xnxx123 utworzono 11 grudnia 2015 utworzono 11 grudnia 2015 Witam wszystkich! Dopadło mnie dzisiaj to co wszystkich. Bardzo proszę o pomoc :( W załączniku dodaję logi z dzisiejszego skanu.
Twój_Anioł_Stróż komentarz 11 grudnia 2015 komentarz 11 grudnia 2015 (edytowane) 1) Odinstaluj program: Picexa (x32) 2) Otwórz Notatnik i wklej w nim: Task: {1826C5FE-A51A-43D6-95F8-460017C44DF4} - System32\Tasks\ghokswaBrowserUpdateCore => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] () Task: {7E06AB56-BC0D-44D3-8564-17A3D1B32BC0} - System32\Tasks\ghokswaBrowserUpdateUA => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] () Task: {AA2A1345-5AB9-468C-B169-8E72A11C8454} - System32\Tasks\ghokswaCheckTask => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] () C:\Users\Staroniowy\AppData\Roaming\TSv C:\ProgramData\3WdM3 C:\Program Files (x86)\SFK HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKCU - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1442826347&z=bc72fc4efb04295bbaa8200gfz3zdo0beocq9c4z4m&from=ient07021&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms} SearchScopes: HKCU - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\fftoolbar2014@etech.com FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\quick_searchff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\sweetsearch@gmail.com FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\default_newtabff@gmail.com FF Extension: No Name - C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\default_newtabff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\defsearchp@gmail.com FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\yahooprotected@gmail.com FF Extension: YahooToolsProtected - C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\yahooprotected@gmail.com FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ CHR StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [730248 2015-11-04] (Taiwan Shui Mu Chih Ching Technology Limited) R2 IhPul; C:\Users\Staroniowy\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) S2 browserServer_2015.11.03.12.41.05; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [459480 2015-12-02] () R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>) R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search) R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) S3 nkgnvjlp; \??\C:\Windows\system32\drivers\ngiodriver_x64 [x] 2015-12-11 08:19 - 2015-12-11 08:20 - 00000000 ____D C:\ProgramData\3WdM3 2015-12-11 08:19 - 2015-12-11 08:19 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-12-11 08:18 - 2015-12-11 08:18 - 02545024 _____ C:\Windows\SysWOW64\pl2.exe 2015-12-02 12:02 - 2015-12-11 09:25 - 00000000 ____D C:\Program Files (x86)\Picexa 2015-12-02 10:41 - 2015-12-02 10:41 - 00015068 _____ C:\Windows\System32\Tasks\ghokswaCheckTask 2015-11-24 08:19 - 2015-12-11 08:19 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-24 08:19 - 2015-11-28 15:12 - 00000000 ____D C:\ProgramData\6WMiniPro6 2015-12-11 10:23 - 2015-09-21 10:06 - 00000000 ____D C:\Program Files (x86)\SFK 2015-12-11 09:25 - 2015-12-02 12:02 - 00000000 ____D C:\Program Files (x86)\Picexa 2015-12-11 08:20 - 2015-12-11 08:19 - 00000000 ____D C:\ProgramData\3WdM3 2015-12-11 08:19 - 2015-12-11 08:19 - 00000001 _____ C:\Windows\SysWOW64\pl.html 2015-12-11 08:19 - 2015-11-24 08:19 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-12-11 08:19 - 2015-09-21 10:06 - 00000000 ____D C:\Users\Staroniowy\AppData\Roaming\TSv 2015-12-11 08:18 - 2015-12-11 08:18 - 02545024 _____ C:\Windows\SysWOW64\pl2.exe EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast nie będzie OK, to ściągniesz nowszą wersję FRST, i zrobisz logi - bo ta wersja, której używasz w tej chwili, jest baaaardzo stara: Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04 ([color=red]ATTENTION: ====> FRST version is 867 days old and could be outdated[/color])
xnxx123 komentarz 11 grudnia 2015 Autor komentarz 11 grudnia 2015 NIestety nie pomogło. Tak jak radzisz, ściągnąłem nowszą wersję i zrobiłem logi od nowa. Może teraz coś się uda z tym zrobić?
Twój_Anioł_Stróż komentarz 11 grudnia 2015 komentarz 11 grudnia 2015 Otwórz Notatnik i wklej w nim: Task: {635F65FC-27D3-4CE7-B24A-E4484F6313F3} - System32\Tasks\ghokswaBrowserUpdateUA => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] () <==== UWAGA C:\Program Files (x86)\ghokswa Browser ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1448349541&z=0ba7ab2b9d570d93d409297gfz1zab1cfz0tbw0z4c&from=ient07031&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA ShortcutWithArgument: C:\Users\Public\Desktop\p.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: yoursites123 FF SearchEngineOrder.1: V9 FF SelectedSearchEngine: yoursites123 FF Homepage: hxxp://www.yoursites123.com/?type=hp&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\searchplugins\V9.xml [2015-10-19] FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\V9.xml [2015-10-19] FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\webssearches.xml [2015-12-11] FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\yoursites123.xml [2015-12-11] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-06] CHR HomePage: Profile 4 -> hxxp://www.v9.com?type=hp&ts=1444192095&from=mych123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b CHR StartupUrls: Profile 4 -> "hxxp://www.v9.com?type=hp&ts=1444192095&from=mych123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b" CHR DefaultSearchURL: Profile 4 -> hxxp://www.v9.com/web?type=ds&ts=1444192095&from=zzgbkk123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b&q={searchTerms} CHR DefaultSearchKeyword: Profile 4 -> v9 S2 WSModules; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [459480 2015-12-02] () EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). ---------------------- Jeśli będzie OK, to będziemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie. .
xnxx123 komentarz 11 grudnia 2015 Autor komentarz 11 grudnia 2015 Teraz pomogło! :) Dzzzzzziiiiiiiiiiiięęęęęęęęęęęęęęęęęęękkkkkujjjjjjjęęęęęęęę!!!!!!!!! :D
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.