Skocz do zawartości
WAŻNE - Użytkownicy uprawnieni do pomocy
WAŻNE - Zakładanie tematu: obowiązkowe logi
Nadchodzące zmiany w logowaniu

yoursites123.com

solmyr

Przez solmyr
w Dział pomocy doraźnej

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.
picasso

picasso

Opublikowano
Opublikowano

Operacje do przeprowadzenia:

 

1. Klawisz z flaą Windows + X > Programy i funkcje > odinstaluj zbędne aplikacje: ASUS WebStorage, AsusVibe2.0, Bing Bar.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
ShortcutWithArgument: C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
HKU\S-1-5-21-2961050570-293141152-3916909677-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
HKU\S-1-5-21-2961050570-293141152-3916909677-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446029231&z=8800fd6b1b264bc0d056df6g0z7z3qce2o8bct6m4z&from=cor&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
Edge HomeButtonPage: HKU\S-1-5-21-2961050570-293141152-3916909677-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
OPR Session Restore: -> [funkcja włączona]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648673&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07021&uid=HitachiXHTS547550A9E384_J2160051CTJ7LCCTJ7LCX
R2 IhPul; C:\Users\Paweł\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-09] (tsvr.com)
U3 idsvc; Brak ImagePath
U3 wpcsvc; Brak ImagePath
HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2CEC94D6-1CAE-47C8-9E0E-0149525591BC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {415241F4-ED9C-4BBE-869E-19586807B91E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4C464618-5C11-4E5B-9621-69FD62654147} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {53C7BC87-1E47-4920-988E-BA5DA350D645} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {86B79B27-494E-4F6D-94E8-513E8204D004} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A856EE66-B808-403A-8FB5-AA276BAB1566} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {A94B6C7E-A307-4ED6-9685-3835FF124FCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D37BE8AA-C84F-4B51-AD6D-8873C8C89E71} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
DisableService: PLAY ONLINE. RunOuc
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ASUSWebStorage /f
RemoveDirectory: C:\Users\Paweł\AppData\Roaming\TSv
RemoveDirectory: C:\Windows\ehome
RemoveDirectory: C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
CMD: del /q C:\ProgramData\{*}.*
CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\*.lnk"
CMD: del /q "C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk"
CMD: del /q "C:\Users\Paweł\Desktop\PROGRAMY\Norton 360.LNK"
CMD: del /q C:\WINDOWS\SysWOW64\data.bin
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść Firefox z adware:

  • Odłącz synchronizację (o ile włączona): KLIK.
  • Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
  • Menu Historia > Wyczyść całą historię przeglądania.
4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge.
Odnośnik do komentarza
picasso

picasso

Opublikowano
Opublikowano (edytowane)

solmyr, tak się tu nie załatwia spraw. Wszystko musi być potwierdzone, bo coś mogło się nie usunąć w skrypcie lub wystąpiły nowe okoliczności. A poza tym są także do wykonania specjalne kroki końcowe. Wyraźnie prosiłam o:

 

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge.

Edytowane przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso
Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...