Skocz do zawartości

Mylucky123 we wszystkich przeglądarkach


tanne

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Działania do przeprowadzenia:

 

1. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
FF Homepage: Mozilla\Firefox\Profiles\nvk4ix4a.default-1415992105369 -> hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=1475226132&z=ca75e80aea6fa3b3ded11d5g7z5m9w3o3odqdgaobt&from=uvc0929&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mylucky123.com/?type=sc&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD
HKU\S-1-5-21-808355122-3858119131-277923980-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKU\S-1-5-21-808355122-3858119131-277923980-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
SearchScopes: HKU\S-1-5-21-808355122-3858119131-277923980-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476185597&z=6f4b2dd29b8a28472340f4bg3z3m9qdg8b8w0w9tcq&from=che0812&uid=ST500LM000-1EJ162_W371ZLCDXXXXW371ZLCD&q={searchTerms}
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL => Brak pliku
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL => Brak pliku
BHO-x32: Brak nazwy -> {E6E66045-E911-4C01-961D-42487CE12089} -> C:\Users\Natalcia\AppData\LocalLow\Browser-Security\safe_url.dll [2016-06-20] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [brak pliku]
Tcpip\..\Interfaces\{47632F91-BA34-47AB-BD3E-EE98969D39DB}: [DhcpNameServer] 188.42.227.51 148.251.96.99
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe
R2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [280576 2016-09-01] () [brak podpisu cyfrowego]
R2 IlS; C:\ProgramData\Tencent\QQ\report\repor.dll [394752 2016-10-10] () [brak podpisu cyfrowego]
R2 UvConverter; C:\ProgramData\UvConverter\UvConverter.exe [163328 2016-10-09] () [brak podpisu cyfrowego]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S2 EvercineDL; "C:\ProgramData\corss\_@aduck00000000.tmp.dat.exe" [X]
S2 sp_rsdrv2; system32\DRIVERS\stflt.sys [X]
S2 ST2012_Svc; "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" [X]
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BackupRemind.lnk => C:\Windows\pss\BackupRemind.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: RandMAC => C:\Users\Natalcia\AppData\Local\Temp\7zO9B5.tmp\MadMACs.exe doittoit
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Task: {064A5ED9-9C1A-4991-B6BD-A469A7501B6E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku 
Task: {074F4F4A-AE50-4C54-BC93-203A47AD9B2A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku 
Task: {170E8675-E21B-44DD-827C-7F7E8FB94AC8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {1D3674EE-AF5F-4773-9132-A1B8AD9B1880} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {3777C297-CC64-4B41-9FFE-E6A1A6E9701B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {595EFDB6-6565-4C77-B9B4-32613C874569} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {75BB0215-37AC-4ACC-8658-4276D088826A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {879AA5CD-E15A-442D-BED4-C19AF3B97BE3} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{F2CA3928-42EC-481C-8520-B9C1177561C3}.exe
Task: {936124EC-50D5-4038-84C9-8EA9786F895D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku 
Task: {A1A36B1D-AC68-4A03-B545-9768B4D496CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku 
Task: {CEAE71BC-EAD1-4678-8434-AB356E34912B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku 
Task: {D04E4D35-3E1E-478B-A9B8-06415F82780E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {D6331221-D4F5-439F-BDBB-511D47D9C00C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku 
Task: {F319C730-85F6-4C62-816D-5B186C6DDFEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku 
Task: C:\Windows\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{F2CA3928-42EC-481C-8520-B9C1177561C3}.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DisableService: Internet Mobilny. RunOuc
AlternateDataStreams: C:\Users\Natalcia\ntuser.dat.log:{50CF2635-73DA-3D80-BE94-033263F847F8} [48]
C:\Program Files\ByteFence
C:\Program Files (x86)\Evercine
C:\Program Files (x86)\Legness
C:\Program Files (x86)\Java
C:\Program Files (x86)\Mozilla Firefox\plugins
C:\Program Files (x86)\Common Files\Apps
C:\ProgramData\corss
C:\ProgramData\Tencent
C:\ProgramData\UvConverter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\magritte
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSDownloader
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Weeks in Paradise Final
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder\Free Sound Recorder.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polish Empire Mod\Play Polish Empire Mod.lnk
C:\Users\Administrator
C:\Users\HomeGroupUser$
C:\Users\Gość
C:\Users\Natalcia\AppData\Local\Evercine
C:\Users\Natalcia\AppData\Local\Legness
C:\Users\Natalcia\AppData\LocalLow\Browser-Security
C:\Users\Natalcia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Sound Recorder.lnk
C:\Users\Natalcia\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk
C:\Users\Natalcia\AppData\Roaming\Mozilla\Firefox\Profiles\nvk4ix4a.default-1415992105369\searchplugins
C:\Users\Natalcia\Downloads\Niepotwierdzony 988232.crdownload
C:\Users\Public\Desktop\B1 Free Archiver.lnk
C:\Users\Public\Desktop\OSDownloader.lnk
C:\Users\Public\Documents\temp.dat
C:\Windows\System32\Drivers\PSKMAD.sys
C:\Windows\system32\log
C:\Windows\SysWOW64\*.tmp
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt w folderze z którego uruchamiasz FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

2. Zrób nowy log FRST z opcji Skanuj (Scan), bez Shortcut. Dołącz też plik fixlog.txt.

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...