Wyszukiwarka Yoursites123.com

mackingus · 10 Grudzień 2015 13:31

Witam

Wczoraj zainstalowała mi się jakimś cudem (nie wchodziłem na żadne dziwne strony) wyszukiwarka yoursites123.com i chyba coś jeszcze, bo widziałem jeszcze co najmniej jedną instalację, która nagle się włączyła bez zapytania. Po wynikach w Google widzę, że wczoraj masowo się to ludziom instalowało.

Byłbym wdzięczny za pomoc w usunięciu.

FRST.txt

Addition.txt

Atis · 10 Grudzień 2015 15:15

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
HKU\S-1-5-21-4182633377-1423539643-455817940-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
HKU\S-1-5-21-4182633377-1423539643-455817940-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4182633377-1423539643-455817940-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4182633377-1423539643-455817940-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1448917570&z=3cb561e779ce50505ea2df9g1zbz4b3t6gam6w0q8t&from=cor&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: yoursites123
FF SelectedSearchEngine: yoursites123
FF Homepage: hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
FF SearchPlugin: C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\apyvtaeg.default-1449355601482\searchplugins\yoursites123.xml [2015-12-10]
FF Extension: Default NewTab - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\apyvtaeg.default-1449355601482\extensions\default_newtabff@gmail.com [2015-12-10] [Brak podpisu cyfrowego]
FF Extension: YahooToolsProtected  - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\apyvtaeg.default-1449355601482\extensions\yahooprotected@gmail.com [2015-12-10] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\apyvtaeg.default-1449355601482\extensions\yahooprotected@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\apyvtaeg.default-1449355601482\extensions\default_newtabff@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046
R2 IhPul; C:\Users\Maciek\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
2015-12-10 03:50 - 2015-12-10 03:50 - 00000000 ____ D C:\Users\Maciek\AppData\Roaming\TSv
2015-12-10 03:50 - 2015-12-10 03:50 - 00000000 ____ D C:\ProgramData\DWdMD
2015-12-10 03:48 - 2015-12-10 03:49 - 00000000 ____ D C:\ProgramData\OWdMO
2015-11-30 22:07 - 2015-12-10 03:50 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-30 22:07 - 2015-12-10 03:48 - 00000000 ____ D C:\ProgramData\HWMiniProH
2015-11-30 22:06 - 2015-11-30 22:10 - 00000000 ____ D C:\Users\Maciek\AppData\Roaming\istartpageing
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449715747&z=156fe775128c0bc0dd48209g2z7z7t8meg6w6maz1w&from=ient07021&uid=WDCXWD1600BEVT-35VW9T0_WD-WX61AA0Y1046Y1046 <==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

mackingus · 21 Grudzień 2015 21:14

Przepraszam, że dopiero teraz - zupełnie wyleciało mi z głowy, że napisałem ten temat.

Po restarcie przeglądarka uruchomiła się bez tej wyszukiwarki jako strona startowa.

Atis · 21 Grudzień 2015 23:42

Skasuj folder C:\FRST i C:\AdwCleaner