yoursites123

[evuszka]

przyszedł czas i na mnie, błagam o pomoc

FRST.txt

[picasso]

Nie zostały przeczytane zasady działu, ani instrukcja tworzenia raportu FRST. Pomoc w oparciu o jeden log FRST jest niemożliwa. Proszę wrócić do instrukcji i zrobić porządnie raporty FRST: KLIK. Mają powstać trzy pliki FRST.txt, Addition.txt, Shortcut.txt.

[evuszka]

mój błąd, już uzupełnione pliki

Shortcut.txt

Addition.txt

FRST.txt

[picasso]

Akcja:

 

1. Klawisz z flagą Windows + X > Programy i funkcje > Odinstaluj: Adobe AIR, Adobe Reader 8.1.0, Foxtab (adware), Pando Media Booster.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKU\S-1-5-21-2327504602-676731766-3640145769-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
HKU\S-1-5-21-2327504602-676731766-3640145769-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2327504602-676731766-3640145769-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\k5voscb5.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\k5voscb5.default\extensions\yahooprotected@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449841938&z=7667727bff88ece2d1a980cg0z7z0tdb7z7gdtazez&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9CD163202
R2 WdMan; C:\ProgramData\aWdMa\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-13] ()
S1 {5eeb83d0-96ea-4249-942c-beead6847053}Gw64; system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys [X]
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [X]
S1 {a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gw64; system32\drivers\{a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gw64.sys [X]
S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X]
S2 Util Solution Real; "C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe" [X]
HKU\S-1-5-21-2327504602-676731766-3640145769-1002\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe
Task: {ECBAC623-128D-4A22-9F2C-AEEC22DED856} - System32\Tasks\{0498070D-BAFC-4810-A897-941CA9DF4329} => pcalua.exe -a E:\setup.exe -d E:\
Task: {EDE3F314-82DA-4369-B7FD-FDB2816AB2C8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo)
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Reader Speed Launcher" /f
RemoveDirectory: C:\Program Files\Enigma Software Group
RemoveDirectory: C:\ProgramData\aWdMa
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sammy Suricate
RemoveDirectory: C:\Users\Ewa\AppData\Roaming\Picexa Viewer
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk
C:\Users\Ewa\Hopmon.lnk
C:\Users\Jerzy\Desktop\Sammy Suricate.lnk
C:\Users\UpdatusUser\Desktop\*.lnk
C:\Windows\System32\Drivers\EsgScanner.sys
C:\WINDOWS\SysWOW64\pl.html
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść przeglądarki z adware:

 

Firefox:

• Odłącz synchronizację (o ile włączona): KLIK.
• Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone, ale Adblock Pus trzeba będzie potem przeinstalować.
• Menu Historia > Wyczyść całą historię przeglądania.

Google Chrome:

• Zresetuj synchronizację (o ile włączona): KLIK.
• Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt.

[evuszka]

wszystko wydaje się być okej, dziękuje bardzo!

Addition.txt

FRST.txt

Fixlog.txt

[picasso]

Wszystko zrobione. Teraz:

 

Uruchom AdwCleaner. Wybierz opcję Skanuj i dostarcz log wynikowy z folderu C:\AdwCleaner.

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso