Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak się pozbyć wirusa przekierowującego na stronę yoursite123 ?

spotter714 11 Gru 2015 21:04 675 3
  • CControls
  • #2 11 Gru 2015 21:07
    Kolobos
    Spec od komputerów

    Jeszcze addition.txt.

    0
  • CControls
  • #3 11 Gru 2015 21:20
    spotter714
    Poziom 2  

    Jest addition.txt.

    0
  • #4 11 Gru 2015 21:29
    Kolobos
    Spec od komputerów

    Zainstaluj: https://support.microsoft.com/en-us/kb/2545227

    Odinstaluj:
    Qtrax Player
    yoursearching uninstall

    Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1106504487-2662737222-822640506-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Izabela\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {E8E46571-2C1D-456F-AEF5-C36E5B05A06A} - System32\Tasks\{9A730E12-38D7-4D5C-A386-BFD98FE3C9F6} => pcalua.exe -a C:\Users\Izabela\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
    Task: {F816C5B8-0974-4646-A3A8-62C6A1BFAE30} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe




    ShortcutWithArgument: C:\Users\Izabela\Desktop\Google Chrome.lnk -> C:\Users\Izabela\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Izabela\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Users\Izabela\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Izabela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Izabela\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Uruchom Wiedźmin 2.lnk -> C:\Program Files (x86)\Wiedźmin 2\Launcher.exe (CD Projekt RED) -> hxxp://www.yoursearching.com/?type=sc&ts=...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659 <==== UWAGA
    IE trusted site: HKU\S-1-5-21-1106504487-2662737222-822640506-1000\...\mks.com.pl -> hxxp://www.mks.com.pl
    (tsvr.com) C:\Users\Izabela\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TFuns LIMITED) C:\ProgramData\1WdM1\WdMan.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\Picexa.exe
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\...\MountPoints2: {2bbfed60-24bf-11e2-8af2-bc5ff44bcb4f} - F:\Setup.exe
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\...\MountPoints2: {476b53ef-4979-11e4-b849-bc5ff44bcb4f} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\...\MountPoints2: {6c69d528-24c0-11e2-b6dc-bc5ff44bcb4f} - F:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\...\MountPoints2: {9b653268-48be-11e4-b533-bc5ff44bcb4f} - F:\HTC_Sync_Manager_PC.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    HKU\S-1-5-21-1106504487-2662737222-822640506-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    SearchScopes: HKU\S-1-5-21-1106504487-2662737222-822640506-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1106504487-2662737222-822640506-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...WD5000AAKX-001CA0_WD-WMAYUU64965949659&q={searchTerms}
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    Toolbar: HKU\S-1-5-21-1106504487-2662737222-822640506-1000 -> avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - Brak pliku
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    CHR StartupUrls: Default -> "hxxps://isearch.avg.com/?cid={6ED4E46E-ABAE-4496-841E-5FD518FB3E67}&mid=62611325353047d081466d16b2af22bc-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=xn011&pr=sa&d=2012-09-20 16:48:42&v=12.2.5.34&sap=hp","hxxp://isearch.avg.com/?cid={C9B05095-C459-415B-8AD0-8B048F45EE1A}&mid=62611325353047d081466d16b2af22bc-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=xn011&pr=sa&d=2013-01-15 18:48:18&v=13.3.0.17&sap=hp","hxxp://websearch.searchesplace.info/?pid=34&r=2013/08/09&hid=3913480663&lg=EN&cc=PL&unqvl=30","hxxp://www.google.pl/","hxxp://www.istartsurf.com/?type=hp&ts=1434394570&z=6a2feb0839c8ac81ae38ebag2z8c5z0c0t7z4w8q7m&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659","hxxp://www.delta-homes.com/?type=hp&ts=1442922786&z=c2a277584ef9b904d2c20c6gbz4zeo0t5obo6m6b4m&from=ient07031&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659","hxxp://www.yoursites123.com/?type=hp&ts=1449855859&z=1ea2ff1ad9e329b855bb85bgdz0zct2baw0w2b6w2t&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659"
    StartMenuInternet: Google Chrome.4ORFJZVB3LM6FGP6B4K5F7JSPA - C:\Users\Izabela\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD5000AAKX-001CA0_WD-WMAYUU64965949659
    R2 IhPul; C:\Users\Izabela\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
    R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 Update FindRight; "C:\Program Files (x86)\FindRight\updateFindRight.exe" [X]
    S2 Util FindRight; "C:\Program Files (x86)\FindRight\bin\utilFindRight.exe" [X]
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    2015-12-11 20:42 - 2015-12-11 20:42 - 00000000 ____D C:\Users\Izabela\AppData\Roaming\eCyber
    2015-12-11 18:47 - 2015-12-11 18:47 - 00001789 _____ C:\Users\Public\Desktop\Picexa.lnk
    2015-12-11 18:47 - 2015-12-11 18:47 - 00000000 ____D C:\Users\Izabela\AppData\Roaming\Picexa Viewer
    2015-12-11 18:47 - 2015-12-11 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
    2015-12-11 18:47 - 2015-12-11 18:47 - 00000000 ____D C:\Program Files (x86)\Picexa
    2015-12-11 18:46 - 2015-12-11 20:41 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-11 18:46 - 2015-12-11 18:47 - 00000000 ____D C:\ProgramData\1WdM1
    2015-12-11 18:46 - 2015-12-11 18:46 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-02 15:10 - 2015-12-02 21:21 - 00000000 _____ C:\Windows\SysWOW64\pl2.exe
    2015-12-11 18:45 - 2015-09-22 12:53 - 00000000 ____D C:\Users\Izabela\AppData\Roaming\TSv
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0