martaa96 utworzono 20 grudnia 2015 utworzono 20 grudnia 2015 Jak w temacie - zainstalował mi się yoursite123 i nie umiem tego usunąć. Pomożecie? :) Załączam logi z OTL
Twój_Anioł_Stróż komentarz 20 grudnia 2015 komentarz 20 grudnia 2015 Zrób logi z [b]FRST[/b] > http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/?p=2010191 przed skanem zaznacz: Additional.txt (logi OTL nie pokazują Zaplanowanych Zadań oraz zarażonych skrótów) .
Twój_Anioł_Stróż komentarz 21 grudnia 2015 komentarz 21 grudnia 2015 (edytowane) Otwórz Notatnik i wklej w nim: DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 2015-12-11 09:41 - 2015-12-11 09:42 - 00000000 ____D C:\ProgramData\2WdM2 2015-12-11 09:41 - 2015-12-11 09:41 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat R2 WdMan; C:\ProgramData\2WdM2\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93" CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 Edge HomeButtonPage: HKU\S-1-5-21-4171367544-3371882102-1428064723-1001 -> hxxp://www.delta-homes.com/?type=hp&ts=1442919147&z=c8111785f3b4118c1a6d98agdz0zfo2t0gdtdgfzaq&from=ient07031&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 HKU\S-1-5-21-4171367544-3371882102-1428064723-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} HKU\S-1-5-21-4171367544-3371882102-1428064723-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} HKU\S-1-5-21-4171367544-3371882102-1428064723-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 HKU\S-1-5-21-4171367544-3371882102-1428064723-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKU\S-1-5-21-4171367544-3371882102-1428064723-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKU\S-1-5-21-4171367544-3371882102-1428064723-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93&q={searchTerms} SearchScopes: HKU\S-1-5-21-4171367544-3371882102-1428064723-1001 -> {CE9D7AB0-49DF-4078-B1EA-9BBC2212229F} URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449823207&z=44f1c6a0e5172e28ae0ea1bg4z0z1tab4o1cbocecw&from=ient07021&uid=WDCXWD5000LPCX-24C6HT0_WD-WXB1E641XJ931XJ93 Task: {0317A34E-4B35-4DEE-B115-8036E5F1D2AC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {1CBD6F63-0AFA-409B-BA9A-68EAB232BE51} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {2CDAC16C-E72A-4C7D-8CFF-DA22BCA28B2A} - System32\Tasks\{47A5F4AF-0ACF-45A1-B428-2732863D5428} => pcalua.exe -a C:\Users\Marta\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=obw Task: {2ED4688E-8DAC-4D4A-8444-E47BC253A8BA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {3340E796-2F4E-4088-9568-1A5BF2C54AEA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {42446162-4F26-4FFA-898E-29DC95BB9D58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {4F4AA4F0-D448-42FF-A65D-F7414A5A0FA1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {77C0DE1F-EC5E-4F1C-8E31-A0932D184109} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {7ACDB12C-34AA-4317-A06F-0875745CFE18} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {7EFBE1DA-06CA-4B5B-97C9-C37B16F1E2F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {B04AE921-7B8C-44AE-804E-38599DED4387} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {E22ED128-3703-444F-A650-266287D98650} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA C:\Users\Marta\AppData\Roaming\istartsurf S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKLM-x32\...\Run: [] => [X] EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.