picasso

Kończymy: 1. Przez SHIFT+DEL (omija Kosz) skasuj odpadkowy folder C:\Program Files (x86)\AVG Web TuneUp. 2. Zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK. 3. Do czytania na co uważać, by uniknąć podobnych problemów: KLIK.

AVG Zen - nigdy nie instalowałam, nie wiem co konkretnie prowadzi funkcja "wydajności. Jeśli masz na myśli dodatki Firefox widoczne w ostatnim logu (Adblock Plus, Copy Plain Text 2, NoScript, S3.Google Translator), to są w porządku. Czyszczenie nadal w toku. Kolejne poprawki: 1. Otwórz Notatnik i wklej w nim: HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\Run: [Google+ Auto Backup] => "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart HKU\S-1-5-18\...\Run: [Google Update] => "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1215tb_rel.job => C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_1215tb\AVG-Secure-Search-Update_1215tb.exe DeleteKey: HKCU\Software\AVG Secure Search DeleteKey: HKCU\Software\InstallCore DeleteKey: HKCU\Software\PRODUCTSETUP DeleteKey: HKCU\Software\Mozilla\Extends DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C} DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} DeleteKey: HKLM\SOFTWARE\AskPartnerNetwork DeleteKey: HKLM\SOFTWARE\FFPluginHp DeleteKey: HKLM\SOFTWARE\TSv DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro DeleteKey: HKU\.DEFAULT\Software\AskPartnerNetwork DeleteKey: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} DeleteKey: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} DeleteKey: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} DeleteKey: HKU\S-1-5-21-682003330-1383384898-2147005927-1005\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\apn RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_0215tb RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_0814av RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_1214tb RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_1215tb RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\d92f42d7691ad949 RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\SuperbApp RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\safeewebu RemoveDirectory: C:\Documents and Settings\All Users\Dane aplikacji\YoutubeAdblocker RemoveDirectory: C:\Documents and Settings\Mariush\Dane aplikacji\istartsurf RemoveDirectory: C:\Documents and Settings\Mariush\Moje dokumenty\Optimizer Pro RemoveDirectory: C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\AVG Secure Search RemoveDirectory: C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\torch RemoveDirectory: C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Comodo RemoveDirectory: C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Google\Chrome SxS RemoveDirectory: C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\torch RemoveDirectory: C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\Comodo RemoveDirectory: C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Dane aplikacji\Google RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Program Files\safeewebu RemoveDirectory: C:\Program Files\YoutubeAdblocker RemoveDirectory: C:\Program Files\safeewebu RemoveDirectory: C:\Program Files\YoutubeAdblocker RemoveDirectory: C:\Program Files\Optimizer Pro CMD: del /q C:\END Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Tym razem nie będzie restartu. Powstaniew kolejny fixlog.txt. 2. Zrób nowy log FRST z opcji Skanuj (Scan), włącznie z Addition. Dołącz też plik fixlog.txt.

Temat posprzątany, posty sklejone. Oczywiście odpowiadasz mi już w nowym poście. Za dużo zainstalowanych antywirusów (AVG + Avast)! Akcje do przeprowadzenia: 1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj zbędniki i nadwyżkowy antywirus: AVG 2015, AVG Web TuneUp, eBay Worldwide. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego] RemoveDirectory: C:\ProgramData\3WdM3 ShortcutWithArgument: C:\Users\gnied_000\Desktop\iexplore — skrót.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 Edge HomeButtonPage: HKU\S-1-5-21-1366245982-2024359666-2334870286-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029" CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-21] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms} HKU\S-1-5-21-1366245982-2024359666-2334870286-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 SearchScopes: HKU\S-1-5-21-1366245982-2024359666-2334870286-1001 -> {B1ED7635-C2AC-47A4-BEC5-C77102DAB81C} URL = Task: {04318D2D-E824-407D-8D94-C035F0D3C2DD} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe Task: {1C5B74A0-E3DE-43B1-A00A-B69211A9356B} - System32\Tasks\{12E1DAA1-9205-497A-A2E5-265F9A14B3AE} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1 Task: {2655F383-86C8-44A1-8B4D-A0E78B59E7B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku Task: {428229F1-4867-4CE6-96B5-375BF5144A8D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku Task: {7DFD16F2-8912-4328-96E9-DAA92DF6616D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku Task: {998B4D75-0593-407D-9498-F242608329E8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku Task: {9F72A08F-2E37-4241-AD99-4C3C63014632} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku Task: {B6F9BB34-731F-4E1E-8C79-A20043D62765} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku Task: {B8B2C9C1-F4BE-4795-85CB-96A9ED0B8164} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {CAA7425F-3D83-4F1F-80C5-A25C025995B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku Task: {CCF14B73-5A67-4803-8AE6-D61DDCE6E912} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku Task: {E41D2C0F-B7E8-46DF-A342-30E7EF53B494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku Task: {F58514B6-2121-42A1-8E37-7449AC8FE4D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku Task: {FA1ED2FF-25DC-42AB-82B3-513A678A3B7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Pokki /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v vProt /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Bluetooth.lnk /f CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk" CMD: del /q "C:\Users\gnied_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Microsoft Office Word 2003 (2).lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Mozilla Firefox.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Odkurzacz.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\PLDS SmartPack Utility.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Szybkie Czyszczenie Dysku.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Hewlett-Packard\SDP\vcweis.lnk" CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Golf IV\Free M4a to MP3 Converter.lnk" CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść przeglądarki z adware: Firefox: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść całą historię przeglądania. Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy yoursites123 (o ile nadal będzie widoczny). 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge.

Brakuje trzeciego obowiązkowego pliku FRST Shortcut. W związku z tym sprawdzanie niepełne i na razie tylko to: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego] S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [X] ShortcutWithArgument: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 ShortcutWithArgument: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969&q={searchTerms} SearchScopes: HKU\S-1-5-21-3743986464-4091518637-4251773603-1002 -> {A68C464B-3CC5-450D-AC4B-798EDA78107F} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449656769&z=22e29ed08820b4cce317107g5z5zct8q4w4q0m1m0e&from=ient07021&uid=SAMSUNGXSSDXPM851XMX2X2280X128GB_S1D2NYAG419969419969 Task: {076B7068-802E-4411-A2AB-04837C6054B8} - System32\Tasks\{68E393EB-2F96-4510-A58F-C68918B08BD9} => pcalua.exe -a C:\Users\Użytkownik\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor Task: {FE882CAB-92A1-4608-8756-B53190134358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3743986464-4091518637-4251773603-1002Core => C:\Users\Użytkownik\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9695 AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9733 AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:9831 DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\ProgramData\UWdMU RemoveDirectory: C:\ProgramData\ZWdMZ CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: del /q C:\ProgramData\lbogtyso.zat CMD: del /q C:\ProgramData\mntemp CMD: del /q C:\Users\Public\GROUP.dat CMD: del /q C:\Windows\SysWOW64\pl.html EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Zrób nowy log FRST z opcji Skanuj (Scan), z Addition i Shortcut. Dołącz też plik fixlog.txt.

Operacje do przeprowadzenia: 1. Klawisz z flaą Windows + X > Programy i funkcje > odinstaluj zbędne aplikacje: ASUS WebStorage, AsusVibe2.0, Bing Bar. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} HKU\S-1-5-21-2961050570-293141152-3916909677-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX HKU\S-1-5-21-2961050570-293141152-3916909677-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446029231&z=8800fd6b1b264bc0d056df6g0z7z3qce2o8bct6m4z&from=cor&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX Edge HomeButtonPage: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX OPR Session Restore: -> [funkcja włączona] StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX R2 IhPul; C:\Users\Paweł\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-09] (tsvr.com) U3 idsvc; Brak ImagePath U3 wpcsvc; Brak ImagePath HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {2CEC94D6-1CAE-47C8-9E0E-0149525591BC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {415241F4-ED9C-4BBE-869E-19586807B91E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {4C464618-5C11-4E5B-9621-69FD62654147} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {53C7BC87-1E47-4920-988E-BA5DA350D645} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {86B79B27-494E-4F6D-94E8-513E8204D004} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {A856EE66-B808-403A-8FB5-AA276BAB1566} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku Task: {A94B6C7E-A307-4ED6-9685-3835FF124FCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {D37BE8AA-C84F-4B51-AD6D-8873C8C89E71} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe DisableService: PLAY ONLINE. RunOuc DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ASUSWebStorage /f RemoveDirectory: C:\Users\Paweł\AppData\Roaming\TSv RemoveDirectory: C:\Windows\ehome RemoveDirectory: C:\Windows\System32\Tasks\Microsoft\Windows\Media Center CMD: del /q C:\ProgramData\{*}.* CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk" CMD: del /q "C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk" CMD: del /q "C:\Users\Paweł\Desktop\PROGRAMY\Norton 360.LNK" CMD: del /q C:\WINDOWS\SysWOW64\data.bin CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść Firefox z adware: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść całą historię przeglądania. 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge.

Działania do przeprowadzenia: 1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj adware Ace Stream Media 3.0.12, Picexa. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 WdMan; C:\ProgramData\pWdMp\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego] S2 IhPul; C:\Users\Artur\AppData\Roaming\TSv\TSvr.exe [X] U0 avc3; Brak ImagePath HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\...\Run: [bingSvc] => C:\Users\Artur\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) ShortcutWithArgument: C:\Users\Artur\Desktop\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Ad.Block Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Artur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 Edge HomeButtonPage: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> hxxp://www.yoursites123.com/?type=hp&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812&q={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {C8BC5C67-50D5-455C-9A18-7389BC1530BF} URL = hxxps://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} SearchScopes: HKU\S-1-5-21-1525185845-3506830205-1325651090-1002 -> {F7F335BC-323F-41BB-9F2F-E58813898A19} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1447162945&z=21f49c60f992770d87c436bg4zfzcm0g2q4o9q6w8z&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 FF Plugin HKU\S-1-5-21-1525185845-3506830205-1325651090-1002: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Artur\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-09-24] (Innovative Digital Technologies) FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\g2061wnk.default\extensions\yahooprotected@gmail.com FF HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Artur\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 CHR HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1525185845-3506830205-1325651090-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449769760&z=8a7614938ea99d092be6faegezdzbt6m8qbt8m0wcc&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9EDC12812 Task: {06B43CF2-C825-4002-A939-456AE172F11B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {0D94FBDB-79AB-4D9F-93DB-EFD452FA24A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku Task: {1A18EF33-8129-4287-8DCB-14116DB60F7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {2B72ACDA-DE71-472D-9C57-BB0370B24281} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku Task: {31E2641C-A476-4411-9802-50ACCD51F838} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku Task: {339F9EA0-C7F6-4099-8745-B8D5EA8C1CB9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo) Task: {47D4E24B-5569-46EE-B321-5C7188A7264F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku Task: {60513713-09A5-4DD5-9A6C-82D04856B092} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku Task: {6D90ABCC-48A5-4A59-A4C2-26C22D3D1479} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {7151D214-8775-426F-8BF3-5703F9D41297} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku Task: {8A5317E8-42B7-4D9C-9AAE-E621E12EE6CE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {A711A505-8F49-4B23-A505-554F70D76FDD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku Task: {ACA3DAAE-EC65-4B5F-8D2E-F476D2EF7A1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku Task: {B0B513C4-F250-4EE9-A082-130510417571} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku Task: {B87AA305-76D3-4A67-92CB-8C0C7D0C2038} - System32\Tasks\Microsoft Office 15 Sync Maintenance for IDEA-PC-Artur idea-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe Task: {D662445C-BDB9-4F6C-96B9-3AC540494ED5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku Task: {F0917E5B-6D47-41EA-84C9-3CBE35ADD595} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f RemoveDirectory: C:\Program Files (x86)\Picexa RemoveDirectory: C:\ProgramData\5WdM5 RemoveDirectory: C:\ProgramData\5WMiniPro5 RemoveDirectory: C:\ProgramData\pWdMp RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa RemoveDirectory: C:\Users\Artur\AppData\Local\Microsoft\BingSvc RemoveDirectory: C:\Users\Artur\AppData\Roaming\Picexa Viewer RemoveDirectory: C:\Users\Artur\AppData\Roaming\TSv C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Artur\AppData\Local\69ff07055291669bb2b218.72821112 C:\Users\Artur\AppData\Local\70149b02515b3bb20dd492.47983420 C:\WINDOWS\SysWOW64\data.bin CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść przeglądarki z adware: Firefox: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść całą historię przeglądania. Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone. 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge.

Zastosowałeś odwrotną kolejność działań niż podałam, moje instrukcje mają określony porządek i nie jest to przypadkowe. Gdyby DelFix był uruchomiony jako pierwszy, Hitman nie wykryłby folderu C:\FRST z FRST (to fałszywy alarm). Ten wynik nieistotny, a reszta detekcji to drobne odpadki adware i ciasteczka. Usuń za pomocą programu.

Nie, nie zawiesiło się w tym samym miejscu. Tym razem skrypt wykonał się prawie cały, za wyjątkiem ostatniej komendy EmptyTemp:. To ponowimy potem. Na razie wykonaj resztę zadań:

DelFix wykonał zadanie. Skasuj z dysku plik C:\delfix.txt. To tyle.

DelFix usunął co należy. Skasuj z dysku plik C:\delfix.txt. Jeśli chodzi o log Hitman, to załączniki forum akceptują tylko rozszerzenie *.txt. Zapisz go do nowego pliku TXT.

DelFix wykonał robotę. Skasuj z dysku plik C:\delfix.txt. Temat rozwiązany. Zamykam.

Akcja: 1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj zbędniki: Bing Bar, HP Customer Participation Program 14.0. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R2 IhPul; C:\Users\Monika\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: ) R2 WdMan; C:\ProgramData\MWdMM\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego] S1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw64; system32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw64.sys [X] HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\...\Run: [bingSvc] => C:\Users\Monika\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms} HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms} HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms} SearchScopes: HKU\S-1-5-21-2365521411-3686019725-4101832319-1002 -> DefaultScope {2EEBF374-2985-4A76-AC22-99F2A9889F94} URL = SearchScopes: HKU\S-1-5-21-2365521411-3686019725-4101832319-1002 -> {2EEBF374-2985-4A76-AC22-99F2A9889F94} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\uinq2ycr.default-1420408185459\extensions\default_newtabff@gmail.com => nie znaleziono StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files (x86)\mozilla firefox\browser\searchplugins RemoveDirectory: C:\Program Files (x86)\SFK RemoveDirectory: C:\ProgramData\MWdMM RemoveDirectory: C:\ProgramData\SWdMS RemoveDirectory: C:\Users\Monika\AppData\Local\Microsoft\BingSvc RemoveDirectory: C:\Users\Monika\AppData\Roaming\TSv CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: del /q "C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk" CMD: del /q C:\WINDOWS\SysWOW64\pl.html CMD: del /q C:\WINDOWS\SysWOW64\pl4.exe CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt.

Działania do wykonania: 1. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis Metric Collection SDK > Dalej. 2. FRST uruchomiony z Tymczasowych plików internetowych: Uruchomiony z C:\Users\user2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TFYC2LX Pobierz ponownie i zapisz na Pulpice. Następnie otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449650906&z=0eaabbecbe620bbc363cedeg6zdz8t5qcwfect5e8z&from=ient07021&uid=WDCXWD3200BEKT-75PVMT1_WD-WX31A53F5527F5527 ShortcutWithArgument: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0\WSE on the Web.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449650906&z=0eaabbecbe620bbc363cedeg6zdz8t5qcwfect5e8z&from=ient07021&uid=WDCXWD3200BEKT-75PVMT1_WD-WX31A53F5527F5527 ShortcutWithArgument: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449650906&z=0eaabbecbe620bbc363cedeg6zdz8t5qcwfect5e8z&from=ient07021&uid=WDCXWD3200BEKT-75PVMT1_WD-WX31A53F5527F5527 ShortcutWithArgument: C:\Users\user2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449650906&z=0eaabbecbe620bbc363cedeg6zdz8t5qcwfect5e8z&from=ient07021&uid=WDCXWD3200BEKT-75PVMT1_WD-WX31A53F5527F5527 ShortcutWithArgument: C:\Users\user2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449650906&z=0eaabbecbe620bbc363cedeg6zdz8t5qcwfect5e8z&from=ient07021&uid=WDCXWD3200BEKT-75PVMT1_WD-WX31A53F5527F5527 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKU\S-1-5-21-350388361-695255728-3904762994-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-350388361-695255728-3904762994-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe Task: {1E889520-1AE1-4D9A-891A-B91379A585D1} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> Brak pliku Task: {224AC995-54FE-4999-97E3-1E50CD6151CB} - \Inst_Rep -> Brak pliku Task: {752379F0-2592-415A-8091-28C9311D567F} - \SmartWeb Upgrade Trigger Task -> Brak pliku Task: {9365FD10-232F-4C1F-9CD9-4ADBC83800A8} - \SwiftSearch Auto Updater 1.10.0.25 Core -> Brak pliku Task: {A4938B02-BF5E-4725-A141-D864AE624587} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {F9875FA4-AFD0-4CF1-9CF5-8403D2C3BF6A} - \ShopperProJSUpd -> Brak pliku Task: {FA251AA4-0385-4AFD-98E3-6F2644CD2A05} - System32\Tasks\Bx72lxMv8LJUF9 => C:\Users\user2\AppData\Roaming\Bx72lxMv8LJUF9.exe Task: C:\Windows\Tasks\Bx72lxMv8LJUF9.job => C:\Users\user2\AppData\Roaming\Bx72lxMv8LJUF9.exe CustomCLSID: HKU\S-1-5-21-350388361-695255728-3904762994-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\user2\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => Brak pliku S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-12-09] () S2 WdMan; C:\ProgramData\UWdMU\WdMan.exe -svr [X] S3 catchme; \??\C:\Users\user2\AppData\Local\Temp\catchme.sys [X] DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Google DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\mozilla.org DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo DeleteKey: HKLM\SOFTWARE\yoursites123Software DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\Lenovo RemoveDirectory: C:\Program Files\Mozilla Firefox RemoveDirectory: C:\Users\user2\AppData\Local\Lenovo RemoveDirectory: C:\Users\user2\AppData\Local\Mozilla RemoveDirectory: C:\Users\user2\AppData\Roaming\Mozilla RemoveDirectory: C:\Windows\System32\Tasks\Lenovo CMD: del /q C:\Windows\system32\Drivers\EsgScanner.sys CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt.

Rozwijasz złą gałąź. Rozwiń Intel® 82801EB Ultra ATA Storage Controller.

Log krótki, wklej jego zawartość bezpośrednio do posta.

Na koniec poczytaj na co uważać, by uniknąć podobnych problemów: KLIK. To wszystko z mojej strony.

Ten skrypt sprzed poprawki w ogóle nie wykazuje, że coś robiono i to nie z winy mojej literówki, tylko zabite procesy, i nic poza tym. Zignoruj moją ostatnią wypowiedź i powtórz operację z zapisem i uruchomieniem wcześniejszego skryptu, tylko wykonaj opcję Napraw w Trybie awaryjnym Windows.

Nie wiem o co chodzi, dyrektywa ta powinna działać w środowisku RE... Zamiennie wypróbuj taki skrypt: Unlock: C:\Users\lucky\Downloads\installer C:\Users\lucky\Downloads\installer

Log AdwCleaner przecież sprawdziłam. Nie podawałabym operacji usuwania, gdyby było coś nie tak.

Jest tu więcej adware / niepożądanych obiektów niż tylko tytułowy śmieć. Operacje do wdrożenia: 1. Odinstaluj stare wersje i zbędniki: Adobe Flash Player 11 ActiveX, Adobe Flash Player 12 Plugin, Adobe Reader X, Akamai NetSession Interface, Genie Cleaner, Genie Wifi, Java 7 Update 71, JavaFX 2.1.1. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G HKU\S-1-5-21-456985443-2800898146-1698058886-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKU\S-1-5-21-456985443-2800898146-1698058886-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} SearchScopes: HKU\S-1-5-21-456985443-2800898146-1698058886-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G&q={searchTerms} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449647479&z=83f87a57a534a0a952433acgdz2zft8q7z4mbzfm2b&from=ient07021&uid=ST31000524AS_6VPBLR5GXXXX6VPBLR5G Task: {40AF427D-F9F6-45DE-8F74-399E3CCA8940} - System32\Tasks\{A59CB6FD-436C-4DF0-95F2-B0E91368165E} => pcalua.exe -a "D:\Program Files\Microsoft Games\Gears of War\gow_12_czplhu.exe" -d "D:\Program Files\Microsoft Games\Gears of War" Task: {5C1FE545-42B6-4485-B631-FFF2BAE4C1A3} - System32\Tasks\0 => Iexplore.exe Task: {FB15F665-04B2-40B4-8EEC-AAC11970049A} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B Winlogon\Notify\ScCertProp: wlnotify.dll [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku R2 Watsvc; C:\Program Files\Blazers\Watsvc.exe [107160 2015-04-16] (TODO: ) S2 BEWConfigSrv; E:\Program Files\OrangeBusinessServices\Manager polaczen\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BEWConfigSrv.exe [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\yoursites123Software RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Program Files\Blazers RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{5F29DC5A-546A-4DC4-A0A1-6241FCE3EC1F} RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{4701EB8F-0885-406D-BE06-5FE37AF0E898} RemoveDirectory: C:\Users\User\AppData\Local\Microsoft\Windows\GameExplorer\{3ED57B8A-F8EC-4849-BC28-205D03C195FC} RemoveDirectory: C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} CMD: del /q C:\Users\Public\Desktop\BOSSAFX.lnk CMD: netsh advfirewall reset EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść przeglądarki z adware: Firefox: Odłącz synchronizację (o ile włączona): KLIK. Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone. Menu Historia > Wyczyść całą historię przeglądania. Google Chrome: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone. 4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt.

Drobna literówka w moim skrypcie. Zapomniałam o przełączniku cichym w komendzie Reg: i stoi "na nieskończoności". Przerwij działanie FRST. Następnie załaduj drugi skrypt poprawkowy o następującej postaci kończącej od miejsca gdzie skrypt się zatrzymał: EDIT: Nieaktual;ne.

Uruchom AdwCleaner ponownie, tym razem dobierz akcje Skanuj + Usuń i dostarcz wynikowy log z usuwania.

Ale Ty mi podałeś fixlist a nie fixlog.

No cóż, obawiam się że trzeba będzie to rozwiązać jednak w inny sposób, tzn. poprzez aktualizację firmware. To jeden z zagrożonych modeli i ta akcja i tak pewnie byłaby potrzebna. Jak zaktualizować oprogramowanie routera ADSL (dla TD-W8840T, TD-W8901G, TD-W8951ND oraz TD-W8961ND) Firmware dla TD-W8951ND Masz do wyboru kilka serii firmware: V Numer. Porównujesz z naklejką na swoim urządzeniu i ustawiasz korespondujący link pobierania.

Pasek nie jest "niebezpieczny", on jest rodzajem "PUP" (potencjalnie niepożądana aplikacja), przemycany w instalatorach AVG i rekonfigurujący strony w przeglądarkach na sponsorowane. Nie jest niezbędny do działania antywirusa, stąd polecenie deinstalacji. A dostarczone logi z folderu AdwCleaner są stare z 2013. Usuń ten folder, pobierz program i uruchom zgodnie ze wskazówkami.