Elektroda.pl
Elektroda.pl
X
CControls
Prosz, dodaj wyj徠ek www.elektroda.pl do Adblock.
Dzi瘯i temu, 瞠 ogl康asz reklamy, wspierasz portal i u篡tkownik闚.

Wirus-yoursites123 - Jak to usun望?

KeshNotYes 14 Gru 2015 20:03 693 2
  • CControls
  • #2 14 Gru 2015 20:19
    Argennto_1
    Poziom 33  

    Kapserky Trial, Malwarebytes, UnHackMe. Skorzystanie z tych 3 powinno za豉twi spraw.

    0
  • CControls
  • Pomocny post
    #3 15 Gru 2015 00:19
    Kolobos
    Spec od komputer闚

    Odinstaluj:
    360 Total Security
    Web Amplified
    Yahoo! Install Manager

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {0A1DBAE7-A96E-4167-9E42-5C4E53EB26D6} - System32\Tasks\{3160F8A1-F788-4A45-B2DC-50F5881F3015} => D:\asa\Counter-Strike 1.6\hl.exe
    Task: {17ADA2AE-0879-4B77-A677-71F5981FBE2D} - System32\Tasks\{A917FA89-CD5D-4D64-83EC-11062DB2AF55} => pcalua.exe -a C:\Users\Kacper\AppData\Local\Pokki\Engine\HostAppService.exe -c /UNINSTALL146973192f4e3d4ad8e10238e5e444db3822111b
    Task: {1A3DA9A5-416E-44C2-B1D0-558F7C9A9191} - System32\Tasks\{B4487C34-3BC2-415E-8FDB-0C74DAAE618B} => D:\AAAAAAAAAAAAAAAAAAAAAAAAAA\hl.exe
    Task: {1C86F4CF-036B-43D9-AACC-C7880EB9054D} - System32\Tasks\{0C553154-AEB2-4DB4-9819-A15350936E82} => D:\a\hl.exe
    Task: {20F36F6E-4AEF-4D18-A0E4-BA158A3731BF} - System32\Tasks\{CDD4BD9A-D9E6-44B3-86C9-B7638F5718EC} => D:\faa\Valve\hl.exe
    Task: {2415BCFA-3387-4E03-9BCC-C7F1753FF9D9} - System32\Tasks\{4AF8ED2F-5E09-4D48-96B8-86A1609AA09A} => D:\AAAAAAAAAAAAAAAAAAAAAAAAAA\hl.exe
    Task: {38FEB66F-B08D-4689-A999-8CEF3B38ED17} - System32\Tasks\{A22CDC14-81F8-4985-9A19-DB1125F7DE86} => D:\zasa\hl.exe
    Task: {609C1B97-3AC4-45F8-9D28-9BA5E601F89D} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {6948D1BF-57E9-4F64-9029-622FE1A705FE} - System32\Tasks\{14399BDD-160A-4B90-B31B-B5D5D157F216} => D:\AB\hl.exe
    Task: {83127FF3-64B2-4BE8-A0F8-BB79C60A7A27} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {90302B6D-0F18-46C5-9A75-01EBD2E513B6} - System32\Tasks\{1AA736BC-E0CA-4186-BD09-E2EC73730854} => D:\ala\Counter-Strike 1.6 v32\Counter-Strike 1.6.exe
    Task: {AB2FEABD-C12F-450D-B2F6-24EED958489A} - System32\Tasks\{F27A9FA5-991D-45C8-A322-13B8DC333041} => D:\ala\Valve\hl.exe
    Task: {AE53A854-7C38-4C0B-88F8-F955AF26747B} - System32\Tasks\{9B739648-8165-4BE4-B806-F062DB761E21} => D:\asa\Counter-Strike 1.6\hl.exe
    Task: {C548337E-DCF9-4144-AB4D-BCD47A745C63} - System32\Tasks\BAAw57msoB0eKw1Y99OHwVx => C:\Users\Kacper\AppData\Roaming\BAAw57msoB0eKw1Y99OHwVx.exe <==== UWAGA
    Task: {CC12D13C-A235-45E8-8CFD-C319AD885C41} - System32\Tasks\{E10EB618-858D-41C9-841B-8060F1C3F875} => D:\asa\Counter-Strike 1.6\hl.exe
    Task: {CF252663-A8B5-4803-84B2-98D204A7CB98} - System32\Tasks\{B710D1A6-A932-45A9-9341-73E47B68DE08} => D:\ecc\hl.exe
    Task: {E51CE820-E67F-4E5D-8127-D210F5FB3E84} - System32\Tasks\Opera scheduled Autoupdate 1421350855 => C:\Program Files (x86)\Opera beta\launcher.exe [2015-12-03] (Opera Software)
    Task: {EE13AFF3-F4F5-4F11-8C7B-C8D992EF0DBB} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)




    Task: {F5F0AFCF-953C-4521-95F7-DF697E13E9F0} - System32\Tasks\{A7EDE568-537F-488D-9C7D-B948FC71018A} => pcalua.exe -a "C:\ProgramData\Caphyon\Advanced Installer\{0C0C3F5A-173C-4838-8975-7C3C8F0B719C}\Counter-Strike 1.6 PL 2015.exe" -c /x {0C0C3F5A-173C-4838-8975-7C3C8F0B719C}
    Task: C:\Windows\Tasks\BAAw57msoB0eKw1Y99OHwVx.job => C:\Users\Kacper\AppData\Roaming\BAAw57msoB0eKw1Y99OHwVx.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\Desktop\chrome — skr鏒.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome — skr鏒.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera beta.lnk -> C:\Program Files (x86)\Opera beta\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk -> C:\Program Files (x86)\Opera beta\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC <==== UWAGA
    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    AlternateDataStreams: C:\Users\Kacper\Dane aplikacji:NT
    AlternateDataStreams: C:\Users\Kacper\Dane aplikacji:NT2
    AlternateDataStreams: C:\Users\Kacper\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\Kacper\AppData\Roaming:NT2
    HKU\S-1-5-21-1165730155-2600752867-3284111979-1001\...\Run: [Clownfish] => 0
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    HKU\S-1-5-21-1165730155-2600752867-3284111979-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    HKU\S-1-5-21-1165730155-2600752867-3284111979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={91CF9896-1EF1-40D8-A507-0F2FD29075E9}&mid=b7a661d293de47cd9132f186768d1fee-7149ff4e2ff9be04d28487d030e8e2f49ffe0484&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-01-16 22:13:39&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-1165730155-2600752867-3284111979-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={91CF9896-1EF1-40D8-A507-0F2FD29075E9}&mid=b7a661d293de47cd9132f186768d1fee-7149ff4e2ff9be04d28487d030e8e2f49ffe0484&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-01-16 22:13:39&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    CHR HomePage: Default -> mysearch.avg.com/?rvt=1
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450114099&z=2c2b27de9579c26142e3973g1zcwbe8geg6z3e4t5b&from=wpm07173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC"
    CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
    CHR HKU\S-1-5-21-1165730155-2600752867-3284111979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    StartMenuInternet: (HKLM) Operabeta - C:\Program Files (x86)\Opera beta\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...7173&uid=ST9500325AS_6VEEPAKCXXXX6VEEPAKC
    S2 Mobizen plugin; D:\Ac\MobizenService\MobizenService.exe [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    U3 tmlwf; Brak ImagePath
    U3 tmwfp; Brak ImagePath
    2015-12-14 18:28 - 2015-12-14 18:33 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\TSv
    2015-12-14 18:28 - 2015-12-14 18:30 - 00000000 ____D C:\ProgramData\DWdMD
    2015-12-14 18:28 - 2015-11-01 08:43 - 00000000 ____D C:\ProgramData\8WMiniPro8
    2015-12-14 15:35 - 2015-09-21 14:35 - 00001022 _____ C:\Windows\Tasks\BAAw57msoB0eKw1Y99OHwVx.job
    2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Kacper\AppData\Roaming\BAAw57msoB0eKw1Y99OHwVx
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0