x-kom hosting

yoursites123 prosze o pomoc!

marcin1422
utworzono
utworzono

Witam!

Prosiłbym o pomoc w zwalczeniu wirusa :)

Logi dodaje w załączniku

z góry dzięki!

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

Otwórz Notatnik i wklej w nim:

ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\Users\Adamczyk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260 <==== UWAGA
C:\Users\Adamczyk\AppData\Roaming\TSv
C:\Program Files (x86)\SFK
C:\ProgramData\DWdMD
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
HKU\S-1-5-21-2564023132-1498122180-3607327297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422451849&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> OldSearch URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://q.search-simple.com/?affID=bl_41907433-1a82-4656-880d-5169fe6552dc&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2564023132-1498122180-3607327297-1000 -> {szukaj.gazeta.pl} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260&ts=1422451866&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1449851012&z=4d9d2789221d632ae275df0gdzez2t5bbw4g8eag1w&from=ient07021&uid=ST1000LM024XHN-M101MBB_S30YJ9JF800260
R2 IhPul; C:\Users\Adamczyk\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 WdMan; C:\ProgramData\DWdMD\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
R1 {56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64; C:\Windows\System32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64.sys [48784 2015-01-27] (StdLib)
R1 {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64; C:\Windows\System32\drivers\{7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64.sys [48784 2015-02-03] (StdLib)
R1 {ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64; C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64.sys [48784 2015-01-31] (StdLib)
R1 {f2944598-b89f-4e10-b544-5173761572df}w64; C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}w64.sys [48784 2015-01-28] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
C:\Windows\System32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}Gw64.sys
C:\Windows\System32\drivers\{7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}w64.sys
C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}w64.sys
C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}w64.sys
2015-12-11 19:27 - 2015-12-12 12:49 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-11-30 17:23 - 2015-11-30 17:23 - 00000000 ____D C:\Users\Adamczyk\AppData\Roaming\eCyber
2015-11-27 11:56 - 2015-12-12 13:10 - 00000000 ____D C:\Program Files (x86)\SFK
2015-11-27 11:55 - 2015-12-11 17:24 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-27 11:55 - 2015-11-28 16:38 - 00000000 ____D C:\ProgramData\ZWMiniProZ
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.