Yoursites123.com

wlodek04 · 9 Grudzień 2015 14:03

Witam. Potrzebuje pomocy z przeglądarka yoursites123.com. Próbowałem usunąć to kilkoma programami lecz nic nie pomogło.

Atis · 9 Grudzień 2015 15:10

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR&q={searchTerms}
HKU\S-1-5-21-2460876356-583810179-1245309094-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR&q={searchTerms}
HKU\S-1-5-21-2460876356-583810179-1245309094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKU\S-1-5-21-2460876356-583810179-1245309094-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
HKU\S-1-5-21-2460876356-583810179-1245309094-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Brak nazwy -> {f82503b0-3f37-4a63-8d5e-7f1b4da89f32} -> Brak pliku
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-12-09 13:23 - 2015-12-09 13:24 - 00000000 ____ D C:\ProgramData\WWdMW
2015-12-09 13:21 - 2015-12-09 13:22 - 00000000 ____ D C:\ProgramData\yWdMy
2015-12-09 14:11 - 2015-03-30 12:56 - 00000000 ____ D C:\AdwCleaner
CustomCLSID: HKU\S-1-5-21-2460876356-583810179-1245309094-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\WLODO\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Brak pliku
CustomCLSID: HKU\S-1-5-21-2460876356-583810179-1245309094-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\WLODO\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
Task: {E31A7A0D-A1DE-4604-9A9C-55C4136431B7} - System32\Tasks\avastBCLRestartS-1-5-21-2460876356-583810179-1245309094-1000 => Chrome.exe
Task: {F0191AAF-BCE2-42EC-AD38-4F4D5197D2D8} - System32\Tasks\{BE840BD3-F9FB-42F8-AA5F-A5C0C1E5B6D1} => pcalua.exe -a "C:\Users\WLODO\Downloads\GXW6T_A00_Setup_ZPE (1).exe" -d C:\Users\WLODO\Downloads
FirewallRules: [{060EB134-CD6F-474B-9991-D7883876109B}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{D617EB98-C7F2-4655-8F53-F0483FE9B9FF}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{29FC79C8-69D5-447F-9EAE-8D076CF9CC62}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{8E07D171-FFD4-4861-BD39-0C15C0566A7A}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{050B4A9E-A654-4E15-8C4F-C230C5E4FD2A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\WLODO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663710&z=477b8b9604ad11fcb1770e6gcz4z7tfq3q4cbm0g3e&from=ient07021&uid=ST320LT007-9ZV142_W0Q2FQTRXXXXW0Q2FQTR <==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

wlodek04 · 9 Grudzień 2015 15:37

Raport z usuwania plus nowy raport FRST i shortcut, wydaje się ze wszystko się udało, z góry dzieki

Fixlog.txt

FRST.txt

Shortcut.txt

Atis · 9 Grudzień 2015 16:11

Masz problem z czytaniem?

wlodek04 · 9 Grudzień 2015 16:36

poprawiam

Atis · 9 Grudzień 2015 18:41

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

S2 WdMan; C:\ProgramData\WWdMW\WdMan.exe -svr [X]
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST