x-kom hosting

yoursites 123

mwywio01
utworzono
utworzono

Jak widzę nie jestem jedyny:)

Bardzo proszę o pomoc w usunięciu syfu pod tytułem yoursites 123.

 

Z góry dzięki - załączam pliki.

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Odinstaluj ten program:

Picexa (HKLM-x32\...\Picexa) (Version:  - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
 

2) Otwórz Notatnik i wklej w nim:

ShortcutWithArgument: C:\Users\Marcin\Desktop\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Google Keep – notatki i listy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616 <==== UWAGA
C:\Program Files (x86)\Picexa
C:\Users\Marcin\AppData\Roaming\TSv
C:\ProgramData\7WdM7
C:\Program Files (x86)\SFK
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
HKU\S-1-5-21-630279693-1836717529-2162898051-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
HKU\S-1-5-21-630279693-1836717529-2162898051-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> {083AA8FC-D9FB-41C0-B17F-7AE02910E6D0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&ts=1437941550&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&ts=1437941550&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&ts=1437941550&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-630279693-1836717529-2162898051-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&ts=1437941550&type=default&q={searchTerms}
BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1445676759&z=ccf669861a97c2ed1d8a6ffg6z4zfw0q5m4q2m6t3z&from=wpm07163&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: yoursites123
FF SearchPlugin: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\gsu2wtzj.default\searchplugins\yoursites123.xml [2015-12-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-21]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616"
CHR DefaultSearchURL: Default -> hxxp://www.yoursites123.com/web/?type=ds&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursites123
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870773&z=c6f37dd375e8e9d619cc9adg1z8zct6b3m3e2b0ocw&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9AF810616
R2 IhPul; C:\Users\Marcin\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [725640 2015-10-13] (Taiwan Shui Mu Chih Ching Technology Limited)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 WdMan; C:\ProgramData\7WdM7\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
2015-12-11 22:53 - 2015-12-11 22:54 - 00000000 ____D C:\ProgramData\7WdM7
2015-12-11 22:53 - 2015-12-11 22:53 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html
2015-12-11 22:52 - 2015-12-11 22:52 - 02545024 _____ C:\WINDOWS\SysWOW64\pl0.exe
2015-12-11 22:53 - 2015-10-24 09:52 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.
 

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.