B2DFF} => pcalua.exe -a G:\KCZ.EXE -d G:\ Task: {B7516E42-A2E9-4EDD-BA13-220B1E7D007B} - System32\Tasks\{BE6A8EB7-B32E-4873-8FE0-3046389CC6C7} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=n /ic=1 Task: {D5680178-10D1-42A2-913F-BF9B62A6B7BE} - \Plus-HD-7.6-validator -> Brak pliku <==== UWAGA ShortcutWithArgument: C:\Users\Robert\Desktop\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-24685d4d" <==== UWAGA ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-24685d4d" <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=15007&utm_medium=desktop&x-pos=Metro <==== UWAGA C:\Users\Robert\AppData\Roaming\TSv C:\ProgramData\5WdM5 C:\ProgramData\ZWMiniProZ HKLM-x32\...\Run: [fst_pl_171] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} BHO-x32: BrowseSmart -> {4c06cc5b-59cb-4063-8ddb-6452de2c5617} -> C:\Program Files (x86)\BrowseSmart\BrowseSmartBHO.dll => Brak pliku FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: yoursites123 FF SelectedSearchEngine: yoursites123 FF Homepage: hxxp://www.yoursites123.com/?type=hp&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Brak pliku] FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku] FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Brak pliku] FF SearchPlugin: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1745024165-3064892007-4090672041-1001\FireFox\searchplugins\omniboxes.xml [2015-12-02] FF SearchPlugin: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1745024165-3064892007-4090672041-1001\FireFox\searchplugins\yoursites123.xml [2015-12-11] StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF" CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-07] () [Brak podpisu cyfrowego] R2 IhPul; C:\Users\Robert\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) C:\ProgramData\IePluginServices R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R2 WdsManPro; C:\ProgramData\ZWMiniProZ\WMiniPro.exe [302592 2015-11-30] (DTools LIMITED) [Brak podpisu cyfrowego] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] 2015-12-11 16:57 - 2015-12-11 22:52 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-12-11 16:57 - 2015-12-11 16:58 - 00000000 ____D C:\ProgramData\5WdM5 2015-12-11 16:57 - 2015-10-27 04:49 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-26 17:18 - 2015-10-27 04:49 - 00000000 ____D C:\ProgramData\9WMiniPro9 2015-11-26 17:18 - 2015-10-08 16:20 - 00000000 ____D C:\Program Files (x86)\SFK EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.