Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yoursites123 - jak tą infekcję usunąć?

dam1983 09 Sty 2016 23:38 588 2
  • CControls
  • Pomocny post
    #2 10 Sty 2016 00:05
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-04D76E548849}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Damian\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-41493053-3958052129-3170778977-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Damian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {092AB363-CEC4-4274-89DB-1EF5FE18DE91} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {2DA52896-FF04-499D-BFCE-1120D76B4B42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {3A472604-5A75-463B-A67C-F69BE6FF8412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {3B8C820E-3F0A-43BA-8806-C524564AB1BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {3BBD952A-5D69-46FD-99FC-681DD4D92F84} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {4438BF3E-0604-4AC5-8071-B249B04EE327} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {7ADDCDA3-96C2-4A6F-BDB8-5FC788552A0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {AEEFA26C-2C5A-4238-B619-AC4E9F962EC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {C6D9BDE4-D9A0-4038-9F2B-210756D77656} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {CCB7C434-6B59-46A5-B2EB-7A343558CA96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {D290B9E9-4759-478B-80A5-7F22A1DC78D6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\proDysk_402acd781052649bef05a30f2296f4e9_379.job =>
    Task: C:\WINDOWS\Tasks\proDysk_402acd781052649bef05a30f2296f4e9_380.job =>
    Task: C:\WINDOWS\Tasks\SlideLayer.job => c:\programdata\{3ca27b95-e507-e41c-3ca2-27b95e50ee57}\adobeacrobatdc2015fullcrack.exe-1437728708231.exe <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers-x32: [proDyskSynchronizationPending] -> {693019C1-AA17-44E9-A9AE-DD21AD66D2F5} => C:\Program Files (x86)\proDysk\\1.0.0.11132\IB24VirtualDrive.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [proDyskSynchronized] -> {693019C1-AA17-44E9-A9AE-DD21AD66D2F4} => C:\Program Files (x86)\proDysk\\1.0.0.11132\IB24VirtualDrive.dll Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...TOSHIBAXMK5061GSY_51QIP0LSTXX51QIP0LST&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...TOSHIBAXMK5061GSY_51QIP0LSTXX51QIP0LST&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-41493053-3958052129-3170778977-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-41493053-3958052129-3170778977-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-41493053-3958052129-3170778977-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
    Edge HomeButtonPage: HKU\S-1-5-21-41493053-3958052129-3170778977-1000 -> hxxp://www.yoursites123.com/?type=hp&ts=1...mp;uid=TOSHIBAXMK5061GSY_51QIP0LSTXX51QIP0LST
    FF ProfilePath: C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\apw7mhqy.default
    FF DefaultSearchEngine: yoursites123
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku]
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
    CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Damian\AppData\Roaming\Delta\delta.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx <nie znaleziono>
    2016-01-09 22:06 - 2016-01-09 22:24 - 00000000 ____D C:\AdwCleaner


    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 10 Sty 2016 16:15
    dam1983
    Poziom 8  

    Ok, pomogło, dzięki wielkie!
    Yoursites123 - jak tą infekcję usunąć?

    0