Jak usunąć wirusa yoursites123 z Google Chrome?

#1 15233127 12 Gru 2015 12:12

enqsie enqsie

Poziom 2

Posty: 2

Post #1

15233127 12 Gru 2015 12:12

Witam, mam problem z yoursites123, mógłby mi ktoś pomóc?

Załączniki:

FRST.txt (42.81 KB) Musisz być zalogowany, aby pobrać ten załącznik.
Addition.txt (45.06 KB) Musisz być zalogowany, aby pobrać ten załącznik.

Pomocny post

#2 15233154 12 Gru 2015 12:22

Acorus 20 Acorus 20

Poziom 43

Posty: 10541

Pomógł: 3247

Ocena: 1063

Pomocny post

Post #2

15233154 12 Gru 2015 12:22

Odinstaluj ASUS WebStorage Sync Agent. Otwórz notatnik systemowy i wklej:

Cytat:
ShortcutWithArgument: C:\Users\Bobek1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
ShortcutWithArgument: C:\Users\Bobek1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
ShortcutWithArgument: C:\Users\Bobek1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
ShortcutWithArgument: C:\Users\Bobek1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT <==== UWAGA
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3388012019-1484617788-2882763118-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
HKU\S-1-5-21-3388012019-1484617788-2882763118-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
HKU\S-1-5-21-3388012019-1484617788-2882763118-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
HKU\S-1-5-21-3388012019-1484617788-2882763118-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3388012019-1484617788-2882763118-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programy\JDK 7\bin\ssv.dll => Brak pliku
BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT
CHR StartupUrls: Profile 1 -> "hxxp://www.yoursites123.com/?type=hp&ts=1449849113&z=a53a4b7030e6419abe38731g3z7z2tbbaz9t3gfefq&from=ient07021&uid=TOSHIBAXMQ01ABD050_63C5C8PHTXX63C5C8PHT"
R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
S2 0273881432032067mcinstcleanup; C:\Users\Bobek1\AppData\Local\Temp\027388~1.EXE -cleanup -nolog [X]
2015-12-11 16:52 - 2015-12-11 16:53 - 00000000 ____D C:\ProgramData\1WdM1
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.

Pomocny post

#3 15233159 12 Gru 2015 12:25

Kolobos Kolobos

Spec od komputerów

Posty: 85164

Pomógł: 17165

Ocena: 10438

Pomocny post

Post #3

15233159 12 Gru 2015 12:25

Jeszcze:
(TFuns LIMITED) C:\ProgramData\1WdM1\WdMan.exe
2015-12-11 16:52 - 2015-12-11 16:52 - 00000001 _____ C:\Windows\SysWOW64\pl.html

#4 15233180 12 Gru 2015 12:34

enqsie enqsie

Poziom 2

Posty: 2

Post #4

15233180 12 Gru 2015 12:34

Dziękuję, już jest dobrze.