90Michał90 utworzono 6 stycznia 2016 utworzono 6 stycznia 2016 Witam, Proszę o pomoc w walce z tym złośliwcem, nie daje mi spokoju. W załączeniu pliki. Z góry wielkie dzięki! :) Pozdrawiam, Michał
Twój_Anioł_Stróż komentarz 6 stycznia 2016 komentarz 6 stycznia 2016 (edytowane) Otwórz Notatnik i wklej w nim: DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software ShortcutWithArgument: C:\Users\User\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1419941414&from=cor&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy?click_id=tBtDzzzyzzyEyEtCzz0E0CyE0AyB0DyE2RtBtDtCyCtDtCtDyCtBtDyDtDyEzyzyyEzz ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450957895&z=a9eb44caccae25298f3cc9fg3zfweectew5mbbdtbq&from=wpm07173&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW 2015-12-10 08:46 - 2015-11-09 18:18 - 00000000 ____D C:\ProgramData\yWMiniProy 2015-12-10 10:15 - 2015-12-10 10:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Picexa Viewer 2015-12-10 08:48 - 2015-12-10 10:16 - 00000000 ____D C:\ProgramData\4WdM4 2015-12-10 08:46 - 2015-12-10 08:47 - 00000000 ____D C:\ProgramData\JWdMJ 2015-12-24 12:53 - 2015-12-24 12:53 - 00000000 ____D C:\Users\User\AppData\Roaming\WinZipper 2015-12-24 12:53 - 2015-12-24 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper 2015-12-24 12:52 - 2015-12-24 12:52 - 00000000 ____D C:\ProgramData\lWdMl 2015-12-24 12:51 - 2015-12-24 12:51 - 00000000 ____D C:\ProgramData\2WdM2 2015-12-24 14:50 - 2015-12-24 14:50 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-12-24 14:48 - 2015-12-24 14:48 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Desktop\SpyHunter-Installer.exe 2016-01-01 17:55 - 2016-01-01 17:55 - 00000000 ____D C:\Users\User\AppData\Roaming\eCyber 2016-01-06 17:30 - 2016-01-06 17:30 - 00951208 _____ (Installer program ) C:\Users\User\Desktop\CCleaner-13061-dp.exe S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] () CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW" FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml [2014-12-30] Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku HKU\S-1-5-21-2694774763-421189476-678000561-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW HKU\S-1-5-21-2694774763-421189476-678000561-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW&q={searchTerms} SearchScopes: HKU\S-1-5-21-2694774763-421189476-678000561-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW&q={searchTerms} SearchScopes: HKU\S-1-5-21-2694774763-421189476-678000561-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW&q={searchTerms} HKU\S-1-5-21-2694774763-421189476-678000561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW&q={searchTerms} HKU\S-1-5-21-2694774763-421189476-678000561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449733613&z=b3d1068bda879db7edb5ec5g0z0zetfm9c3cfqbg1o&from=ient07021&uid=ST500LT012-9WS142_S0V4FFYWXXXXS0V4FFYW GroupPolicy: Ograniczenia - Chrome <======= UWAGA GroupPolicy-x32: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2694774763-421189476-678000561-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA Task: {A2F2D12A-E431-4CA5-8E62-7B11FF8A37F7} - System32\Tasks\{8D63D098-511E-4D34-B144-7E4D9BA2885D} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA Task: {F1DAB039-7111-4400-8C3A-FC7DF6250723} - System32\Tasks\Yahoo! Search Udpater => C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe <==== UWAGA C:\Users\User\AppData\Local\Pay-By-Ads FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nrseztux.default\extensions\faststartff@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nrseztux.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nrseztux.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nrseztux.default\extensions\default_newtabff@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nrseztux.default\extensions\yahooprotected@gmail.com => nie znaleziono ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => Brak pliku ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => Brak pliku EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
90Michał90 komentarz 6 stycznia 2016 Autor komentarz 6 stycznia 2016 Piękna sprawa! Dziękuję za pomoc Twój_Anioł_Stróż :)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.