p!r3k utworzono 10 grudnia 2015 utworzono 10 grudnia 2015 Witam, zwracam się do Was z prośbą o pomoc w usunięciu yoursiter123, bo widocznie spowolnił mi przeglądarkę i czytałem, że może być niebezpieczny . W załącznikach wyniki skanu FRST. Z góry wielkie dzięki .
Twój_Anioł_Stróż komentarz 10 grudnia 2015 komentarz 10 grudnia 2015 (edytowane) Otwórz Notatnik i wklej w nim: ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\Users\Maciej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q <==== UWAGA C:\ProgramData\2WdM2 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} HKU\S-1-5-21-2010415190-3611625998-722678919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q HKU\S-1-5-21-2010415190-3611625998-722678919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} SearchScopes: HKU\S-1-5-21-2010415190-3611625998-722678919-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} SearchScopes: HKU\S-1-5-21-2010415190-3611625998-722678919-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q&q={searchTerms} StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449728729&z=977a54865ab42e4502e912dg5z8z1t9mfo4bfmbc6o&from=ient07021&uid=ST500DM002-1BD142_Z3T9VS4QXXXXZ3T9VS4Q R2 WdMan; C:\ProgramData\2WdM2\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X] 2015-12-10 07:25 - 2015-12-10 07:26 - 00000000 ____D C:\ProgramData\2WdM2 2015-12-10 07:25 - 2015-12-10 07:25 - 00000000 ____D C:\ProgramData\DWdMD EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. . 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.