Znowu yoursites123: bardzo proszę o pomoc

[pysiak]

Witam, niestety dopadła mnie zmora yoursites123 niestety samodzielne próby usunięcia nie powiodły się a jestem raczej "zielona" jeśli chodzi o komputery, dlatego bardzo proszę o pomoc

Addition.txt

FRST.txt

Shortcut.txt

[picasso]

Akcja:

 

1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj zbędniki: Bing Bar, HP Customer Participation Program 14.0.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\Monika\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: )
R2 WdMan; C:\ProgramData\MWdMM\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S1 {122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw64; system32\drivers\{122141c3-e1a4-4af5-b3d7-650743f49ec0}Gw64.sys [X]
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\...\Run: [bingSvc] => C:\Users\Monika\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA 
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA 
ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms}
HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms}
HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKU\S-1-5-21-2365521411-3686019725-4101832319-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2365521411-3686019725-4101832319-1002 -> DefaultScope {2EEBF374-2985-4A76-AC22-99F2A9889F94} URL =
SearchScopes: HKU\S-1-5-21-2365521411-3686019725-4101832319-1002 -> {2EEBF374-2985-4A76-AC22-99F2A9889F94} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\uinq2ycr.default-1420408185459\extensions\default_newtabff@gmail.com => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449866068&z=f727d5a8997044709c9e306g9z4zdt1b6q8q2e3m7e&from=ient07021&uid=ST1000LM014-SSHD-8GB_W380XYVAXXXXW380XYVA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\AdwCleaner
RemoveDirectory: C:\Program Files (x86)\mozilla firefox\browser\searchplugins
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\MWdMM
RemoveDirectory: C:\ProgramData\SWdMS
RemoveDirectory: C:\Users\Monika\AppData\Local\Microsoft\BingSvc
RemoveDirectory: C:\Users\Monika\AppData\Roaming\TSv
CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
CMD: del /q "C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk"
CMD: del /q C:\WINDOWS\SysWOW64\pl.html
CMD: del /q C:\WINDOWS\SysWOW64\pl4.exe
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt.

[pysiak]

Logi:

chyba jeszcze o tym pliku zapomniałam i z radości narobiłam bałaganu, ale paskudy już nie ma

Fixlog.txt

Addition.txt

FRST.txt

[picasso]

Wszystko zrobione. Kończymy:

 

1. Zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Poczytaj na co uważać: KLIK.

[pysiak]

foldery przywracania systemu wyczyszczone, delfix zrobiony,

 

dzięki wielkie za pomoc

DelFix.txt

[picasso]

DelFix wykonał zadanie. Skasuj z dysku plik C:\delfix.txt.

 

Temat rozwiązany. Zamykam.