Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus - Yoursite123 jak usunąc? FRST

sokawicz 28 Gru 2015 14:40 624 4
  • CControls
  • Pomocny post
    #2 28 Gru 2015 15:03
    Kolobos
    Spec od komputerów

    Odinstaluj: Picexa

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: C:\WINDOWS\Tasks\_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== UWAGA
    ShortcutWithArgument: C:\Documents and Settings\Sokal1\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    ShortcutWithArgument: C:\Documents and Settings\Sokal1\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Internet Explorer (bez dodatków).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    ShortcutWithArgument: C:\Documents and Settings\Sokal1\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    ShortcutWithArgument: C:\Documents and Settings\Sokal1\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Uruchom przeglądarkę Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM




    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files\Picexa\picexasvc.exe
    (tsvr.com) C:\Documents and Settings\Sokal1\Dane aplikacji\TSv\TSvr.exe
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {22d6d544-a784-11e2-b752-001d7d9f210b} - G:\AutoRun.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {23fe6376-3fe1-11e3-be76-001e101f83f8} - J:\LGAutoRun.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {6381ca67-4f88-11e3-beab-001d7d9f210b} - G:\AutoRun.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {a28e9ee7-b9c7-11e4-821d-001d7d9f210b} - G:\Launcher.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {c717b847-a782-11e2-b751-001d7d9f210b} - G:\AutoRun.exe
    HKU\S-1-5-21-861567501-963894560-839522115-1004\...\MountPoints2: {d0bc0547-4f89-11e3-beac-001d7d9f210b} - G:\AutoRun.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM&q={searchTerms}
    HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...7021&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM&q={searchTerms}
    HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= UWAGA
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-861567501-963894560-839522115-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-861567501-963894560-839522115-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-861567501-963894560-839522115-1004 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL =
    BHO: Brak nazwy -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Brak pliku
    BHO: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Brak pliku
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [dkhjlahlbnpiplnkdaolloikfbaoaefm] - C:\Program Files\DiVapton\dkhjlahlbnpiplnkdaolloikfbaoaefm.crx <nie znaleziono>
    CHR HKU\S-1-5-21-861567501-963894560-839522115-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST3250310AS_9RY1J0ZMXXXX9RY1J0ZM
    R2 IhPul; C:\Documents and Settings\Sokal1\Dane aplikacji\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 PicexaService; C:\Program Files\Picexa\PicexaSvc.exe [731784 2015-12-15] (Taiwan Shui Mu Chih Ching Technology Limited)
    S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [0 2006-09-28] () <==== UWAGA (zerobajtowy plik/folder)
    S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 VMUVC; System32\Drivers\VMUVC.sys [X]
    S3 vvftUVC; system32\drivers\vvftUVC.sys [X]
    S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
    U1 WS2IFSL; Brak ImagePath
    S2 zumbus; system32\DRIVERS\zumbus.sys [X]
    2015-12-28 13:54 - 2015-12-28 14:33 - 00000000 ____D C:\Program Files\Picexa
    2015-12-28 13:54 - 2015-12-28 13:54 - 00001464 _____ C:\Documents and Settings\All Users\Pulpit\Picexa.lnk
    2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\Documents and Settings\Sokal1\Dane aplikacji\Picexa Viewer
    2015-12-28 13:54 - 2015-12-28 13:54 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Picexa
    2015-12-28 13:52 - 2015-12-28 13:53 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\9WdM9
    2015-12-28 13:49 - 2015-12-28 13:49 - 02539857 _____ C:\Program Files\SSFK.exe
    2015-12-12 19:38 - 2015-12-24 15:37 - 00000000 ____D C:\Documents and Settings\Sokal1\Dane aplikacji\yoursearching
    2015-12-12 19:38 - 2015-12-12 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Tmp0x0x
    2015-12-12 16:39 - 2015-12-12 16:39 - 00000000 ____D C:\Documents and Settings\Sokal1\Dane aplikacji\eCyber
    2015-12-09 08:54 - 2015-12-28 13:52 - 00000000 ____D C:\Program Files\SFK
    2015-12-09 08:54 - 2015-12-09 08:55 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\cWdMc
    2015-12-09 08:53 - 2015-12-28 13:51 - 00000000 ____D C:\Documents and Settings\Sokal1\Dane aplikacji\TSv
    2015-12-09 08:52 - 2015-12-09 08:53 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\yWdMy
    2015-12-27 15:01 - 2013-08-21 11:01 - 00000266 _____ C:\WINDOWS\Tasks\_DEFAULT.job
    2015-11-22 14:00 - 2015-12-28 13:52 - 0000146 _____ () C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Ten wpis zapewne bedzie trzeba usuanc recznie:
    SearchScopes: HKU\S-1-5-21-861567501-963894560-839522115-1004 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)xä URL = przy pomocy regedit.

    0
  • CControls
  • #3 28 Gru 2015 15:24
    sokawicz
    Poziom 2  

    Jak pierwszy raz włączyłem do naprawy program FRST to program działał po chwili się wyłączył. Ponownie go uruchomiłem i zakończył swoją prace. Czy to może w czymś przeszkodzić?

    Program Picexa odinstalowany.

    Wpis usunięty.

    Plik FRST Zmieniony.

    0
  • Pomocny post
    #4 28 Gru 2015 15:31
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 28 Gru 2015 15:32
    sokawicz
    Poziom 2  

    Dziękuję za pomoc:)

    Szczęśliwego nowego roku.

    0