yoursite123

asvpxdiilivn · 19 Grudnia 2015

Witam,

również posiadam problem z ys123

firefox / win8

Logi:

FRST_19-12-2015_12-39-03.txt

Addition_19-12-2015_12-39-03.txt

Shortcut.txt

picasso · 20 Grudnia 2015

Nazwy logów FRST wskazują, że je wyciągasz z folderu C:\FRST\Logs. To jest archiwum. Bieżący log powstaje zawsze tam skąd uruchamiasz FRST, czyli w tym przypadku: E:\Paula\Downloads.

Działania do przeprowadzenia:

1. Odinstaluj: Adobe AIR (stara wersja), Search App by Ask (adware), Shared C Run-time for x64 (odpadek po odinstalowanym McAfee)

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S2 PDIHWCTL; \??\C:\WINDOWS\system32\drivers\pdihwctl.sys [X]
S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
ShortcutWithArgument: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
ShortcutWithArgument: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
ShortcutWithArgument: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
ShortcutWithArgument: C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157153237-1038460167-4205843471-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157153237-1038460167-4205843471-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1157153237-1038460167-4205843471-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157153237-1038460167-4205843471-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1448204421&z=119d25c6d07a82b7559d655gfz1zcbaoce7zfgeebo&from=cor&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\ypp9sdkk.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Paula\AppData\Roaming\Mozilla\Firefox\Profiles\ypp9sdkk.default\extensions\yahooprotected@gmail.com => nie znaleziono
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449659037&z=69a6b343808de011cb6e9a4g0zfzdt9q6w1t5edc9m&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD719403&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-11-13]
CHR HKU\S-1-5-21-1157153237-1038460167-4205843471-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-11-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-21]
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
Task: {06B6A2B4-C7D2-4DF4-9EAA-0BF963E0E4A5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
FirewallRules: [{9B83FB95-1F4F-4F4B-865E-754ED4DC11FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2EBF6869-8907-44D6-96D9-AF8D29724EBF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files (x86)\AskPartnerNetwork
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\1WdM1
RemoveDirectory: C:\ProgramData\FWMiniProF
RemoveDirectory: C:\ProgramData\rWdMr
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
RemoveDirectory: C:\Users\Paula\AppData\Roaming\istartsurf
RemoveDirectory: C:\Users\Paula\AppData\Roaming\Picexa Viewer
RemoveDirectory: C:\Users\Paula\AppData\Roaming\Shortcut
RemoveDirectory: C:\Users\Paula\AppData\Roaming\TSv
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Paula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk
C:\Users\Public\Desktop\Picexa.lnk
C:\WINDOWS\SysWOW64\pl.html
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Wyczyść Google Chrome z adware:

Zresetuj synchronizację (o ile włączona): KLIK.
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.
Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy wszystko z wyjątkiem Google.

4. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt.

asvpxdiilivn · 6 Stycznia 2016

Chyba dodałem wszystko co było potrzebne,nie mogłem znaleźć Shared C Run-time for x64.

Wybacz że odpisuje po tak późnym czasie

Addition.txt

Fixlog.txt

FRST.txt

Zaloguj się

yoursite123

Rekomendowane odpowiedzi

asvpxdiilivn

Odnośnik do komentarza

picasso

Odnośnik do komentarza

asvpxdiilivn

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Zarejestruj nowe konto

Zaloguj się

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność