Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Usuwanie zagrożenia yoursites123

rademenes170 10 Gru 2015 22:18 828 10
  • CControls
  • CControls
  • #3 10 Gru 2015 23:24
    Kolobos
    Spec od komputerów

    Odinstaluj: Picexa

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {1D25E43D-EB49-401C-8790-3812692B266A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {2BA2B4DB-BB9C-45D2-95DD-5BF19CC1F11D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
    Task: {35967EE8-BECA-4A6A-B14E-1209EE4DCA59} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {3BBBDEA2-9F7F-432F-97A4-8F925C15A36B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {44CED47B-5BC6-49AC-B955-8E34BDB6B079} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {4DFF37DE-8BDE-4D9B-AE7C-8869C9847DC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {707C2CEC-7602-4667-BFDE-934AF43805DE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {BB701A73-A7CD-4E1C-8EC3-863B95A0A510} - System32\Tasks\update-S-1-5-21-3623801270-3619033655-3009969429-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
    Task: {BF0EDB50-D13A-4533-9F3F-972C08CC9ABD} - System32\Tasks\Show-Password Update => C:\Program Files (x86)\Show-Password\Show_Password.exe <==== UWAGA
    Task: {C121DEEC-DBDB-4243-8F66-EEF41F973D64} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {DFBA6885-7978-490A-B2B9-3CC95A8A3FF8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {F058AACF-6386-409A-9B3E-F4E336EA8FEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {F0F4CB67-C410-4B00-9FB0-7F9C985004F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {F6BC2D77-8BC9-4D63-B391-8EF79A08D15A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\Show-Password Update.job => C:\Program Files (x86)\Show-Password\Show_Password.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\update-S-1-5-21-3623801270-3619033655-3009969429-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    ShortcutWithArgument: C:\Users\Olaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES <==== UWAGA




    ShortcutWithArgument: C:\Users\Olaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES <==== UWAGA
    ShortcutWithArgument: C:\Users\Olaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES <==== UWAGA
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
    (tsvr.com) C:\Users\Olaa\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3623801270-3619033655-3009969429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES
    HKU\S-1-5-21-3623801270-3619033655-3009969429-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-3623801270-3619033655-3009969429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3623801270-3619033655-3009969429-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...OSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3623801270-3619033655-3009969429-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3623801270-3619033655-3009969429-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...OSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3623801270-3619033655-3009969429-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=144...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES
    Edge HomeButtonPage: HKU\S-1-5-21-3623801270-3619033655-3009969429-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES
    FF NewTab: chrome://quick_start/content/index.html
    FF SelectedSearchEngine: yoursites123
    FF Homepage: about:preferences
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-01-19]
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Olaa\AppData\Roaming\Mozilla\Firefox\Profiles\20e5m965.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Olaa\AppData\Roaming\Mozilla\Firefox\Profiles\20e5m965.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Olaa\AppData\Roaming\Mozilla\Firefox\Profiles\20e5m965.default\extensions\sidebarff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Olaa\AppData\Roaming\Mozilla\Firefox\Profiles\20e5m965.default\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Olaa\AppData\Roaming\Mozilla\Firefox\Profiles\20e5m965.default\extensions\yahooprotected@gmail.com => nie znaleziono
    FF HKU\S-1-5-21-3623801270-3619033655-3009969429-1001\...\Firefox\Extensions: [{2ca93104-6168-4133-979c-8707690b5515}] - C:\Program Files (x86)\Show-Password\150.xpi => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD050_536GSH9ESXX536GSH9ES
    CHR HKLM-x32\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files (x86)\Show-Password\150.crx <nie znaleziono>
    R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [731784 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-12-10 21:27 - 2015-12-10 21:27 - 00000000 ____D C:\Users\Olaa\Downloads\FRST-OlderVersion
    2015-12-10 21:02 - 2015-12-10 21:02 - 00000000 ____D C:\Users\Olaa\AppData\Roaming\eCyber
    2015-12-09 08:00 - 2015-12-10 21:54 - 00000000 ____D C:\Program Files (x86)\Picexa
    2015-12-09 08:00 - 2015-12-09 08:00 - 00001864 _____ C:\Users\Public\Desktop\Picexa.lnk
    2015-12-09 08:00 - 2015-12-09 08:00 - 00000000 ____D C:\Users\Olaa\AppData\Roaming\Picexa Viewer
    2015-12-09 08:00 - 2015-12-09 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
    2015-12-09 07:59 - 2015-12-10 21:53 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-09 07:59 - 2015-12-09 07:59 - 00000000 ____D C:\Users\Olaa\AppData\Roaming\TSv
    2015-12-09 07:59 - 2015-12-09 07:59 - 00000000 ____D C:\ProgramData\WWdMW
    2015-12-09 07:58 - 2015-12-09 07:58 - 00000380 _____ C:\WINDOWS\SysWOW64\data.bin
    2015-12-09 07:58 - 2015-12-09 07:58 - 00000000 ____D C:\ProgramData\cWdMc
    2015-12-10 21:51 - 2014-01-19 18:10 - 00000410 _____ C:\WINDOWS\Tasks\Show-Password Update.job
    2015-12-10 21:30 - 2015-11-01 20:27 - 00000394 _____ C:\WINDOWS\Tasks\update-sys.job
    2015-12-09 07:59 - 2015-11-01 20:22 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-09 07:58 - 2015-11-01 20:22 - 00000000 ____D C:\ProgramData\3WMiniPro3
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST, to wszystko.

    0
  • Pomocny post
    #5 10 Gru 2015 23:37
    Kolobos
    Spec od komputerów

    @rademenes170 wykonaj to co podalem.

    0
  • #6 10 Gru 2015 23:55
    rademenes170
    Poziom 8  

    Kolobos wykonałem. Dzięki za pomoc. Udało się usunąć

    Dodano po 11 [minuty]:

    Ale jeszcze mi ta picexa gdzieś siedzi. W panelu sterowania tego nie mam żeby odinstalować, a taka aplikacja jest w lokalizacji

    C:\Users\Olaa\AppData\Local\Microsoft\Windows\INetCache\IE\MAIUYHTC

    Czy wystarczy że to tam usune?

    0
  • #7 10 Gru 2015 23:57
    Kolobos
    Spec od komputerów

    To Cache IE, mozesz usunac katalog MAIUYHTC.

    0
  • #8 20 Gru 2015 21:35
    rademenes170
    Poziom 8  

    Witam. Chyba jednak yoursites123 nie jest całkowicie usunięty, ponieważ malwarebytes daje znać o zagrożeniu. Przesyłam print screen komunikatu i proszę o dalszą pomoc
    Usuwanie zagrożenia yoursites123

    0
  • #9 21 Gru 2015 09:34
    Kolobos
    Spec od komputerów

    Mbam tego nie usuwa?

    Mozesz zresetowac FF do ustawien fabrycznych.

    0
  • #10 23 Gru 2015 21:33
    rademenes170
    Poziom 8  

    Niby usuwa, ale codziennie jest nowy komunikat

    0
  • #11 24 Gru 2015 08:32
    Kolobos
    Spec od komputerów

    Zresetowales ustawienia Firefox?

    0