yoursites123

Greeg79 · 13 Grudnia 2015

Witam
Prośba o pomoc w usunieciu tego cholerstwa.

picasso · 13 Grudnia 2015

Temat posprzątany, posty sklejone. Oczywiście odpowiadasz mi już w nowym poście.

Za dużo zainstalowanych antywirusów (AVG + Avast)! Akcje do przeprowadzenia:

1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj zbędniki i nadwyżkowy antywirus: AVG 2015, AVG Web TuneUp, eBay Worldwide.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
RemoveDirectory: C:\ProgramData\3WdM3
ShortcutWithArgument: C:\Users\gnied_000\Desktop\iexplore — skrót.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\gnied_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029 
Edge HomeButtonPage: HKU\S-1-5-21-1366245982-2024359666-2334870286-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-21]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029&q={searchTerms}
HKU\S-1-5-21-1366245982-2024359666-2334870286-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449859869&z=754730a47c314ff961660e7g9z3zet8b2w7teb5m0o&from=ient07021&uid=WDCXWD10SPCX-21KHST0_WD-WX11A548502985029
SearchScopes: HKU\S-1-5-21-1366245982-2024359666-2334870286-1001 -> {B1ED7635-C2AC-47A4-BEC5-C77102DAB81C} URL =
Task: {04318D2D-E824-407D-8D94-C035F0D3C2DD} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {1C5B74A0-E3DE-43B1-A00A-B69211A9356B} - System32\Tasks\{12E1DAA1-9205-497A-A2E5-265F9A14B3AE} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {2655F383-86C8-44A1-8B4D-A0E78B59E7B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {428229F1-4867-4CE6-96B5-375BF5144A8D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {7DFD16F2-8912-4328-96E9-DAA92DF6616D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku 
Task: {998B4D75-0593-407D-9498-F242608329E8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku 
Task: {9F72A08F-2E37-4241-AD99-4C3C63014632} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {B6F9BB34-731F-4E1E-8C79-A20043D62765} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku 
Task: {B8B2C9C1-F4BE-4795-85CB-96A9ED0B8164} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {CAA7425F-3D83-4F1F-80C5-A25C025995B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku 
Task: {CCF14B73-5A67-4803-8AE6-D61DDCE6E912} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku 
Task: {E41D2C0F-B7E8-46DF-A342-30E7EF53B494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {F58514B6-2121-42A1-8E37-7449AC8FE4D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {FA1ED2FF-25DC-42AB-82B3-513A678A3B7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku 
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Pokki /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v vProt /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Bluetooth.lnk /f
CMD: del /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk"
CMD: del /q "C:\Users\gnied_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Microsoft Office Word 2003 (2).lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Mozilla Firefox.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Odkurzacz.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\PLDS SmartPack Utility.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Kasia\Szybkie Czyszczenie Dysku.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Hewlett-Packard\SDP\vcweis.lnk"
CMD: del /q "C:\Users\gnied_000\Desktop\Stary Acer\Golf IV\Free M4a to MP3 Converter.lnk"
CMD: netsh advfirewall reset
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Wyczyść przeglądarki z adware:

Firefox:

Odłącz synchronizację (o ile włączona): KLIK.
Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
Menu Historia > Wyczyść całą historię przeglądania.

Google Chrome:

Zresetuj synchronizację (o ile włączona): KLIK.
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.
Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy yoursites123 (o ile nadal będzie widoczny).

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problem ustąpił także w przeglądarce Edge. Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

yoursites123

Rekomendowane odpowiedzi

Greeg79

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność