Problem z yoursites123


(Rafal Czaja) #1

Witam

Wczoraj zainstalowała mi się wyszukiwarka yoursites123.com. Bardzo proszę o pomoc w usunięciu tego dziadostwa.

Z góry dziękuję za pomoc.

FIRST - http://www.wklej.org/id/1873341/

Addition - http://www.wklej.org/id/1873346/

Shortcut - http://www.wklej.org/id/1873350/

 


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

 


(Rafal Czaja) #3

Przeskanowane i usunięte w AdwCleaner.

Nowe logi:

FIRST - http://www.wklej.org/id/1873372/

Shortcut - http://www.wklej.org/id/1873373/

 


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] = [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hpts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
HKU\S-1-5-21-2930928804-2895555387-898434017-6143\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://citrix.productseur.milacron.com/Citrix/XenApp/auth/login.aspx
HKU\S-1-5-21-2930928804-2895555387-898434017-6143\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hpts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
SearchScopes: HKLM-x32 - {9417CEF6-176E-4277-B102-169849B5BBF6} URL = hxxp://www.bing.com/search?q={searchTerms}form=DLRDF8pc=MDDRsrc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2930928804-2895555387-898434017-6143 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=dsts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFBq={searchTerms}
SearchScopes: HKU\S-1-5-21-2930928804-2895555387-898434017-6143 - {9417CEF6-176E-4277-B102-169849B5BBF6} URL =
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll = No File
FF DefaultSearchEngine: yoursites123
FF SelectedSearchEngine: yoursites123
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
2015-12-10 17:51 - 2015-12-10 17:52 - 00000000 ____ D C:\AdwCleaner
2015-12-09 08:27 - 2015-12-09 08:28 - 00000000 ____ D C:\ProgramData\4WdM4
2015-12-09 08:25 - 2015-12-09 08:26 - 00000000 ____ D C:\ProgramData\JWdMJ
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk - C:\Users\rczaja\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
ShortcutWithArgument: C:\Users\rczaja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Tor Browser.lnk - C:\Users\rczaja\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation) - hxxp://www.yoursites123.com/?type=scts=1449645927z=eb839fe3ad616a0c6417ce4g7z1z1t3q8zaw9t5o5qfrom=ient07021uid=TOSHIBAXMK2576GSX_71E7B2FFBXX71E7B2FFB
Task: {9A580B67-7B8C-4032-AA4D-481C076C874C} - System32\Tasks\{FD138CAC-20EB-459E-91A9-4A8D57DB3F9A} = pcalua.exe -a "C:\Program Files (x86)\uTorrent\Zakończone\McAfeeSmartInstall.exe" -d "C:\Program Files (x86)\uTorrent\Zakończone"
Task: {B54CF725-755B-4918-BCFC-A1B820E3C45F} - System32\Tasks\{B2688651-9DC5-4CE8-9C4C-95B4B1F293EF} = pcalua.exe -a "C:\Users\rczaja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYYNGZAK\McAfeeSmartInstall.exe" -d C:\Users\rczaja\Desktop
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.


(Rafal Czaja) #5

fixlog - http://www.wklej.org/id/1873393/

FIRST - http://www.wklej.org/id/1873400/

Shortcut - http://www.wklej.org/id/1873402/

 

 


(Atis) #6

Skasuj folder C:\FRST


(Rafal Czaja) #7

Dzięki za pomoc.