x-kom hosting

Problem z yoursites123

karlosx4
utworzono
utworzono

Witam wszystkich, nie wiadomo skąd, nie wiadomo jak ale dopadł mnie yoursites. Przesyłam logi z frst i zarazem proszę mądre głowy o pomoc w pozbyciu się tego syfu.

Twój_Anioł_Stróż
komentarz
komentarz

Otwórz Notatnik i wklej w nim:

Task: {49A456F9-A254-4671-A782-09C171EA7014} - System32\Tasks\PhoneysEvasivenessV2 => Rundll32.exe ExcessiveChronicled.dll,main 7 1
Task: {7AF217B4-E705-46C6-B6E6-5C4C4E43DBC3} - System32\Tasks\{14A86A7C-AFF0-4BE7-8DEF-C621520DD0B1} => pcalua.exe -a "C:\Program Files (x86)\HD Tune\unins000.exe"
Task: {9B459EA3-832D-40FE-A835-C49935F38D14} - System32\Tasks\Price Fountain => C:\Users\Karlos\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-12-03] () <==== UWAGA
C:\Users\Karlos\AppData\Roaming\PriceFountain
Task: {CC42BA2C-082B-47B2-B656-757D5A8F9FA7} - System32\Tasks\{6189E815-9411-4EB4-B193-DD4CA0448EC9} => pcalua.exe -a C:\Users\Karlos\AppData\Roaming\yoursearching\UninstallManager.exe -c  -ptid=cornl
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Karlos\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DarkEra.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Karlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882 <==== UWAGA
C:\Users\Karlos\AppData\Roaming\TSv
C:\Program Files (x86)\SFK
C:\ProgramData\lWdMl
HKU\S-1-5-21-1487586807-450412971-3872676054-1000\...\Run: [BingSvc] => C:\Users\Karlos\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-27] (© 2015 Microsoft Corporation)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
HKU\S-1-5-21-1487586807-450412971-3872676054-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
HKU\S-1-5-21-1487586807-450412971-3872676054-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1487586807-450412971-3872676054-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1487586807-450412971-3872676054-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
BHO-x32: Middle Rush -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> C:\Program Files (x86)\Middle Rush\Extensions\d00ab4cc-662c-40b6-a85f-d53086f4bb16.dll => Brak pliku
BHO-x32: Lucky Bright -> {d47f39c7-2f7f-43e5-ba53-faffe2da42af} -> C:\Program Files (x86)\Lucky Bright\Extensions\d47f39c7-2f7f-43e5-ba53-faffe2da42af.dll => Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449162368&z=661e836a4c9aae859243bfdg1zdz4teg5qboecam7g&from=cor&uid=KINGSTONXSV300S37A60G_50026B773A02E882
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
OPR StartupUrls: "hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882","browser://startpage/"
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449728639&z=d313cbb7673f142e8889753g1zazdt5mao1bcqbz5e&from=ient07021&uid=KINGSTONXSV300S37A60G_50026B773A02E882
R2 IhPul; C:\Users\Karlos\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 WdMan; C:\ProgramData\lWdMl\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-10] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
2015-12-03 18:09 - 2015-12-03 18:09 - 00003252 _____ C:\Windows\System32\Tasks\Price Fountain
2015-12-03 18:09 - 2015-12-03 18:09 - 00000000 ____D C:\Users\Karlos\AppData\Roaming\PriceFountain
2015-12-03 18:08 - 2015-12-03 18:14 - 00000000 ____D C:\Users\Karlos\AppData\Roaming\yoursearching
2015-12-03 18:08 - 2015-12-03 18:10 - 00000000 ____D C:\ProgramData\nWMiniPron
2015-12-03 18:07 - 2015-12-10 07:24 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-03 18:07 - 2015-12-03 18:08 - 00000000 ____D C:\ProgramData\9WMiniPro9
2015-12-03 18:06 - 2015-12-03 18:14 - 00000000 ____D C:\Users\Karlos\AppData\Roaming\istartpageing
2015-12-03 17:15 - 2015-12-03 17:15 - 00000000 ____D C:\Users\Karlos\AppData\Roaming\OpenCandy
2015-12-02 22:41 - 2015-12-06 16:27 - 00000000 ____D C:\Users\Karlos\AppData\Local\CrashDumps
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.





 
karlosx4
komentarz
komentarz

Wszystko działa cacy, dziękuje bardzo.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.