Elektroda.pl
Elektroda.pl
X
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Jak usunąć wirusa yoursites123 ?

rozbitejajeczko 23 Dec 2015 19:02 627 1
  • Helpful post
    #2
    Acorus 20
    Level 43  
    Odinstaluj McAfee Security Scan Plus, WordFly 1.10.0.28. Otwórz notatnik systemowy i wklej:

    Quote:
    Task: {33843041-0E62-440D-8A2D-8B5932C97428} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== UWAGA
    Task: {FBCFF93B-65E3-4E7C-8AA4-E1C08B51B49B} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== UWAGA
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-23]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448659360&z=2628070a6f5053606dd29edgez4z4b7q9w4t8c1qbe&from=cor&uid=st1000lm024xhn-m101mbb_s30yj9dg206572&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1448659360&z=2628070a6f5053606dd29edgez4z4b7q9w4t8c1qbe&from=cor&uid=st1000lm024xhn-m101mbb_s30yj9dg206572&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448659360&z=2628070a6f5053606dd29edgez4z4b7q9w4t8c1qbe&from=cor&uid=st1000lm024xhn-m101mbb_s30yj9dg206572&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1448659360&z=2628070a6f5053606dd29edgez4z4b7q9w4t8c1qbe&from=cor&uid=st1000lm024xhn-m101mbb_s30yj9dg206572&q={searchTerms}
    HKU\S-1-5-21-3762613258-842178974-662039006-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572&q={searchTerms}
    HKU\S-1-5-21-3762613258-842178974-662039006-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKU\S-1-5-21-3762613258-842178974-662039006-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    HKU\S-1-5-21-3762613258-842178974-662039006-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3762613258-842178974-662039006-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1450781637&z=8870e51f1169534657acbf7gez5w6e3m3b6g6q0c8o&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S30YJ9DG206572
    CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
    R2 IhPul; C:\Users\Beata\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 WdMan; C:\ProgramData\tWdMt\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    2015-12-22 11:54 - 2015-12-23 18:33 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-22 11:54 - 2015-12-22 11:55 - 00000000 ____D C:\ProgramData\tWdMt
    2015-12-22 11:54 - 2015-12-22 11:54 - 00000000 ____D C:\Users\Beata\AppData\Roaming\TSv
    2015-11-27 22:22 - 2015-11-27 22:22 - 00000000 ____D C:\Program Files (x86)\WordFly_1.10.0.28
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.