Yoursite 123 usuwanie

Justi · 14 Grudnia 2015

proszę o pomoc w usunięciu

Addition.txt

FRST.txt

Shortcut.txt

picasso · 14 Grudnia 2015

Działania do przeprowadzenia:

1. Odinstaluj zbędny Akamai NetSession Interface, starą wersję Java 8 Update 45 oraz adware WinZipper.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\Justyna\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: )
R2 WdMan; C:\ProgramData\5WdM5\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
HKU\S-1-5-21-2237237147-802211931-1834638873-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
HKU\S-1-5-21-2237237147-802211931-1834638873-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2237237147-802211931-1834638873-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2237237147-802211931-1834638873-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Firefox\Profiles\ygfgb4y0.default\extensions\yahooprotected@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450075143&z=d7afbfed17fdc258d580a2dgbz5w6eee7mbw5gfcdb&from=wpm07173&uid=SAMSUNGXHD502HJ_S20BJA0B189538
Task: {160B3703-F659-4BE8-BA5F-ABCAB1106545} - System32\Tasks\UpdateTask => C:\Users\Justyna\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Justyna\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\5WdM5
RemoveDirectory: C:\ProgramData\tWMiniProt
RemoveDirectory: C:\ProgramData\yWdMy
RemoveDirectory: C:\ProgramData\Microsoft\Windows\GameExplorer\{94519241-1F6A-4433-8AAA-2E65A912A54A}
RemoveDirectory: C:\Users\Justyna\AppData\Roaming\TSv
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Justyna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk
C:\Windows\SysWOW64\pl.html
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Wyczyść przeglądarki z adware:

Firefox:

Odłącz synchronizację (o ile włączona): KLIK.
Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
Menu Historia > Wyczyść całą historię przeglądania.

Google Chrome:

Zresetuj synchronizację (o ile włączona): KLIK.
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.
Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy yoursites123 (o ile nadal będzie).

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Yoursite 123 usuwanie

Rekomendowane odpowiedzi

Justi

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność