yoursite123

jamesK · 15 Grudnia 2015

Proszę o pomoc w usunięciu tego czegos

Z góry dziękuję i załączam logi.

Addition.txt

FRST.txt

Shortcut.txt

picasso · 15 Grudnia 2015

Jest tu więcej śmieci adware. Operacje do przeprowadzenia:

1. Deinstalacje:

- Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj adware WordFly 1.10.0.28.

- Uruchom narzędzie Norton Removal Tool, gdyż w systemie są liczne obiekty po niepoprawnie odinstalowanym pakiecie Norton Internet Security.

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Agniecha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815 
ShortcutWithArgument: C:\Users\Agniecha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815 
ShortcutWithArgument: C:\Users\Agniecha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 33.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 33.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
HKU\S-1-5-21-2100001416-2170443706-2230923172-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
HKU\S-1-5-21-2100001416-2170443706-2230923172-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2100001416-2170443706-2230923172-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2100001416-2170443706-2230923172-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
OPR Session Restore: -> [funkcja włączona]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1450102952&z=97a3a9b96ed0ae4bc57b83cgcz7w1e7g7e3o4t1zbt&from=wpm07173&uid=SAMSUNGXHN-M101MBB_S2RQJ1NBB10815
U3 idsvc; Brak ImagePath
U3 wpcsvc; Brak ImagePath
HKU\S-1-5-21-2100001416-2170443706-2230923172-1000\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
Task: {03917C64-5EE5-427B-8A8D-44A987017A5F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {04E29903-F8E4-4D6E-88AB-FE6BCE1D679B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {186DDBF1-D45D-44AE-87F6-A3E4A019B61B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1876D088-1070-43EB-AE91-24A91CAFF404} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1887C891-1C14-4A3D-89A4-29F736F69664} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1A18C4E0-6C76-43E2-A3DB-B5AD606AE315} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {2341AAD4-6DAE-4BF2-9BCC-577F257FE51B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {244F0274-90E6-496A-B4B3-7BA9B306298F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {26F9B746-FDD1-4165-95D7-301D6AD7D6CD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {29A31F4D-6F4D-4EC9-B1C6-A05DEFF5BB25} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {2E263298-B443-4664-A6FD-A48EECD39C12} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2E2CBCB6-041E-4C42-BE9F-830F6089A942} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {305EF1E5-28AA-4543-998E-0F133C0C486F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {37C744B1-FBD9-4A1B-8638-3BABA76A1459} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku 
Task: {428B58A8-81DF-4F3C-A533-BF2EA45A1025} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {44FC81C7-4F30-4B89-A3D9-B5FD1E61C4F6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku 
Task: {47C42DC1-B093-48B3-9BF3-1F76831C796A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku 
Task: {49C1321A-6DA9-4375-8924-C2CC2A66686E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4A09FE6B-1802-49E8-A678-CC12D7F38170} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4F0EB740-7F3D-4E09-8564-72F9693A7EBC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {58C562DE-FC12-4560-9C97-9C84A760EBAA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5D4850AC-682F-4803-98E5-D24415968AA4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6AD5B59F-C5B6-442B-89E0-12907B811FA0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku 
Task: {7F918AA3-2000-48E3-9C9D-CFFF69B0C2DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {B4D89121-BE3B-4EF8-9F77-8F7A1EC957E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {BA951026-0C32-4E1B-8820-A9C8D908A4D4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CE6162E8-656E-42CC-9BA3-68C96A0312EB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {D83C9EC1-96A6-46DF-91F6-2163A8DE4D89} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {EC1D5C1F-1725-443A-8C7A-5CBE7A5731D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku 
Task: {EDBE865D-69D8-4D2A-B06F-C1B08F188625} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F2D88229-ADBC-475A-8C72-25A147F8852A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {F7088F29-4C79-4117-A284-A6F0E35C0EDC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku 
Task: {F7EB9D2D-6B1B-4DD6-A2D3-D5415F55A1D6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedHomepages /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /v ProtectedSearchScopes /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com" /f
Reg: reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com" /f
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files (x86)\WordFly_1.10.0.28
RemoveDirectory: C:\ProgramData\DWMiniProD
RemoveDirectory: C:\ProgramData\Temp
RemoveDirectory: C:\Users\Agniecha\AppData\Roaming\istartsurf
RemoveDirectory: C:\Windows\ehome
RemoveDirectory: C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
C:\ProgramData\{*}.*
C:\WINDOWS\SysWOW64\data.bin
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt. Potwierdź, że problemu nie ma także w przeglądarce Edge.

jamesK · 15 Grudnia 2015

Nie wystepuje ani w operze ani w edge, dzieki wielkie!

Addition.txt

Fixlog.txt

FRST.txt

picasso · 15 Grudnia 2015

Wszystko zrobione. Poprawki:

1. Nie zauważyłam bardzo starego Adobe AIR. Odinstaluj.

2. Uruchom AdwCleaner. Wybierz opcję Skanuj i dostarcz log wynikowy z folderu C:\AdwCleaner.

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

yoursite123

Rekomendowane odpowiedzi

jamesK

Odnośnik do komentarza

picasso

Odnośnik do komentarza

jamesK

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność