Brabus Opublikowano 25 Marca 2016 Zgłoś Udostępnij Opublikowano 25 Marca 2016 Witam, mam problem z yoursites. Załączam logi z FRST. Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 25 Marca 2016 Zgłoś Udostępnij Opublikowano 25 Marca 2016 Usunęłam nadwyżkowe logi FRST, te wyciągnięte z folderu C:\FRST\Logs. Bieżące raporty powstają zawsze tam skąd uruchamiasz FRST, w tym przypadku folder Pobrane. Jest tu mnóstwo obiektów adware, nie tylko tytułowy yoursites123, m.in. ogromna ilość sterowników z grupy Sambreel i powinieneś notować poważne problemy przy nawigacji internetowej. Poza tym, widnieje niepoprawnie odinstalowany McAfee. Działania do przeprowadzenia: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: R1 {00aec75d-051f-41a9-9837-e94ac4f56303}w64; C:\Windows\System32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}w64.sys [48784 2014-10-15] (StdLib) R1 {02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64; C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64.sys [48784 2014-10-17] (StdLib) R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}w64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}w64.sys [48832 2014-11-07] (StdLib) R1 {1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}w64; C:\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}w64.sys [48784 2014-10-13] (StdLib) R1 {255a824a-3cde-4dee-9785-284605606456}w64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}w64.sys [48832 2014-10-28] (StdLib) R1 {3b808196-ff63-49ee-b33b-efdf51723eca}w64; C:\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}w64.sys [48784 2014-10-13] (StdLib) R1 {3cac76e7-8310-45ea-8277-96d048a78c60}w64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys [48784 2014-11-27] (StdLib) R1 {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}w64; C:\Windows\System32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}w64.sys [48784 2014-10-17] (StdLib) R1 {4530e639-76ab-4435-889d-a5e81ae090a4}w64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}w64.sys [48784 2014-10-20] (StdLib) R1 {51365faa-196b-4544-91d5-04a729ae9395}w64; C:\Windows\System32\drivers\{51365faa-196b-4544-91d5-04a729ae9395}w64.sys [48784 2014-11-26] (StdLib) R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}w64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys [48832 2014-11-10] (StdLib) R1 {5d78e0ee-ca60-46a4-9492-4f24429cc925}w64; C:\Windows\System32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}w64.sys [48784 2014-10-17] (StdLib) R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}w64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}w64.sys [48784 2014-10-20] (StdLib) R1 {733fb217-c049-41ba-9504-3f2045e61977}w64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}w64.sys [48784 2014-10-21] (StdLib) R1 {871a812f-cd37-4983-9b44-0ab62f735457}w64; C:\Windows\System32\drivers\{871a812f-cd37-4983-9b44-0ab62f735457}w64.sys [48784 2014-11-29] (StdLib) R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}w64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}w64.sys [48784 2014-10-27] (StdLib) R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-09-28] (StdLib) R1 {bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64; C:\Windows\System32\drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys [48784 2014-11-30] (StdLib) R1 {d997fcb4-42b4-4f84-a147-2e498567c954}w64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys [48784 2014-11-29] (StdLib) R1 {dc592624-f532-4311-9fc7-6920126fc404}w64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}w64.sys [48784 2014-10-22] (StdLib) R1 {e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64; C:\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys [48784 2014-10-12] (StdLib) R1 {e9629596-2cbd-4eea-9329-7470e8b0fdae}w64; C:\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}w64.sys [48784 2014-10-12] (StdLib) R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}w64.sys [48784 2014-10-22] (StdLib) R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}w64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}w64.sys [48832 2014-11-03] (StdLib) R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}w64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}w64.sys [48832 2014-11-01] (StdLib) R1 {fce396ae-d8d1-4789-946e-2106fbe4292b}w64; C:\Windows\System32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}w64.sys [48784 2014-10-19] (StdLib) R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc3.cfg [46160 2014-12-15] (SafetyNut Inc) R2 IhPul; C:\Users\Rodzice\AppData\Roaming\TSv\TSvr.exe [116368 2016-03-17] (tsvr.com) R2 MaintainerSvc1.20.7247763; C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [128232 2015-10-23] () R2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [3574480 2014-12-15] (SafetyNut Inc) R2 WdMan; C:\ProgramData\4WdM4\WdMan.exe [294912 2016-03-17] (TFuns LIMITED) [brak podpisu cyfrowego] U1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] U1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] U1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll [669392 2014-12-15] () HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe Task: {004F1281-CFF1-4E98-B180-D8C306409B1C} - System32\Tasks\{4DA15624-6037-4F93-BDD6-3F136050A6BA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {4FFA5D67-60F1-4E02-9F21-0B730B12C232} - System32\Tasks\{6CF022DC-B2C0-4F02-B7E4-51E77CA4D868} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.81.104/pl/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {FB33CE0A-A13D-4C73-98E3-E5079C262E87} - System32\Tasks\Lenovo\Lenovo GroupPolicy: Ograniczenia - Chrome CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467" CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKU\S-1-5-21-785319261-2855401731-2711227746-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a15007-473&apn_uid=5555239400134351&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a15007-473&apn_uid=5555239400134351&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Rodzice\AppData\Roaming\Mozilla\Firefox\Profiles\t5e3fq3j.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Rodzice\AppData\Roaming\Mozilla\Firefox\Profiles\t5e3fq3j.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Rodzice\AppData\Roaming\Mozilla\Firefox\Profiles\t5e3fq3j.default\extensions\default_newtabff@gmail.com => nie znaleziono FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo) DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_09281008 DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v uTorrent /f C:\Program Files\McAfee Security Scan C:\Program Files (x86)\Browser Tab Search by Ask C:\Program Files (x86)\Elex-tech C:\Program Files (x86)\qksee C:\Program Files (x86)\mozilla firefox\browser\searchplugins C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\ProgramData\4WdM4 C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b C:\ProgramData\MWdMM C:\ProgramData\SafetyNut C:\ProgramData\WWdsManProW C:\Users\Rodzice\AppData\Roaming\TSv C:\WINDOWS\SysWOW64\123.html C:\WINDOWS\system32\log C:\WINDOWS\SysWOW64\_tWm C:\Windows\System32\drivers\{*}w64.sys EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj odpadek po McAfee Shared C Run-time for x64. Następnie zastosuj firmowe narzędzie McAfee Consumer Product Removal Tool. 3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition. Dołącz też plik fixlog.txt. Odnośnik do komentarza
Brabus Opublikowano 25 Marca 2016 Autor Zgłoś Udostępnij Opublikowano 25 Marca 2016 (edytowane) najwidoczniej komputer zaśmiecony poprzez strony umożliwiające oglądanie meczy online + różne strony z grami online. Nie użytkowany przeze mnie Edytowane 8 Kwietnia 2016 przez picasso Usuwam Addition i Fixlog - podane w kolejnym poście. //picasso Odnośnik do komentarza
picasso Opublikowano 25 Marca 2016 Zgłoś Udostępnij Opublikowano 25 Marca 2016 Brakuje głównego raportu FRST.txt. Uzupełnij. Odnośnik do komentarza
Brabus Opublikowano 25 Marca 2016 Autor Zgłoś Udostępnij Opublikowano 25 Marca 2016 Uzupełnione FRST.txt Addition.txt Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 8 Kwietnia 2016 Zgłoś Udostępnij Opublikowano 8 Kwietnia 2016 (edytowane) Coś tu się nie zgadza. Zadałam do usuwania wpisy yoursites123, Fix FRST zaraportował ich usunięcie, a one nadal są w ostatnim dostarczonym logu FRST... Poprawki: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a15007-473&apn_uid=5555239400134351&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1457960600&z=a24fe9d0c666d95bf162674g3z5w1m6t2q0e5w3t2q&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a15007-473&apn_uid=5555239400134351&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-785319261-2855401731-2711227746-1001 -> {7BD62F7F-9148-4D44-AD50-EB7F304C3DB5} URL = FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [brak pliku] CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467" CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=1458417134&z=edddbf22edf8342f74a9281g2zfw7baz6g2m4gac2e&from=wpm0314&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDA22467&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] S2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [X] S1 F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc3.cfg [X] S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] RemoveDirectory: C:\Program Files (x86)\Opera RemoveDirectory: C:\Users\Rodzice\Desktop\Stare dane programu Firefox EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Nastąpi restart i powstanie kolejny plik fixlog.txt. 2. Wyczyść Google Chrome z adware: Zresetuj synchronizację (o ile włączona): KLIK. Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Szukaj > klik w Zarządzanie wyszukiwarkami > skasuj z listy wszystko z wyjątkiem Google. 3. Zrób nowy log FRST z opcji Skanuj (Scan), bez Addition i Shortcut. Dołącz też plik fixlog.txt. Edytowane 2 Czerwca 2016 przez picasso Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi