yoursiters 123 - problem :(

wronud · 14 Grudnia 2015

Witam,
Po otwarciu przeglądarki google chrome i innych włącza się witryna yoursites 123.
Jak się tego pozbyć?
Bardzo proszę o stosunkowo proste wskazówki dotyczące tego, jak mogę się pozbyć tego problemu?

Z góry bardzo dziękuję za odpowiedź!

Addition.txt

FRST.txt

Shortcut.txt

picasso · 14 Grudnia 2015

Działania do przeprowadzenia:

1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj stare wersje i zbędniki: Adobe Reader X (10.1.16) MUI, HP Deskjet 3520 series — badanie mające na celu poprawę produktów, Java 8 Update 25. Następnie uruchom Zoek i w oknie wklej:

Metric Collection SDK 35;u

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Klik w Run Script. Powstanie plik zoek-results.log. W eksploratorze Windows menu Widok > Opcje > Zmień opcje folderów i wyszukiwania > Widok > odznacz Ukryj rozszerzenia znanych plików > zmień nazwę pliku na zoek-results.txt, by dało się go wstawić jako załącznik forum.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:

CreateRestorePoint:

R2 IhPul; C:\Users\Michał\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)

R2 WdMan; C:\ProgramData\tWdMt\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]

ShortcutWithArgument: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

ShortcutWithArgument: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

ShortcutWithArgument: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

ShortcutWithArgument: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

ShortcutWithArgument: C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia

HKU\S-1-5-21-1890577046-1904970765-735041783-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945540971226823&GUID=4A770436-E1B6-4A5C-BDD9-8D9CF61A66EA

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945540971236597&GUID=4A770436-E1B6-4A5C-BDD9-8D9CF61A66EA

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447141879&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07163&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447141879&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm07163&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

HKU\S-1-5-21-1890577046-1904970765-735041783-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447141646&z=b5842949f4f8f8e2756394dgaz5zbm0gcz7g3qbq3o&from=wpm07163&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

HKU\S-1-5-21-1890577046-1904970765-735041783-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945540971258425&GUID=4A770436-E1B6-4A5C-BDD9-8D9CF61A66EA

HKU\S-1-5-21-1890577046-1904970765-735041783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

HKU\S-1-5-21-1890577046-1904970765-735041783-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447141646&z=b5842949f4f8f8e2756394dgaz5zbm0gcz7g3qbq3o&from=wpm07163&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1890577046-1904970765-735041783-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1890577046-1904970765-735041783-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1890577046-1904970765-735041783-1001 -> {607D409B-3C06-4744-AA43-6650F770CB34} URL =

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

Edge HomeButtonPage: HKU\S-1-5-21-1890577046-1904970765-735041783-1001 -> hxxp://www.delta-homes.com/?type=hp&ts=1444459961&z=51a300e0dd52e700901a1edg3z5z8z2z4qce1eaecb&from=wpm07163&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]

CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]

StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449648574&z=ba9f503fca513245a78a3fcg9z0z4t7q6z2b8w2bfw&from=ient07021&uid=TOSHIBAXMQ01ABD050_93P5S0FVSXX93P5S0FVS

HKLM-x32\...\Run: [] => [X]

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

Task: {233F29FA-46D2-4B93-9102-63524E9A5B87} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku

Task: {41B4A687-E032-42B6-9A60-171896F63E2C} - System32\Tasks\{C5C490B4-9C9F-464F-BCC5-D10E4A7F0061} => pcalua.exe -a C:\Users\Michał\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tt4u

Task: {702D2A1B-817B-4A60-B9E9-074940AF496D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku

Task: {7CAE9303-2606-4E49-B331-F8DCD91016BB} - System32\Tasks\{2A1F61DD-61AD-466F-BC19-4797CE369D96} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.85.103/pl/privacy

Task: {8B18732A-8E83-40F8-AC3D-6150C63E07A3} - System32\Tasks\{CE9B6BF6-B523-4F4A-8CBB-20D770D544F9} => pcalua.exe -a E:\autorun.exe -d E:\

Task: {B8040DB3-B017-4E48-B2C1-F69B31F0E2AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku

Task: {C8FD7879-CE0B-43F8-A661-4CB064DCDA95} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

Task: {EE62EAEF-D5C9-47C1-9327-995E31DDB6C9} - \Microsoft\Windows\Setup\gwx\runappraiser -> Brak pliku

Task: {EF4F3440-E4A2-4207-B65E-5ACC5C2A3C61} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe

DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I

DeleteKey: HKCU\Software\dobreprogramy

DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo

DeleteKey: HKLM\SOFTWARE\MozillaPlugins

DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins

DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software

DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main

DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main

DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main

DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes

DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes

DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f

Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f

Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f

RemoveDirectory: C:\Program Files (x86)\Lenovo

RemoveDirectory: C:\ProgramData\pWdMp

RemoveDirectory: C:\ProgramData\QWMiniProQ

RemoveDirectory: C:\ProgramData\tWdMt

RemoveDirectory: C:\ProgramData\Microsoft\Windows\GameExplorer\{9A55E265-D6B7-46A5-AE15-2ADDE966D45E}

RemoveDirectory: C:\Users\Michał\AppData\Local\Lenovo

RemoveDirectory: C:\Users\Michał\AppData\Roaming\eCyber

RemoveDirectory: C:\Users\Michał\AppData\Roaming\TSv

RemoveDirectory: C:\Users\Michał\AppData\Local\Microsoft\Windows\GameExplorer\{7E65DAAF-3ECA-47D7-820F-35D8CC0BFC8E}

RemoveDirectory: C:\Windows\System32\Tasks\Lenovo

C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

C:\Users\Michał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa*.lnk

C:\Users\Michał\Desktop\Programy\CCleaner.lnk

C:\Users\Michał\Desktop\Programy\Help Desk.lnk

C:\Users\Michał\Desktop\Programy\Support Center.lnk

C:\WINDOWS\SysWOW64\pl.html

CMD: type C:\ProgramData\MakeMarkerFile.xml

EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też pliki fixlog.txt + zoek-results.txt. Potwierdź ustąpienie problemu także z przeglądarki Edge.

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

yoursiters 123 - problem :(

Rekomendowane odpowiedzi

wronud

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność