logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

Jak usunąć yoursites123 z Google Chrome? FRST nie pomógł

dretred 24 Gru 2015 14:17 1059 2
REKLAMA
Zgłoś naruszenie prawa
| Nowy temat
  • #1 15267071
    dretred
    Poziom 5  
    Posty: 42
    Ocena: 2
    Witam,
    korzystając z porad zamieszczonych na elektrodzie próbuję usunąć yoursites123, który uruchamia się w przeglądarce chrome. Wygenerowałem plik FRST, usunąłem Acrobat Reader Polish, utworzyłem plik fixlist.txt i umieściłem w katalogu w którym znajduje się FRST. Uruchomiłem FRST jako admin i zastosowałem opcję "napraw". Zrestartowałem kompa i usunąłem katalog c:\FSRT. Niestety nic to nie pomogło, syf pod nazwą yoursites123 wciąż uruchamia się przy starcie Google Chrome. Proszę o porady co mogę zrobić żeby się tego pozbyć.
    pozdrawiam
    dretred
    Załączniki:
    • FRST.txt (50.5 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • Addition.txt (45.08 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • Pomocny post
    #2 15267110
    Acorus 20
    Poziom 43  
    Posty: 10541
    Pomógł: 3247
    Ocena: 1063
    Odinstaluj Setup, WinZipper. Otwórz notatnik systemowy i wklej:

    Cytat:
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    HKLM-x32\...\Run: [mbot_pl_014010152] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    HKU\S-1-5-21-513947091-129304880-3091503744-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357&q={searchTerms}
    HKU\S-1-5-21-513947091-129304880-3091503744-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357
    HKU\S-1-5-21-513947091-129304880-3091503744-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357
    HKU\S-1-5-21-513947091-129304880-3091503744-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-513947091-129304880-3091503744-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-513947091-129304880-3091503744-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.oursurfing.com/?type=hp&ts=1448023809&z=fb3fb96cfcb5dea37c94ac3g9zbz7b7efobc9bde2t&from=amt&uid=samsungxhd160jj_s08hj10y428357","hxxp://www.yoursites123.com/?type=hp&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357"
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1450867918&z=c9c10ce23c7073c570fe29fgdzfwbe4baqfm7t5g8b&from=wpm07173&uid=SAMSUNGXHD160JJ_S08HJ10Y428357
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [265960 2015-12-22] (RayDl)
    R2 IhPul; C:\Users\admin\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-14] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
    S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP6a\WNt600x64\Sandra.sys [X]
    2015-12-23 11:53 - 2015-12-23 11:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\WinZipper
    2015-12-23 11:53 - 2015-12-23 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    2015-12-23 11:53 - 2015-12-23 11:53 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-12-23 11:52 - 2015-12-24 13:26 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-23 11:52 - 2015-12-23 11:53 - 00000000 ____D C:\ProgramData\9WdM9
    2015-12-23 11:52 - 2015-12-23 11:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\TSv
    2015-12-23 11:52 - 2015-11-20 13:50 - 00000000 ____D C:\Program Files (x86)\RayDld
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
  • #3 15282598
    dretred
    Poziom 5  
    Posty: 42
    Ocena: 2
    Dzięki bardzo, pomogło.
    Pozdrawiam
| Nowy temat
Zgłoś naruszenie prawa
REKLAMA