usunięcie yoursite123

[sylwiaa]

mam problem z usunięciem yoursite123 jak by mógł ktoś mi pomóc z dokładną instrukcją

FRST.txt

Addition.txt

Shortcut.txt

[picasso]

Działania do przeprowadzenia:

 

1. Odinstaluj stare wersje: Adobe Flash Player 10 ActiveX, Adobe Reader 9.1 - Polish, Norton Online Backup.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
S2 0276591449913381mcinstcleanup; C:\Users\sylwia\AppData\Local\Temp\027659~1.EXE [822048 2010-03-10] (McAfee, Inc.)
R2 WdMan; C:\ProgramData\XWdMX\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S3 mfeavfk; system32\drivers\mfeavfk.sys [X]
R1 mfehidk; system32\drivers\mfehidk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
R4 MPFP; System32\Drivers\Mpfp.sys [X]
ShortcutWithArgument: C:\Users\sylwia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\Users\sylwia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\Users\sylwia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\Users\sylwia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\Users\sylwia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001 
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001&q={searchTerms}
HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001
HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656464&z=ca40a968dbffafb5f813e5agdz4z0t6qfw1q1z6q9q&from=ient07021&uid=SAMSUNGXHM321HI_S26VJ9BB141001&q={searchTerms}
SearchScopes: HKLM -> DefaultScope - brak wartości
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
Task: {4562BF10-FCE1-4C37-BC81-6D79E3A2B834} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\AdwCleaner
RemoveDirectory: C:\found.000
RemoveDirectory: C:\ProgramData\6WdM6
RemoveDirectory: C:\ProgramData\XWdMX
RemoveDirectory: C:\Users\sylwia\AppData\Roaming\Mozilla
CMD: del /q C:\Users\sylwia\Downloads\*-dp*.exe
CMD: del /q C:\Users\sylwia\Downloads\*.crdownload
CMD: del /q C:\Users\sylwia\Downloads\Keygen*.exe
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt.

[sylwiaa]

strona już się nie pojawia jako startowa

Addition.txt

Fixlog.txt

FRST.txt

[picasso]

Wszystko zrobione. Kończymy:

 

1. Zastosują DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Poczytaj na co uważać: KLIK.

[sylwiaa]

Dziękuję bardzo za pomoc