x-kom hosting

prośba o pomoc - usunięcie yoursites123

robusr
utworzono
utworzono

Witam

Przyczepił się domojego kompa yoursite3123 inie mogę sie go pozbyć.

W załączeniu pliki.

Z góry dziekuje za pomoc

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Odinstaluj ten program:

istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== UWAGA

 

2) Otwórz Notatnik i wklej w nim:

Task: {4DCDF719-FF1D-4E94-A099-229AC994E0C0} - \Plus-HD-7.6-enabler -> Brak pliku <==== UWAGA
Task: {51F808E8-E449-4CA8-A281-8042FA19F170} - System32\Tasks\{A03A07A3-B7C3-4CF4-9107-4CECA4ADCA3F} => pcalua.exe -a D:\_autorun\autorun.exe -d D:\_autorun
Task: {57B4F6B6-B8E3-45E5-AF14-5097FC0978CA} - \Plus-HD-7.6-codedownloader -> Brak pliku <==== UWAGA
Task: {7C7CDD4B-DB72-4EEB-8052-A62F03D55725} - \Plus-HD-7.6-firefoxinstaller -> Brak pliku <==== UWAGA
Task: {9A6B0759-E4CA-424E-976C-B004CF03DF3C} - \Plus-HD-7.6-updater -> Brak pliku <==== UWAGA
Task: {AE1F7319-F665-485E-85AE-BB70BDFB0286} - System32\Tasks\{BE939F04-288A-45BB-A331-CBBBD66B2DFF} => pcalua.exe -a G:\KCZ.EXE -d G:\
Task: {B7516E42-A2E9-4EDD-BA13-220B1E7D007B} - System32\Tasks\{BE6A8EB7-B32E-4873-8FE0-3046389CC6C7} => pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=n /ic=1
Task: {D5680178-10D1-42A2-913F-BF9B62A6B7BE} - \Plus-HD-7.6-validator -> Brak pliku <==== UWAGA
ShortcutWithArgument: C:\Users\Robert\Desktop\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-24685d4d" <==== UWAGA
ShortcutWithArgument: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\Robert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-24685d4d" <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=15007&utm_medium=desktop&x-pos=Metro <==== UWAGA
C:\Users\Robert\AppData\Roaming\TSv
C:\ProgramData\5WdM5
C:\ProgramData\ZWMiniProZ
HKLM-x32\...\Run: [fst_pl_171] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1407402158&from=cor&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
HKU\S-1-5-21-1745024165-3064892007-4090672041-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0Bzy0F0D0E0EtCzz0EzytN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyB0E0B0EyEzytGtAzz0EyEtGtA0DyDyBtGyBzyzy0AtGzz0CtCtDyBzz0CyDzztDyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByE0Fzy0E0FtCtGzzzz0EyEtGyEzzyByEtGzy0E0D0BtG0FtA0Fzy0DtBtAyDyEtA0D0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1439550801%26a%3Dwncy_ir_15_24%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1745024165-3064892007-4090672041-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1449066035&z=9c700e2bd561877e009cd77g7z1z8t1efq1q0e8c3w&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
BHO-x32: BrowseSmart -> {4c06cc5b-59cb-4063-8ddb-6452de2c5617} -> C:\Program Files (x86)\BrowseSmart\BrowseSmartBHO.dll => Brak pliku
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: yoursites123
FF SelectedSearchEngine: yoursites123
FF Homepage: hxxp://www.yoursites123.com/?type=hp&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Brak pliku]
FF SearchPlugin: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1745024165-3064892007-4090672041-1001\FireFox\searchplugins\omniboxes.xml [2015-12-02]
FF SearchPlugin: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1745024165-3064892007-4090672041-1001\FireFox\searchplugins\yoursites123.xml [2015-12-11]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449849387&z=5c0cac3041964d18c5ba13eg5z5z2teb2z5t3cfbab&from=ient07021&uid=ST1000DM003-1CH162_Z1D66DNFXXXXZ1D66DNF
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-07] () [Brak podpisu cyfrowego]
R2 IhPul; C:\Users\Robert\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
C:\ProgramData\IePluginServices
R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
R2 WdsManPro; C:\ProgramData\ZWMiniProZ\WMiniPro.exe [302592 2015-11-30] (DTools LIMITED) [Brak podpisu cyfrowego]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-12-11 16:57 - 2015-12-11 22:52 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-12-11 16:57 - 2015-12-11 16:58 - 00000000 ____D C:\ProgramData\5WdM5
2015-12-11 16:57 - 2015-10-27 04:49 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-26 17:18 - 2015-10-27 04:49 - 00000000 ____D C:\ProgramData\9WMiniPro9
2015-11-26 17:18 - 2015-10-08 16:20 - 00000000 ____D C:\Program Files (x86)\SFK
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.
robusr
komentarz
komentarz

Dzkięki, yoursites usunięty

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.