Wyntel utworzono 13 grudnia 2015 utworzono 13 grudnia 2015 Jestem kolejną ofiarą tego dziadostwa.... Proszę o pomoc. Załączam pliki z FRST
Twój_Anioł_Stróż komentarz 13 grudnia 2015 komentarz 13 grudnia 2015 (edytowane) ==================== Procesy (filtrowane) ================= (TODO: <公司名>) C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir (TODO: <公司名>) C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir a to ciekawe, - działa nawet w Kwarantannie! Otwórz Notatnik i wklej w nim: DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> D:\Programy\firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA HKLM-x32\...\Run: [] => [X] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} HKU\S-1-5-21-233006258-18527085-3623643150-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX HKU\S-1-5-21-233006258-18527085-3623643150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} SearchScopes: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} SearchScopes: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX CHR StartupUrls: Default -> "chrome://newtab/" StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX S2 WdMan; C:\ProgramData\SWdMS\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] C:\ProgramData\SWdMS R4 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X 2015-12-13 02:51 - 2015-12-13 14:28 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-12-13 00:51 - 2015-12-13 00:51 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\eCyber 2015-12-11 13:06 - 2015-12-13 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa 2015-12-11 13:06 - 2015-12-11 13:06 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\Picexa Viewer 2015-12-11 13:05 - 2015-12-13 15:30 - 00000000 ____D C:\Program Files (x86)\SFK 2015-12-11 13:05 - 2015-12-11 13:06 - 00000000 ____D C:\ProgramData\SWdMS 2015-12-02 20:33 - 2015-12-03 00:44 - 00000000 _____ C:\Windows\SysWOW64\pl2.exe EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. W Adw-Cleaner kliknij na przycisk [b]Odinstaluj[/b] ([b]UNINSTALL[/b]). Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. . 1
Wyntel komentarz 13 grudnia 2015 Autor komentarz 13 grudnia 2015 Wszystko znikło! Dziękuję. Najdziwniejsze jest to że nic nie instalowałem a się to pojawiło muszę uważać bardziej.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.