Yoursites123

hellscream · 21 Grudzień 2015 11:05

Witam, przy każdym uruchomieniu przeglądarki Chrome wyświetla mi się (jako strona startowa) yoursites123. Domyślnie mam ustawione, żeby otwierało mi te karty, na których skończyłem przeglądanie Internetu. Sprawdziłem rozszerzenia, nic tam nie ma. Zamieszczam logi:

FRST

Addition

Shortcut

Atis · 21 Grudzień 2015 11:13

Nie można sprawdzić, bo linie są podzielone.

hellscream · 21 Grudzień 2015 11:20

Zgadza się, już poprawiłem.

FRST

Addition

Shortcut

Atis · 21 Grudzień 2015 11:25

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Run: [iTunesHelper] => wscript.exe //B "C:\Users\Krystian\AppData\Local\Temp\iTunesHelper.vbe" <===== UWAGA
HKU\S-1-5-21-523027435-2727358721-1396252284-1003\...\Policies\Explorer: []
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150422
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150422
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-523027435-2727358721-1396252284-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
HKU\S-1-5-21-523027435-2727358721-1396252284-1003\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=190313_wo1&babsrc=HP_ss&mntrId=9C9B002637BD3942
HKU\S-1-5-21-523027435-2727358721-1396252284-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-523027435-2727358721-1396252284-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-523027435-2727358721-1396252284-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&tt=190313_wo1&babsrc=SP_ss&mntrId=9C9B002637BD3942
SearchScopes: HKU\S-1-5-21-523027435-2727358721-1396252284-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-523027435-2727358721-1396252284-1003 -> {D58BDF89-69DC-45FA-94B9-4E58E95CBDD9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282722&CUI=UN32986806241704116&UM=2&SSPV=TB_T3
BHO: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\Bartosz\AppData\Roaming\Complitly\64\Complitly64.dll => Brak pliku
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Brak pliku
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449198133&z=5d602a20ae009f1f693d908g6z4zft4g8tcb2gdoew&from=cor&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
StartMenuInternet: Google Chrome.B3D5RMMUMD3XFZPEIVD2Y7PJV4 - C:\Users\Bartosz\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
U3 aw1gv3pa; Brak ImagePath
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
2015-12-21 11:40 - 2015-12-21 11:45 - 00000000 ____ D C:\AdwCleaner
2015-12-09 13:13 - 2015-12-09 13:14 - 00000000 ____ D C:\ProgramData\BWdMB
2015-12-09 13:11 - 2015-12-09 13:13 - 00000000 ____ D C:\ProgramData\pWdMp
C:\Users\Krystian\*.cmd
Task: {0A1D534B-DF3B-4535-89D5-F0B0EECB58AD} - System32\Tasks\{B89415C0-1165-4268-BBC8-C16E6601C31B} => pcalua.exe -a G:\SetupSimple.exe -d G:\
Task: {28BFBFB0-4BDF-43BD-9E41-F7C3032582B2} - System32\Tasks\{F3A06722-901C-413E-AC0C-634F49CFFF9B} => pcalua.exe -a G:\ADAMS\MDAdams\setup.exe -d G:\ADAMS\MDAdams
Task: {5D3ABF27-65D7-4EB5-8A2B-8D987A057664} - System32\Tasks\{AC737999-C17E-4552-9051-C6B80BFF6586} => pcalua.exe -a E:\RouterSetWizard.exe -d E:\
Task: {98C125DF-326C-4396-98C5-A42BB9994624} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA
Task: {99CC639D-83E3-4E37-9658-20D4DE0CA8CB} - System32\Tasks\{10F3A1ED-AF03-414D-9813-083A8452A2C3} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {9B0E2835-DE38-4EEC-9B55-F7CFCAC1EC37} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {AAC8D8CC-9C15-49F9-BE2D-78368388A00B} - System32\Tasks\{405A33EC-5110-42C2-80F1-5D0B636D2A19} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {C5653FA2-1B1E-4F9A-981E-860E1BBC67E8} - System32\Tasks\{649B35E8-93FE-455F-8352-DEB5A9F39BB1} => pcalua.exe -a "C:\PROGRA~2\SmartDraw CI\UNWISE.EXE" -c C:\PROGRA~2\SmartDraw CI\INSTALL.LOG
Task: {CDCA100C-CBBA-431C-BA5B-D396C86A29DA} - System32\Tasks\{93F8A963-1079-42D3-958F-F801BA7199CF} => pcalua.exe -a "D:\Krystian\install\Nero 6601PL\NBR6601PLK.exe" -d "D:\Krystian\install\Nero 6601PL"
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Bartosz\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Bartosz\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449663140&z=c65254421e8678606db098dg6zez4t2q2q1c0g2c3m&from=ient07021&uid=WDCXWD1600BEVT-22ZCT0_WD-WXE808HZ1783Z1783
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

hellscream · 21 Grudzień 2015 11:46

FRST

Shortcut

Fixlog

Atis · 21 Grudzień 2015 11:54

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

S2 WdMan; C:\ProgramData\BWdMB\WdMan.exe -svr [X]
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST

hellscream · 21 Grudzień 2015 12:34

Wszystko zrobione. Dziękuję!