Infekcja "yoursite123.com" przeglądarki Chrome

[Krzycho92]

Laptop Lenovo Y510p. Zauważyłem infekcje Chrome'a poprzez zmianę strony domowej na "yoursites123.com". Przywróciłem domyślne https://google.pl" w Panelu Sterowania nie zauważyłem zainstalowanych podejrzanych programów w ciągu kilku dni.

Podczas skanowania GMER pokazał się BSOD, a po ponownym uruchomieniu pulpit Windowsa był cały czarny (żadnych ikon, ani tapety - jedynie kursor myszki). Z menadżera zadań "zrestartowałem" proces explorer.exe i po włączeniu przeglądarki strona "yoursites123.com" wróciła.

 

Załączam logi bez GMERa, który spowodował BSODa (załączam plik .dmp http://www.filedropper.com/121015-14742-01).

Addition.txt

FRST.txt

Shortcut.txt

[picasso]

Podczas skanowania GMER pokazał się BSOD, a po ponownym uruchomieniu pulpit Windowsa był cały czarny (żadnych ikon, ani tapety - jedynie kursor myszki).

Nie wykonałeś ogłoszenia: KLIK. Aktywny sterownik SPTD. Ale zostaw już ten wątek z GMER.

 

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-29] (Duplex Secure Ltd.)

U3 a5v12dwh; C:\Windows\System32\Drivers\a5v12dwh.sys [0 ] (Microsoft Corporation) 

U3 agzh3att; C:\Windows\System32\Drivers\agzh3att.sys [0 ] (Microsoft Corporation) 

 

 

Tu jest więcej odpadków adware niż tylko tytułowy problem, w tym stare nie wyczyszczone dobrze wcześniej. Akcje do wykonania:

 

1. Odinstaluj starą wersję Java 8 Update 31 oraz starą zaśmieconą adware przeglądarkę Mozilla Firefox 33.1.1 (x86 pl) + Mozilla Maintenance Service. A skrypt w punkcie 2 doczyści elementy Firefoxa. Nie instaluj nowego Firefoxa, dopóki nie wykonasz punktu 2, w przeciwnym wypadku skrypt go uszkodzi,

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\Asia\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: )
R2 WdMan; C:\ProgramData\MWdMM\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S2 cewiqigy; C:\Users\Asia\AppData\Roaming\VOPackage\nsrD2B2.tmpfs [X]
S2 serverjo; C:\Users\Asia\AppData\Roaming\VOPackage\JOSrv.exe [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
S1 wpnfd_1_10_0_9; system32\drivers\wpnfd_1_10_0_9.sys [X]
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\Users\Asia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7 
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446941988&z=32fe40539e6d14bf8115ecbgfzaz6q4t2zfg8m1g4g&from=cornl&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1429820466&from=cor&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1429820466&from=cor&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7&q={searchTerms}
HKU\S-1-5-21-3791551304-1605642030-3926548003-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1429820466&from=cor&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7&q={searchTerms}
HKU\S-1-5-21-3791551304-1605642030-3926548003-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKU\S-1-5-21-3791551304-1605642030-3926548003-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449731038&z=3a5578b47ff78afeb63028bg2z9z3temcccgbe8zeg&from=ient07021&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7
HKU\S-1-5-21-3791551304-1605642030-3926548003-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1429820466&from=cor&uid=ST1000LM014-1EJ164_W380KKV7XXXXW380KKV7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3791551304-1605642030-3926548003-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Media View -> {91e22662-2e45-4335-ba74-745049e5a7ea} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha763\ie\MediaViewV1alpha763.dll => Brak pliku
BHO-x32: Media Watch -> {9977a7da-db58-4139-9200-fca246fff1bf} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home630\ie\MediaWatchV1home630.dll => Brak pliku
BHO-x32: Media Player -> {a5039609-ab5b-42fb-ac34-7c2d5f62a9c5} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha774\ie\MediaPlayerV1alpha774.dll => Brak pliku
BHO-x32: Video Player -> {a85ef1e9-bbb4-4e0d-9546-831c482cde00} -> C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2985\ie\VideoPlayerV3beta2985.dll => Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia 
CHR HKLM-x32\...\Chrome\Extension: [gfnlgeljjnnbnnapcpppkipgggkmgbfo] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha763\ch\MediaViewV1alpha763.crx 
CHR HKLM-x32\...\Chrome\Extension: [jnhkealinadhpoolehpnfjnogaddkgpi] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home630\ch\MediaWatchV1home630.crx 
CHR HKLM-x32\...\Chrome\Extension: [mbkanhkelbmeipinmjmmaoieefdhlpcn] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta2985\ch\VideoPlayerV3beta2985.crx 
HKLM\...\Run: [Windows NTV Host Monitor] => C:\Program Files\Retro PC Calculator\ntvmon32.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3791551304-1605642030-3926548003-1000\...\Run: [ChicaPasswordManager] => "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
Task: {623AD434-2274-4122-8A96-A7763FF26B71} - System32\Tasks\{355FDAE7-5F65-4E92-ABD8-B934B862C5F6} => pcalua.exe -a "C:\Users\Asia\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Asia\Downloads
Task: {D0F7AB26-9C77-4DD5-A749-B59D2F47253B} - System32\Tasks\{C5D18A72-8183-40C3-BBFB-9D3F6096162E} => pcalua.exe -a C:\PROGRA~2\Ubisoft\PETZ4~1\UNWISE.EXE -c C:\PROGRA~2\Ubisoft\PETZ4~1\INSTALL.LOG
C:\Program Files (x86)\Mozilla Firefox
C:\Program Files (x86)\SFK
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\mntemp
C:\ProgramData\BWdMB
C:\ProgramData\MWdMM
C:\ProgramData\Mozilla
C:\ProgramData\Nero
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
C:\Users\Asia\AppData\Local\nsr9BB0.tmp
C:\Users\Asia\AppData\Local\Mozilla
C:\Users\Asia\AppData\Local\Opera Software
C:\Users\Asia\AppData\Local\WMTools Downloaded Files
C:\Users\Asia\AppData\Roaming\.#
C:\Users\Asia\AppData\Roaming\Mozilla
C:\Users\Asia\AppData\Roaming\Opera Software
C:\Users\Asia\AppData\Roaming\TSv
C:\Users\Asia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gametree
C:\Users\Asia\Desktop\RODZICE\PIT pro 2013.lnk
C:\Users\Asia\Documents\ľŮ¸®»ţ\µżżµ»ó\łěČ­ µżżµ»ó Ŕç»ý ÄÚµ¦ ĽłÄˇ.lnk
C:\Users\Asia\Downloads\*.crdownload
C:\Users\UpdatusUser\Desktop\*.lnk
C:\Windows\SysWOW64\pl.html
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerV1alpha774 /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha763 /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home630 /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt.

[Krzycho92]

Dziękuję za pomoc.

Po ponownym uruchomieniu komputera, przez kilka sekund widoczny był cały czarny ekran (z kursorem myszki), po czym normalnie pojawił się napis logowania Windows 7 ("Zapraszamy!"), przeglądarka Chrome trochę wolno się włączała (początkowo okno pojawiło się, ale bez żadnych ikon, zakładek, adresu strony - samo okno), ale już bez strony "yoursite123.com". Wspominam o tym, bo tak się do tej pory nie zdarzało (taki wolny start systemu z czarnym ekranem i przeglądarka zamulająca na starcie).

Addition.txt

FRST.txt

Fixlog.txt

[picasso]

Czy na pewno w poprawny sposób odinstalowałeś Mozilla Firefox 33.1.1 (x86 pl) przed użyciem skryptu? Pozycja nadal na liście zainstalowanych. I kolejne doczyszczanie:

 

1. Otwórz Notatnik i wklej w nim:

 

CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia 
SearchScopes: HKU\S-1-5-21-3791551304-1605642030-3926548003-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DeleteKey: HKCU\Software\Clients\StartMenuInternet\FIREFOX.EXE
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 33.1.1 (x86 pl)
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\FRST\Quarantine
CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk"

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Tym razem nie będzie restartu. Przedstaw wynikowy fixlog.txt.

 

2. Uruchom AdwCleaner. Wybierz opcję Skanuj i dostarcz log wynikowy z folderu C:\AdwCleaner.

[Krzycho92]

Czy na pewno w poprawny sposób odinstalowałeś Mozilla Firefox 33.1.1 (x86 pl) przed użyciem skryptu?

Przepraszam, przeoczyłem. Już odinstalowałem.

Fixlog.txt

AdwCleanerS7.txt

[picasso]

Ta deinstalacja odbyła się niestety w niepoprawnej kolejności, choć wszystko od Firefox usunięte.

 

I kolejne poprawki. Otwórz Notatnik i wklej w nim:

 

DeleteKey: HKCU\Software\PRODUCTSETUP
DeleteKey: HKLM\SOFTWARE\Wow6432Node\AppDataLow\SOFTWARE\Crossrider
DeleteKey: HKLM\SOFTWARE\Wow6432Node\do-searchSoftware
DeleteKey: HKLM\SOFTWARE\Wow6432Node\hdcode
DeleteKey: HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware
DeleteKey: HKLM\SOFTWARE\Wow6432Node\WdsManPro
DeleteKey: HKLM\SOFTWARE\Wow6432Node\TSv
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ce02b50-a79a-44a5-9cad-4dd8ac3a2331}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\aa8af109-dbaa-496a-9aef-da505badc7a1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99DCF141-03F9-4363-8D79-640FA646DEED}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3AF4400F-CDC5-4F2D-B3F1-74348E5D5CCC}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{422E1393-7A4C-44FF-A7E1-8B9D146E0666}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4807D6D8-ADC8-41AF-AB9D-AE1086D1E62F}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E1CD171-29C1-4D56-A223-E31C57A0A25A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70E96298-17FC-4020-A7CF-6F81ED8CF3AB}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84A81B7E-B8CD-4891-BEA0-548D65E9610A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{867DF9A9-D013-4A1A-B685-DFF65D225ED4}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{889074FC-1456-4CE8-88F7-154264DC275F}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91F4CF02-F675-4E6A-B4E8-C13DF09B9B1B}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A902A36E-0C79-4BD7-B561-9C058BD60210}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AB778974-218E-4734-90F0-731BE7E50E77}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADE6A9C0-12B3-457D-9A86-548FA87E04DB}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B7C67027-15EB-489F-A9EA-286076CF7540}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CDB98856-BEA3-4073-AF57-23A3583AE9E4}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CDED8922-BB3D-4E3A-9C2C-89B1C927F48B}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D79CBD8E-D857-4D05-B3AD-26F722CF5B6E}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7EA7058-B19B-4A27-B50A-87A1B8FC5F30}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0EE6D408-6ED5-40C6-8C42-A041D5DE9AB0}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{13A42355-1F94-4459-B19E-F60B2C607C77}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{293DD661-C540-4AC4-9B4C-42E68369CE1B}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2EC58BDB-0694-4D54-80DD-A8F2AA0427A1}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{313B508D-596D-4BDF-B0B5-E41F224E184A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\MIME\Database\Content Type\application/x-vnd.ssliveupdate.oneclickctrl.9
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\MIME\Database\Content Type\application/x-vnd.ssliveupdate.update3webcontrol.3
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{A18D16ED-27B2-4B83-B70C-15E73F099546}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ce02b50-a79a-44a5-9cad-4dd8ac3a2331}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
DeleteKey: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
DeleteKey: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKU\S-1-5-21-3791551304-1605642030-3926548003-1003\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
RemoveDirectory: C:\ProgramData\6WMiniPro6
RemoveDirectory: C:\Users\Asia\AppData\Local\Comodo
RemoveDirectory: C:\Users\Asia\AppData\Local\Google\Chrome SxS
RemoveDirectory: C:\Users\Asia\AppData\Roaming\istartsurf
RemoveDirectory: C:\Users\UpdatusUser\AppData\Local\Comodo
RemoveDirectory: C:\Users\UpdatusUser\AppData\Local\Google
CMD: del /q "C:\Users\Asia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj"

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Przedstaw wynikowy fixlog.txt.

[Krzycho92]

Zrobione.

Fixlog.txt

[picasso]

Wszystko zrobione. Kończymy:

 

1. Zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Cały system do aktualizacji. Stan obecny to brak SP1, IE11 i reszty łat:

 

Platform: Windows 7 Ultimate (X64) Język: Polski (Polska)

Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome)