Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus - yoursites123 jak usunac

qarolaaa 27 Gru 2015 11:19 930 3
  • CControls
  • Pomocny post
    #2 27 Gru 2015 11:39
    Acorus 20
    Spec od komputerów

    Odinstaluj SpyHunter, WinZipper. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {06B8A067-8D13-47BA-B3F9-3F7EC26EA0E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {2D51E567-8B43-498C-88C5-1C91CF499B86} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {3108B8BD-1BA4-465C-8ECB-CEC68BB42CE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {46FD9C77-7853-4BF9-AE33-B7BD223E11BD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {4E8E4086-9DA6-4BC0-8266-1C917746FE82} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe [2014-10-31] (Enigma Software Group USA, LLC.)
    Task: {6B68C7BA-AEF2-492A-9C79-52CE4C750A17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {7F8BA961-546E-477F-AF0A-4CF54A52C5B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {81AEA638-9449-4CC0-8FA7-7A5162143A65} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {8B979554-8543-470F-B196-93EFAD363610} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {C220B3FA-4A17-4F84-8EFD-59C877951FC8} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe <==== UWAGA
    Task: {C399B205-6273-423C-B979-9BDB851A97A6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {C7411A8D-3810-4224-AD4B-482082D8386A} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== UWAGA
    Task: {C745C3F2-DE51-4F02-BDCC-9CE03E2C2306} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {DFE7E426-3CF8-4030-85E3-55CBB37B44EE} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== UWAGA
    Task: {E791221E-5365-47D0-9C0F-FFE1D3D78346} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    ShortcutWithArgument: C:\Users\ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    BootExecute: autocheck autochk * sh4native Sh4Removal
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2635575848-863459830-653567448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT&q={searchTerms}
    HKU\S-1-5-21-2635575848-863459830-653567448-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT&q={searchTerms}
    HKU\S-1-5-21-2635575848-863459830-653567448-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    SearchScopes: HKU\S-1-5-21-2635575848-863459830-653567448-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2635575848-863459830-653567448-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2635575848-863459830-653567448-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT&q={searchTerms}
    BHO: Brak nazwy -> {11111111-1111-1111-1111-110611191115} -> Brak pliku
    BHO: Brak nazwy -> {11111111-1111-1111-1111-110611511123} -> Brak pliku
    Edge HomeButtonPage: HKU\S-1-5-21-2635575848-863459830-653567448-1002 -> hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    FF DefaultSearchEngine: yoursites123
    FF SearchPlugin: C:\Users\ewa\AppData\Roaming\Mozilla\Firefox\Profiles\rgqsvooy.default\searchplugins\yoursites123.xml [2015-12-23]
    CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450866145&z=04f2cde601b517b9c943091gdz7waebbdqbq9g4zeo&from=wpm07173&uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT"
    CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=14...OSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...p;uid=TOSHIBAXMQ01ABD075_24G9C1PITXX24G9C1PIT
    OPR Extension: (Brak nazwy) - C:\Users\ewa\AppData\Roaming\Opera Software\Opera Stable\Extensions\gnjbfdmiommbcdfigaefehgdndnpeech [2015-07-19]
    OPR Extension: (Brak nazwy) - C:\Users\ewa\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk [2015-07-19]
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [265960 2015-12-22] (RayDl)
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-14] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
    S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
    U5 REALPLAYERUPDATESVC; Brak ImagePath
    U4 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-12-27 10:22 - 2015-12-27 10:22 - 00003336 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2015-12-27 10:03 - 2015-12-27 10:03 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\ewa\Downloads\sh-remover(2).exe
    2015-12-27 09:49 - 2015-12-27 10:02 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\ewa\Downloads\sh-remover(1).exe
    2015-12-23 11:23 - 2015-12-27 10:57 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-12-23 11:23 - 2015-12-23 11:24 - 00000000 ____D C:\ProgramData\HWdMH
    2015-12-23 11:23 - 2015-12-23 11:23 - 00000000 ____D C:\Users\ewa\AppData\Roaming\WinZipper
    2015-12-23 11:23 - 2015-12-23 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 27 Gru 2015 12:06
    qarolaaa
    Poziom 2  

    pięknie dziękuję ! :)

    0