Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak usunąć wirusa yoursites123 ?

medivivus 13 Dec 2015 12:11 774 1
  • Helpful post
    #2
    Acorus 20
    Level 43  
    Otwórz notatnik systemowy i wklej:

    Quote:
    Task: {F9FAFAE3-64F6-4334-ABB2-C179E8C4948C} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Uruchom Wiedźmin 2.lnk -> C:\Program Files (x86)\Wiedźmin 2\Launcher.exe (CD Projekt RED) -> hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C <==== UWAGA
    HKU\S-1-5-21-3309300487-3243327040-3131595602-1002\...\MountPoints2: {536134f0-ee4e-11e3-be79-28d2442ae91c} - "H:\setup.exe"
    AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Brak pliku
    AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437775503&z=6cc4fd50210a6e44ad125f9g4z9cam2m7m1wfz1bbb&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437775503&z=6cc4fd50210a6e44ad125f9g4z9cam2m7m1wfz1bbb&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    HKU\S-1-5-21-3309300487-3243327040-3131595602-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    HKU\S-1-5-21-3309300487-3243327040-3131595602-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKU\S-1-5-21-3309300487-3243327040-3131595602-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    HKU\S-1-5-21-3309300487-3243327040-3131595602-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&ts=1437775552&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&ts=1437775552&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&ts=1437775552&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3309300487-3243327040-3131595602-1002 -> {FA53B25A-CB7E-4E14-BFD3-8CBC18345978} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C&ts=1437775552&type=default&q={searchTerms}
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
    BHO-x32: Brak nazwy -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1437775503&z=6cc4fd50210a6e44ad125f9g4z9cam2m7m1wfz1bbb&from=cornl&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    CHR StartupUrls: Profile 2 -> "hxxp://www.yoursites123.com/?type=hp&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C"
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449824559&z=00fe3ab40375d8c37ce9176g6z8z9t3b3o8zew0w8b&from=ient07021&uid=ST1000LM014-1EJ164_W380KP7CXXXXW380KP7C
    R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 Update ace race; "C:\Program Files (x86)\ace race\updateacerace.exe" [X]
    S2 Update Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" [X]
    S2 WdsManPro; C:\ProgramData\vWdsManProv\WdsManPro.exe -service [X]
    R1 {e99acdf0-fa83-4c75-b15b-f0d544a8fd2a}Gw64; C:\Windows\System32\drivers\{e99acdf0-fa83-4c75-b15b-f0d544a8fd2a}Gw64.sys [48784 2015-01-18] (StdLib)
    S1 itdrvr_vw_1_10_0_25; system32\drivers\itdrvr_vw_1_10_0_25.sys [X]
    2015-12-11 10:03 - 2015-12-11 10:04 - 00000000 ____D C:\ProgramData\5WdM5
    2015-12-11 18:47 - 2015-07-24 23:05 - 00000000 ____D C:\Program Files (x86)\MiuiTab
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.