landbartek utworzono 12 grudnia 2015 utworzono 12 grudnia 2015 adwcleaner ani avast tego nie wykrywają. Użyłem FRST , ale nie wiem jak użyć tych plików. Proszę o pomoc.
Twój_Anioł_Stróż komentarz 12 grudnia 2015 komentarz 12 grudnia 2015 (edytowane) Otwórz Notatnik i wklej w nim: Task: {946C2814-EC69-44ED-919C-8AD4EFCB79DE} - System32\Tasks\{646D58A8-80E8-49D7-9A3B-0D86BD3CC546} => pcalua.exe -a E:\autorun.exe -d E:\ ShortcutWithArgument: C:\Users\Bartek\Desktop\Start Tor Browser.lnk -> C:\Users\Bartek\Desktop\Nowy folder\Tor Browser\Browser\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA C:\Users\Bartek\AppData\Roaming\TSv C:\Program Files (x86)\SFK C:\ProgramData\7WdM7 HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1942698258-3291123827-989924534-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Bartek\AppData\Local\Akamai\netsession_win.exe" C:\Users\Bartek\AppData\Local\Akamai\netsession_win.exe ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Brak pliku) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} HKU\S-1-5-21-1942698258-3291123827-989924534-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT HKU\S-1-5-21-1942698258-3291123827-989924534-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> {1DA3C75E-E322-4459-85F5-28FE8C70BC72} URL = SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT" StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT R2 IhPul; C:\Users\Bartek\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 WdMan; C:\ProgramData\7WdM7\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc [X] S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc [X] S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] 2015-12-11 23:10 - 2015-12-11 23:10 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\eCyber C:\Windows\Minidump\*.dmp 2015-12-11 22:51 - 2015-12-11 23:09 - 00000000 ____D C:\Program Files (x86)\SFK 2015-12-11 22:51 - 2015-12-11 23:08 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-12-11 22:51 - 2015-12-11 22:52 - 00000000 ____D C:\ProgramData\7WdM7 2015-12-02 22:49 - 2015-12-02 22:49 - 00000000 _____ C:\Windows\SysWOW64\pl6.exe 2015-12-11 22:51 - 2015-10-08 17:01 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\TSv 2015-12-11 22:51 - 2015-08-28 19:36 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.