yourcites123 - problem

[michal1999r]

Witam,

to znów ja jednak z laptopa mojej dziewczyny, również ma ten problem. Proszę o pomoc.

Shortcut.txt

Addition.txt

FRST.txt

[picasso]

Tutaj z kolei takie akcje:

 

1. Odinstaluj adware TubeSaver oraz stare wersje i zbędniki Adobe Flash Player 15 ActiveX, Adobe Shockwave Player 12.1, AVG Web TuneUp, McAfee Security Scan Plus, OpenOffice.org 3.4.1, Pando Media Booster. Później będzie do instalacji najnowszy OpenOffice.

 

2. Otwórz Notatnik i wklej w nim:

 

CreateRestorePoint:
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420481926&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420481926&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
hxxp://www.google.com
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420481926&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420481840&from=cor&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> 0281489786C7498697C490711A678FEF URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3039114009-1155605666-1411358329-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
Toolbar: HKU\S-1-5-21-3039114009-1155605666-1411358329-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
Toolbar: HKU\S-1-5-21-3039114009-1155605666-1411358329-1002 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1448833131&z=98c25157628e2e2f2c72918gczez1b0b8c2c3g7oct&from=cornl&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\quick_searchff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\sweetsearch@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\yahooprotected@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfwrh5pz.default\extensions\default_newtabff@gmail.com
FF HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\...\Firefox\Extensions: [Tubesaver@istqt.co] - C:\Program Files (x86)\TubeSaver\133.xpi
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
CHR HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mlkikmimdmmkcokjpbhmlphimiefgeol] - C:\Users\Admin\AppData\Local\CRE\mlkikmimdmmkcokjpbhmlphimiefgeol.crx [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [mlkikmimdmmkcokjpbhmlphimiefgeol] - C:\Users\Admin\AppData\Local\CRE\mlkikmimdmmkcokjpbhmlphimiefgeol.crx [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\133.crx [2013-09-11]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1450111534&z=c37fdeea2e46336e0d2fce4g7z5w4ecg5gcg2wcc2c&from=wpm07173&uid=WDCXWD1600BEVT-75ZCT2_WD-WXEX08VXN996XN996
Task: {50BE3B3C-90E8-4B6F-94A9-D7449F558153} - System32\Tasks\{B3A0E177-E3FE-4924-BA5E-6875D1A43CD5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-
Task: {86B71BD9-4E79-4A5F-B0D9-5A11E7903C84} - System32\Tasks\{849B4DE6-046F-496E-9401-6EA81629CCE2} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor 
Task: {CE8D2B9A-005F-4822-9DE0-5EC4CCA7AF2E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
HKLM-x32\...\Run: [MFARestart] => "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3039114009-1155605666-1411358329-1000\...\Run: [Tiny download manager] => "C:\Users\Admin\AppData\Local\DM\TinyDM.exe" /M
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
S1 wafd_1_10_0_18; system32\drivers\wafd_1_10_0_18.sys [X]
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AdobeARMservice
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AdobeFlashPlayerUpdateSvc
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^grzegorz xd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPLA!
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ooVoo.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\Program Files (x86)\TubeSaver
RemoveDirectory: C:\Program Files (x86)\WinZipper
RemoveDirectory: C:\ProgramData\9WMiniPro9
RemoveDirectory: C:\ProgramData\BWdMB
RemoveDirectory: C:\ProgramData\DWdMD
RemoveDirectory: C:\Users\Admin\AppData\Local\CRE
RemoveDirectory: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{E4756413-BFF8-47AB-8063-83699A5C6FA2}
RemoveDirectory: C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\{7042C1F1-53C4-4E5B-B2CD-2BBBFFC16C98}
RemoveDirectory: C:\Users\Admin\AppData\Roaming\TSv
RemoveDirectory: C:\Users\Admin\AppData\Roaming\WarThunder
RemoveDirectory: C:\Users\Admin\AppData\Roaming\WinZipper
RemoveDirectory: C:\Users\Admin\AppData\Roaming\yoursearching
RemoveDirectory: C:\Users\grzegorz xd\AppData\Local\Microsoft\Windows\GameExplorer\{B759CD57-0D6B-46A4-8A9D-1946AD287257}
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK
C:\Users\Admin\Desktop\pliki\pliki\Malwarebytes Anti-Malware.lnk
C:\Users\Admin\Desktop\pliki\pliki\McAfee Security Scan Plus.lnk
C:\Users\Admin\Desktop\Zawoja 2\Krakus\CENNIK.lnk
C:\Users\Admin\Favorites\GG dysk (*).lnk
C:\Users\Admin\Links\GG dysk (*).lnk
C:\Users\UpdatusUser\Desktop\*.lnk
C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
C:\Windows\SysWOW64\pl.html
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść przeglądarki z adware:

 

Firefox:

• Odłącz synchronizację (o ile włączona): KLIK.
• Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
• Menu Historia > Wyczyść całą historię przeglądania.

Google Chrome:

• Zresetuj synchronizację (o ile włączona): KLIK.
• Jeśli potrzebne, wyeksportuj zakładki: CTRL+SHIFT+O > Organizuj > Eksportuj zakładki do pliku HTML.
• Ustawienia > karta Ustawienia > Osoby > załóż nowy profil i się na niego zaloguj + zaimportuj zakładki, a stary usuń całkowicie.

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, już bez Shortcut. Dołącz też plik fixlog.txt.

[michal1999r]

Proszę

 

Addition.txt

Fixlog.txt

FRST.txt

[picasso]

Nie została w ogóle wykonana operacja w Google Chrome. Firefox został odinstalowany a nie zresetowany, co zostawiło na dysku cały zaśmiecony adware profil. Poprawki:

 

1. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście odpadek po deinstalacji Adobe swMSM > Dalej.

 

2. Zaległy punkt:

 

Google Chrome:

• Zresetuj synchronizację (o ile włączona): KLIK.
• Jeśli potrzebne, wyeksportuj zakładki: CTRL+SHIFT+O > Organizuj > Eksportuj zakładki do pliku HTML.
• Ustawienia > karta Ustawienia > Osoby > załóż nowy profil i się na niego zaloguj + zaimportuj zakładki, a stary usuń całkowicie.

3. Otwórz Notatnik i wklej w nim:

 

Task: {A3AE150F-C798-43A4-993B-747CB21ABF44} - System32\Tasks\{3F66CEB8-3F05-4ACF-8C5D-140205FCEFC9} => pcalua.exe -a "C:\Program Files (x86)\USB Vibration Joystick\Setup\setup.exe" -d "C:\Program Files (x86)\USB Vibration Joystick\Setup"
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
RemoveDirectory: C:\FRST\Quarantine
RemoveDirectory: C:\MATS
RemoveDirectory: C:\Program Files (x86)\Mozilla Firefox
RemoveDirectory: C:\Program Files (x86)\OpenOffice.org 3
RemoveDirectory: C:\Users\Admin\AppData\Local\Mozilla
RemoveDirectory: C:\Users\Admin\AppData\Roaming\Mozilla
RemoveDirectory: C:\Users\Admin\AppData\Roaming\omiga-plus
CMD: netsh advfirewall reset

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Tym razem nie będzie restartu. Przedstaw wynikowy fixlog.txt.

 

4. Uruchom AdwCleaner. Wybierz opcję Skanuj i dostarcz log wynikowy z folderu C:\AdwCleaner.

[michal1999r]

zrobione

Fixlog.txt

AdwCleanerS1.txt

[picasso]

1. Uruchom AdwCleaner ponownie, wybierz po kolei opcje Skanuj + Usuń i pokaż log z usuwania.

 

2. W systemie są aż trzy konta:

 

==================== Konta użytkowników: =============================
 

Admin (S-1-5-21-3039114009-1155605666-1411358329-1000 - Administrator - Enabled) => C:\Users\Admin

grzegorz xd (S-1-5-21-3039114009-1155605666-1411358329-1002 - Administrator - Enabled) => C:\Users\grzegorz xd

Jurek (S-1-5-21-3039114009-1155605666-1411358329-1004 - Administrator - Enabled) => C:\Users\Jurek

 

Dotychczas był sprawdzany Admin. Wymagane sprawdzenie dwóch pozostałych. Zaloguj się na każde z nich po kolei poprzez pełny restart Windows, a nie Wyloguj czy Przełącz użytkownika, na każdym zrób po dwa logi FRST: FRST.txt + Addition.txt. Shortcut.txt nie jest mi potrzebny.

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso