Usunięcie yoursite123

Ombiiffy · 14 Grudnia 2015

Jak większość osób również proszę o pomoc w usunięciu tego wirusa

Addition.txt

FRST.txt

Shortcut.txt

picasso · 14 Grudnia 2015

Operacje do przeprowadzenia:

1. Deinstalacje:

- Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj instalację sponsorowaną McAfee Security Scan Plus.

- Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis Metric Collection SDK > Dalej.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843 
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843 
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843 
GroupPolicy: Restriction - Chrome 
CHR HKLM\SOFTWARE\Policies\Google: Restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
HKU\S-1-5-21-157526072-1602897899-2300392595-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
HKU\S-1-5-21-157526072-1602897899-2300392595-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKU\S-1-5-21-157526072-1602897899-2300392595-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKU\S-1-5-21-157526072-1602897899-2300392595-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843&q={searchTerms}
SearchScopes: HKU\S-1-5-21-157526072-1602897899-2300392595-1001 -> {776A0229-539F-4759-916F-4DB93673690E} URL =
BHO-x32: No Name -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1443478259&z=9d78e11fa70e77f1fd603c7gbz1z6c3z8mebce1m2e&from=cor&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\noweppvz.default-1443478920222\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6dfom8hu.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\noweppvz.default-1443478920222\extensions\default_newtabff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\noweppvz.default-1443478920222\extensions\yahooprotected@gmail.com => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449854587&z=4ed0e03a0ec51f49689660fgcz4zdt8b9wfz1w6t8z&from=ient07021&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1A818484384843
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-18]
R2 WdMan; C:\ProgramData\lWdMl\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [File not signed]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
S1 tcfd_vw_1_10_0_24; system32\drivers\tcfd_vw_1_10_0_24.sys [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CustomCLSID: HKU\S-1-5-21-157526072-1602897899-2300392595-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Lenovo\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => No File
Task: {3B2C75AB-FE05-4D11-AE3E-D47DA131ED07} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {95CF3481-A7D8-4FC0-9B22-AE757935E22C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {D751D845-80F1-420A-A1A0-170F0C61A205} - System32\Tasks\{F5C4F0DB-A5CD-413A-A417-C93E61A11F36} => pcalua.exe -a C:\Users\Lenovo\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
Task: {DABB7B13-FD63-4ACC-9515-297673B18FB3} - System32\Tasks\{C7F08F34-D94A-4615-8D58-ED50A0F85CE8} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsMain
Task: {E961CE18-F48B-4866-BAFA-E11A65EADC4A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\ProgramData\lWdMl
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\windows\SysWOW64\pl.html
CMD: netsh advfirewall reset
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Wyczyść przeglądarki z adware:

Odłącz synchronizację (o ile włączona): KLIK.
Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
Menu Historia > Wyczyść całą historię przeglądania.

Opera:

Odłącz synchronizację (o ile włączona): KLIK
Ustawienia > karta Rozszerzenia > odinstaluj adware Strong Signal

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Usunięcie yoursite123

Rekomendowane odpowiedzi

Ombiiffy

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność