Witam. Potrzebuję pomocy z usunięciem złośliwego programu yoursites. Załączam logi z FRST.
Czy wolisz polską wersję strony elektroda?
Nie, dziękuję Przekieruj mnie tamCytat:Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
ShortcutWithArgument: C:\Documents and Settings\ppp\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
ShortcutWithArgument: C:\Documents and Settings\ppp\Menu Start\Programy\Node.js\Node.js command prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Documents and Settings\ppp\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Internet Explorer (bez dodatków).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
ShortcutWithArgument: C:\Documents and Settings\ppp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
ShortcutWithArgument: C:\Documents and Settings\ppp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Uruchom przeglądarkę Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16871936 2008-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2006-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BBC8F5] => C:\WINDOWS\system32\844750\BBC8F5.EXE [1406935 2015-09-22] ()
Startup: C:\Documents and Settings\ppp\Menu Start\Programy\Autostart\BBC8F5.lnk [2016-05-15]
ShortcutTarget: BBC8F5.lnk -> C:\WINDOWS\system32\844750\BBC8F5.EXE ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKU\S-1-5-21-1178359790-1749741743-3233681743-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKU\S-1-5-21-1178359790-1749741743-3233681743-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
HKU\S-1-5-21-1178359790-1749741743-3233681743-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
HKU\S-1-5-21-1178359790-1749741743-3233681743-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" <======= UWAGA
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1452594039&z=71d2e186bbfdc144a5c9ba8g4zew2o1w5t2z1eco6g&from=ient12253&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1178359790-1749741743-3233681743-1006 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1178359790-1749741743-3233681743-1006 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27&q={searchTerms}
BHO: Brak nazwy -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> Brak pliku
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&ts=1457719743&z=a941c639b8323df48fa246bg0z9w5mam3gctcm6z1g&from=eve0311&uid=ST9160827AS_5RF2KC27XXXX5RF2KC27
FF SelectedSearchEngine: Ask Web Search
FF Extension: YahooToolsProtected - C:\Documents and Settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\rxh84ynu.default\Extensions\yahooprotected@gmail.com.xpi [2015-11-19] [Brak podpisu cyfrowego]
CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
S4 IntelIde; Brak ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
U1 WS2IFSL; Brak ImagePath
2016-05-15 12:03 - 2015-03-04 18:35 - 00008906 _____ C:\Documents and Settings\ppp\Dane aplikacji\wklnhst.dat
2016-03-11 20:08 - 2016-03-11 20:08 - 2459593 _____ (tBank) C:\Program Files\SSFK.exe
EmptyTemp:
