Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak się pozbyć wirusa przekierowującego na stronę yoursites123?

FROOT 12 Dec 2015 11:30 933 3
  • Helpful post
    #2
    Kolobos
    IT specialist
    Zainstaluj http://ninite.com/java/

    Odinstaluj:
    Bing Bar
    Java(TM) 6 Update 22 (64-bit)
    Java(TM) 6 Update 22

    Fixlist.txt dla FRST:
    Task: {12C133AD-BB89-4687-BAAF-9DE910B7A2EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {28DEF9F1-3740-4C59-BA93-854FB363ADE7} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
    Task: {5D68AF4D-C3F3-4171-A934-0E6DA98DE693} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {5EFFF483-49B4-4F66-BAC9-14A8FE705BDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {6551F24B-E72B-4970-B8AC-F4C37AA7178B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {824DAF17-D614-45B3-ACAD-BDE9505FC1C6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {8A15F3DE-3558-465E-AA80-A686E2BA583B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {8B037CAF-57FD-45DD-9B33-0CE63797D9FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {8E4C07F1-F36C-4701-BA41-5A89C30E2F73} - System32\Tasks\{AC030831-4F69-4E41-8BAA-E4AC03278D4E} => pcalua.exe -a "C:\Program Files\GridinSoft Trojan Killer\uninst.exe"
    Task: {93FEBDF1-E28C-4558-B528-24B6FF9D2B50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {A3C524AF-A23E-4523-A787-CA9D02FA8A38} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {B7A4056E-2695-432C-9A31-FDF0EC2E9347} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {CB35A8BD-AFF0-449C-9E2A-557EE064B2FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {F05610AA-261F-4151-9FE5-6B4EBDA7B30D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    (tsvr.com) C:\Users\BARTEK\AppData\Roaming\TSv\TSvr.exe
    BootExecute: autocheck autochk * sh4native Sh4Removal
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={AFACE076-EFF4-4923-B015-825AB082FE77}&mid=9beff35c4c5247cdb8791de63e2f6bc1-82b50384c5e5c115a2a201b0e11069a2e669bab2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-09 20:41:21&v=4.1.8.599&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
    URLSearchHook: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 - (Brak nazwy) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {3382E08A-AF2F-4187-8145-BE8586EAC10C} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AFACE076-EFF4-4923-B015-825AB082FE77}&mid=9beff35c4c5247cdb8791de63e2f6bc1-82b50384c5e5c115a2a201b0e11069a2e669bab2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-09 20:41:21&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446417905&z=ccb7466650a7badccb37818gezezaqfzdg8mdq4c1m&from=cor&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    Edge HomeButtonPage: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    FF Plugin-x32: @AVG.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [Brak pliku]
    FF Plugin-x32: @McAfee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    CHR HomePage: Default -> search.ask.com/?gct=hp
    CHR HKLM\...\Chrome\Extension: [aaaadbhonifkcheeddllhmpapnhcpgia] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\BARTEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [aaaadbhonifkcheeddllhmpapnhcpgia] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\BARTEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    R2 IhPul; C:\Users\BARTEK\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    U3 idsvc; Brak ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; Brak ImagePath
    2015-12-11 23:28 - 2015-12-12 10:57 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html
    2015-12-09 10:04 - 2015-12-09 10:12 - 00000000 ____D C:\ProgramData\FWdMF
    2015-12-09 10:04 - 2015-12-09 10:12 - 00000000 ____D C:\ProgramData\8WdM8
    2015-12-09 10:04 - 2015-12-09 10:04 - 00000366 _____ C:\WINDOWS\SysWOW64\data.bin
    2015-12-09 10:04 - 2015-12-09 10:04 - 00000000 ____D C:\Users\BARTEK\AppData\Roaming\TSv
    2015-12-09 10:04 - 2015-11-01 23:45 - 00000000 ____D C:\ProgramData\gWMiniProg
    2015-09-20 18:11 - 2015-12-09 10:04 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.
  • Helpful post
    #3
    krzychupar
    Level 43  
    Otwórz notatnik systemowy i wklej:
    Task: {12C133AD-BB89-4687-BAAF-9DE910B7A2EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {5EFFF483-49B4-4F66-BAC9-14A8FE705BDF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {6551F24B-E72B-4970-B8AC-F4C37AA7178B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <====
    UWAGATask: {824DAF17-D614-45B3-ACAD-BDE9505FC1C6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {8A15F3DE-3558-465E-AA80-A686E2BA583B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {8B037CAF-57FD-45DD-9B33-0CE63797D9FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {93FEBDF1-E28C-4558-B528-24B6FF9D2B50} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {A3C524AF-A23E-4523-A787-CA9D02FA8A38} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {B7A4056E-2695-432C-9A31-FDF0EC2E9347} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {CB35A8BD-AFF0-449C-9E2A-557EE064B2FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {F05610AA-261F-4151-9FE5-6B4EBDA7B30D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\Users\BARTEK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    HKU\S-1-5-21-2119879341-2310984095-4284872945-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
    URLSearchHook: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 - (Brak nazwy) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {3382E08A-AF2F-4187-8145-BE8586EAC10C} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    SearchScopes: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA&q={searchTerms}
    Edge HomeButtonPage: HKU\S-1-5-21-2119879341-2310984095-4284872945-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449651856&z=c069400e1e6f10fc71f9589gez9zft6qbwcg5b7w8q&from=ient07021&uid=ST9500325AS_5VEL8ZTAXXXX5VEL8ZTA
    CHR HomePage: Default -> search.ask.com/?gct=hp
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    U3 idsvc; Brak ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; Brak ImagePath
    2015-12-11 23:28 - 2015-12-12 10:57 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html
    2015-12-09 10:04 - 2015-12-09 10:12 - 00000000 ____D C:\ProgramData\FWdMF
    2015-12-09 10:04 - 2015-12-09 10:12 - 00000000 ____D C:\ProgramData\8WdM8
    2015-12-09 10:04 - 2015-12-09 10:04 - 00000000 ____D C:\Users\BARTEK\AppData\Roaming\TSv
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\Users\BARTEK\AppData\Local\Temp\avguirn_083869664.exe
    C:\Users\BARTEK\AppData\Local\Temp\drm_dyndata_7400009.dll

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
  • #4
    FROOT
    Level 2  
    Dziękuję za pomoc!
    Jak się pozbyć wirusa przekierowującego na stronę yoursites123?