marcin1422 utworzono 12 grudnia 2015 utworzono 12 grudnia 2015 Witam! Prosiłbym o pomoc w zwalczeniu wirusa :) Logi dodaje w załączniku z góry dzięki!
Twój_Anioł_Stróż komentarz 12 grudnia 2015 komentarz 12 grudnia 2015 (edytowane) Otwórz Notatnik i wklej w nim: ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA C:\Users\Adamczyk\AppData\Roaming\TSv C:\Program Files (x86)\SFK C:\ProgramData\DWdMD GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> OldSearch URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {szukaj.gazeta.pl} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 R2 IhPul; C:\Users\Adamczyk\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 WdMan; C:\ProgramData\DWdMD\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R1 {56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64; C:\Windows\System32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64.sys [48784 2015-01-27] (StdLib) R1 {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64; C:\Windows\System32\drivers\{7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64.sys [48784 2015-02-03] (StdLib) R1 {ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64; C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64.sys [48784 2015-01-31] (StdLib) R1 {f2944598-b89f-4e10-b544-5173761572df}w64; C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}w64.sys [48784 2015-01-28] (StdLib) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X] C:\Windows\System32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64.sys C:\Windows\System32\drivers\{7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64.sys C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64.sys C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}w64.sys 2015-12-11 19:27 - 2015-12-12 12:49 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-11-30 17:23 - 2015-11-30 17:23 - 00000000 ____D C:\Users\Adamczyk\AppData\Roaming\eCyber 2015-11-27 11:56 - 2015-12-12 13:10 - 00000000 ____D C:\Program Files (x86)\SFK 2015-11-27 11:55 - 2015-12-11 17:24 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-27 11:55 - 2015-11-28 16:38 - 00000000 ____D C:\ProgramData\ZWMiniProZ EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.