x-kom hosting

Yoursite123

Wyntel
utworzono
utworzono

Jestem kolejną ofiarą tego dziadostwa.... Proszę o pomoc. Załączam pliki z FRST

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)
==================== Procesy (filtrowane) =================
(TODO: <公司名>) C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir
(TODO: <公司名>) C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir

 

a to ciekawe, - działa nawet w Kwarantannie!

 

Otwórz Notatnik i wklej w nim:

DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> D:\Programy\firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX <==== UWAGA
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
HKU\S-1-5-21-233006258-18527085-3623643150-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
HKU\S-1-5-21-233006258-18527085-3623643150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-233006258-18527085-3623643150-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
CHR StartupUrls: Default -> "chrome://newtab/"
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449835422&z=9c57ebe2cd8823fe0fc018ag3z2z1t4b6c3wfz1o9g&from=ient07021&uid=HitachiXHTS545050B9A300_100622PBN40317HG7JXEX
S2 WdMan; C:\ProgramData\SWdMS\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
C:\ProgramData\SWdMS
R4 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X
2015-12-13 02:51 - 2015-12-13 14:28 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-12-13 00:51 - 2015-12-13 00:51 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\eCyber
2015-12-11 13:06 - 2015-12-13 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2015-12-11 13:06 - 2015-12-11 13:06 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\Picexa Viewer
2015-12-11 13:05 - 2015-12-13 15:30 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-11 13:05 - 2015-12-11 13:06 - 00000000 ____D C:\ProgramData\SWdMS
2015-12-02 20:33 - 2015-12-03 00:44 - 00000000 _____ C:\Windows\SysWOW64\pl2.exe
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk [b]Odinstaluj[/b] ([b]UNINSTALL[/b]).


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.
 
  • Dobra wypowiedź 1
Wyntel
komentarz
komentarz

Wszystko znikło! Dziękuję.
Najdziwniejsze jest to że nic nie instalowałem a się to pojawiło muszę uważać bardziej.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.