kaja0208 utworzono 24 grudnia 2015 utworzono 24 grudnia 2015 Witam, mam problem z wirusem yoursite123. Proszę o pomoc. Załączam logi z FRST.
Twój_Anioł_Stróż komentarz 24 grudnia 2015 komentarz 24 grudnia 2015 (edytowane) 1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface 2) Otwórz Notatnik i wklej w nim: DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software ShortcutWithArgument: C:\Users\Karolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX ShortcutWithArgument: C:\Users\Karolina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX ShortcutWithArgument: C:\Users\Karolina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX ShortcutWithArgument: C:\Users\Karolina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: yoursites123 FF SelectedSearchEngine: yoursites123 FF Homepage: hxxp://www.yoursites123.com/?type=sc&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&q={searchTerms} HKU\S-1-5-21-4162076692-3029343818-890522049-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&q={searchTerms} HKU\S-1-5-21-4162076692-3029343818-890522049-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKU\S-1-5-21-4162076692-3029343818-890522049-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKU\S-1-5-21-4162076692-3029343818-890522049-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&q={searchTerms} SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&ts=1434215496&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&ts=1434215496&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> {38EE8BDB-2B78-4D8F-955A-173B555270BE} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&ts=1434215496&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> {E2BB3BDD-ADB7-4378-88FD-2383D5A7FDE1} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&ts=1434215496&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4162076692-3029343818-890522049-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&ts=1434215496&type=default&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449656069&z=0e7f531ddd61dd5ae541050gcz4z9taq7wdq7edqcq&from=ient07021&uid=HGSTXHTS541010A9E680_JD1009CC1DG5EH1DG5EHX GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKU\S-1-5-21-4162076692-3029343818-890522049-1001\...\Policies\Explorer: [] HKU\S-1-5-21-4162076692-3029343818-890522049-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Karolina\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes FirewallRules: [TCP Query User{936E001A-7CA9-4DD5-B8AD-9FAD5BBBCDBD}C:\users\karolina\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\karolina\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DF46CC5F-8386-4DAA-AD36-F03728F310B7}C:\users\karolina\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\karolina\appdata\local\akamai\netsession_win.exe 2015-11-02 21:10 - 2015-12-09 11:15 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-12-10 16:21 - 2015-06-13 18:11 - 00000000 ____D C:\Program Files (x86)\MiuiTab C:\Windows\Minidump\112915-36703-01.dmp 2015-12-09 11:16 - 2015-12-23 22:35 - 00000000 ____D C:\Program Files (x86)\SFK 2015-12-09 11:15 - 2015-12-09 11:15 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\TSv 2015-12-09 11:14 - 2015-12-09 11:16 - 00000000 ____D C:\ProgramData\1WdM1 2015-12-14 17:52 - 2015-12-14 17:52 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\eCyber 2015-12-23 20:33 - 2015-12-23 22:33 - 00000001 _____ C:\Windows\SysWOW64\pl.html S1 wafd_vw_1_10_0_20; system32\drivers\wafd_vw_1_10_0_20.sys [X] S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X] R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] R2 IhPul; C:\Users\Karolina\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\sweetsearch@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\sidebarff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\extensions\yahooprotected@gmail.com FF SearchPlugin: C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\searchplugins\yoursites123.xml [2015-12-20] FF Extension: Default NewTab - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\Extensions\default_newtabff@gmail.com [2015-12-09] [Brak podpisu cyfrowego] FF Extension: sidebar - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\Extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego] FF Extension: YahooToolsProtected - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\Extensions\yahooprotected@gmail.com [2015-12-09] [Brak podpisu cyfrowego] FF Extension: Strong Signal - C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\rt0jmw72.default\Extensions\{70d7db02-623e-44ed-b5a4-769e869a9322}.xpi [2015-03-10] [Brak podpisu cyfrowego] chrome://quick_start/content/index.html EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
Twój_Anioł_Stróż komentarz 24 grudnia 2015 komentarz 24 grudnia 2015 Odinstalowałam. wróć do mojego poprzedniego postu
kaja0208 komentarz 24 grudnia 2015 Autor komentarz 24 grudnia 2015 Czy plik fixlist.txt mam zapisać w folderze Logs?
Twój_Anioł_Stróż komentarz 24 grudnia 2015 komentarz 24 grudnia 2015 Czy plik fixlist.txt mam zapisać w folderze Logs? umieść w tym folderze: Uruchomiony z C:\Users\Karolina\Downloads
kaja0208 komentarz 24 grudnia 2015 Autor komentarz 24 grudnia 2015 Pomogło! :) dziękuję bardzo za pomoc :)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.