Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 oraz Elex Hijacker jak usunąć?

Kopytka7 26 Gru 2015 23:33 1086 1
  • CControls
  • Pomocny post
    #2 27 Gru 2015 01:39
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:

    Usuń infekcję WinZipper
    Odinstaluj McAfee AntiVirus lub SpyHunter 4

    Task: {05659217-B1E6-4A6D-B1E1-D1F056E47A25} - System32\Tasks\WindowsUpda2ta => C:\Users\Mizia\AppData\Roaming\MICROSOFT\home.vbe [2015-12-09] () <==== UWAGA
    Task: {1BCDF83D-8C91-44EF-AC21-86026F08D138} - System32\Tasks\{8B3E93A5-DBCC-4EF1-B843-8B7E7AECF36D} => pcalua.exe -a D:\Install_Win\install.exe -d D:\
    Task: {2999ECFD-C5C3-4CF7-9ED4-4A5EDED44061} - System32\Tasks\{3F46C4D2-44C9-4A9F-B61A-8F26F703EBC0} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
    Task: {B4C67187-BDCD-41B7-9139-01770068E796} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {DE586CA3-94CE-4FB0-AA1C-51FBACF206C7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {523658D5-6218-44D9-B7CE-6B9A03C59B04} - System32\Tasks\{C91B5681-11BB-4739-AE5F-1A9E2EA63236} => pcalua.exe -a "C:\Program Files (x86)\PRiiceMinus
    Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    tsvr.com) C:\Users\Mizia\AppData\Roaming\TSv\TSvr.exe
    TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\...\Run: [Power2GoExpress8] => NA
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\...\Run: [home] => wscript.exe //B "C:\Users\Mizia\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\...\MountPoints2: {7c64dc6c-8de8-11e5-82d0-645a042908cc} - "F:\SETUP.EXE"
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\...\MountPoints2: {e74d7f1f-9850-11e5-82d0-645a042908cc} - "E:\Startme.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2014-11-09]
    Startup: C:\Users\Mizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-12-09] ()
    Startup: C:\Users\Mizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA4A0.tmp.vbs [2015-11-21] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}




    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...uid=WDCXWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761
    HKU\S-1-5-21-3492499834-1534672348-3713229473-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3492499834-1534672348-3713229473-1001 -> DefaultScope {3D62D55E-7760-496F-8665-27FF1313AAD6} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...761&ts=1436135523&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3492499834-1534672348-3713229473-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3492499834-1534672348-3713229473-1001 -> {3D62D55E-7760-496F-8665-27FF1313AAD6} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...761&ts=1436135523&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3492499834-1534672348-3713229473-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...761&ts=1436135523&type=default&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...uid=WDCXWD10JPVX-75JC3T0_WX11AC3U0761AC3U0761
    FF Extension: Brak nazwy - C:\Users\Mizia\AppData\Roaming\Mozilla\Firefox\Profiles\8vbwhpxu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [nie znaleziono]
    FF Extension: Brak nazwy - C:\Users\Mizia\AppData\Roaming\Mozilla\Firefox\Profiles\8vbwhpxu.default\extensions\ascsurfingprotection@iobit.com [nie znaleziono]
    FF Extension: Brak nazwy - C:\Program Files (x86)\IObit Apps Toolbar\FF [nie znaleziono]
    R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [731784 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-14] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    S3 DiskDoctorService; Brak ImagePath
    S3 SpeedDiskService; Brak ImagePath
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
    U2 McMPFSvc; Brak ImagePath
    S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
    2015-12-26 23:16 - 2015-12-26 23:16 - 00000000 ____D C:\sh4ldr
    2015-12-24 09:50 - 2015-12-24 12:25 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-12-24 09:50 - 2015-12-24 09:50 - 00000000 ____D C:\Users\Mizia\AppData\Roaming\WinZipper
    2015-12-24 09:50 - 2015-12-24 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    2015-12-09 10:42 - 2015-12-26 22:01 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-09 10:42 - 2015-12-24 13:46 - 00000000 ____D C:\Program Files (x86)\Picexa
    2015-12-09 10:42 - 2015-12-17 12:24 - 00000000 ____D C:\Users\Mizia\AppData\Roaming\Picexa Viewer
    2015-12-09 10:41 - 2015-12-09 10:42 - 00000000 ____D C:\ProgramData\XWdMX
    2015-12-09 10:40 - 2015-12-24 09:50 - 00000000 ____D C:\Users\Mizia\AppData\Roaming\TSv
    2015-12-09 10:40 - 2015-12-09 10:40 - 00000000 ____D C:\ProgramData\6WdM6
    2015-11-30 13:08 - 2015-12-09 10:40 - 00000000 ____D C:\ProgramData\tWMiniProt2015-12-18 11:38 - 2015-04-04 11:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-12-18 11:38 - 2015-04-04 11:19 - 00000000 ___SD C:\Windows\system32\GWX
    2015-12-18 11:38 - 2015-04-04 11:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-12-18 11:38 - 2015-04-04 11:19 - 00000000 ___SD C:\Windows\system32\GWX
    C:\ProgramData\PCFTray.exe
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat







    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0