x-kom hosting

Pomoże ktoś usunąć yoursites123

landbartek
utworzono
utworzono

adwcleaner ani avast tego nie wykrywają. Użyłem FRST , ale nie wiem jak użyć tych plików. Proszę o pomoc.

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

Otwórz Notatnik i wklej w nim:

Task: {946C2814-EC69-44ED-919C-8AD4EFCB79DE} - System32\Tasks\{646D58A8-80E8-49D7-9A3B-0D86BD3CC546} => pcalua.exe -a E:\autorun.exe -d E:\
ShortcutWithArgument: C:\Users\Bartek\Desktop\Start Tor Browser.lnk -> C:\Users\Bartek\Desktop\Nowy folder\Tor Browser\Browser\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT <==== UWAGA
C:\Users\Bartek\AppData\Roaming\TSv
C:\Program Files (x86)\SFK
C:\ProgramData\7WdM7
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1942698258-3291123827-989924534-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Bartek\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Bartek\AppData\Local\Akamai\netsession_win.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  Brak pliku
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Brak pliku)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
HKU\S-1-5-21-1942698258-3291123827-989924534-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
HKU\S-1-5-21-1942698258-3291123827-989924534-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> {1DA3C75E-E322-4459-85F5-28FE8C70BC72} URL =
SearchScopes: HKU\S-1-5-21-1942698258-3291123827-989924534-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT"
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449870658&z=ea422c3e1a9c8d4cdd1e4bdgdzez7t4bbm1ebqdqdo&from=ient07021&uid=TOSHIBAXMQ01ABD075_Y3U6CBYMTXXY3U6CBYMT
R2 IhPul; C:\Users\Bartek\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 WdMan; C:\ProgramData\7WdM7\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc [X]
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
2015-12-11 23:10 - 2015-12-11 23:10 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\eCyber
C:\Windows\Minidump\*.dmp
2015-12-11 22:51 - 2015-12-11 23:09 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-11 22:51 - 2015-12-11 23:08 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-12-11 22:51 - 2015-12-11 22:52 - 00000000 ____D C:\ProgramData\7WdM7
2015-12-02 22:49 - 2015-12-02 22:49 - 00000000 _____ C:\Windows\SysWOW64\pl6.exe
2015-12-11 22:51 - 2015-10-08 17:01 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\TSv
2015-12-11 22:51 - 2015-08-28 19:36 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.