x-kom hosting

Yoursites123...błagam

xnxx123
utworzono
utworzono

Witam wszystkich!

 

Dopadło mnie dzisiaj to co wszystkich. Bardzo proszę o pomoc :( W załączniku dodaję logi z dzisiejszego skanu.

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Odinstaluj program:

Picexa (x32)

 

2) Otwórz Notatnik i wklej w nim:

Task: {1826C5FE-A51A-43D6-95F8-460017C44DF4} - System32\Tasks\ghokswaBrowserUpdateCore => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] ()
Task: {7E06AB56-BC0D-44D3-8564-17A3D1B32BC0} - System32\Tasks\ghokswaBrowserUpdateUA => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] ()
Task: {AA2A1345-5AB9-468C-B169-8E72A11C8454} - System32\Tasks\ghokswaCheckTask => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] ()
C:\Users\Staroniowy\AppData\Roaming\TSv
C:\ProgramData\3WdM3
C:\Program Files (x86)\SFK
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1422545920&from=cor&uid=ST9120823AS_5NJ0WJLQ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422545852&from=cor&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKCU - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1442826347&z=bc72fc4efb04295bbaa8200gfz3zdo0beocq9c4z4m&from=ient07021&uid=ST9120823AS_5NJ0WJLQ&q={searchTerms}
SearchScopes: HKCU - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\default_newtabff@gmail.com
FF Extension: No Name - C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\yahooprotected@gmail.com
FF Extension: YahooToolsProtected  - C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\extensions\yahooprotected@gmail.com
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ
CHR StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [730248 2015-11-04] (Taiwan Shui Mu Chih Ching Technology Limited)
R2 IhPul; C:\Users\Staroniowy\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
S2 browserServer_2015.11.03.12.41.05; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [459480 2015-12-02] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search)
R2 WdMan; C:\ProgramData\3WdM3\WdMan.exe [333312 2015-12-04] (TFuns LIMITED)
S3 nkgnvjlp; \??\C:\Windows\system32\drivers\ngiodriver_x64 [x]
2015-12-11 08:19 - 2015-12-11 08:20 - 00000000 ____D C:\ProgramData\3WdM3
2015-12-11 08:19 - 2015-12-11 08:19 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-12-11 08:18 - 2015-12-11 08:18 - 02545024 _____ C:\Windows\SysWOW64\pl2.exe
2015-12-02 12:02 - 2015-12-11 09:25 - 00000000 ____D C:\Program Files (x86)\Picexa
2015-12-02 10:41 - 2015-12-02 10:41 - 00015068 _____ C:\Windows\System32\Tasks\ghokswaCheckTask
2015-11-24 08:19 - 2015-12-11 08:19 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-24 08:19 - 2015-11-28 15:12 - 00000000 ____D C:\ProgramData\6WMiniPro6
2015-12-11 10:23 - 2015-09-21 10:06 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-11 09:25 - 2015-12-02 12:02 - 00000000 ____D C:\Program Files (x86)\Picexa
2015-12-11 08:20 - 2015-12-11 08:19 - 00000000 ____D C:\ProgramData\3WdM3
2015-12-11 08:19 - 2015-12-11 08:19 - 00000001 _____ C:\Windows\SysWOW64\pl.html
2015-12-11 08:19 - 2015-11-24 08:19 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-11 08:19 - 2015-09-21 10:06 - 00000000 ____D C:\Users\Staroniowy\AppData\Roaming\TSv
2015-12-11 08:18 - 2015-12-11 08:18 - 02545024 _____ C:\Windows\SysWOW64\pl2.exe
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

 

Jeśli natomiast nie będzie OK, to ściągniesz nowszą wersję FRST, i zrobisz logi - bo ta wersja, której używasz w tej chwili, jest baaaardzo stara:

Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04 ([color=red]ATTENTION: ====> FRST version is 867 days old and could be outdated[/color])

 

xnxx123
komentarz
komentarz

NIestety nie pomogło. Tak jak radzisz, ściągnąłem nowszą wersję i zrobiłem logi od nowa. Może teraz coś się uda z tym zrobić?

Twój_Anioł_Stróż
komentarz
komentarz

Otwórz Notatnik i wklej w nim:

Task: {635F65FC-27D3-4CE7-B24A-E4484F6313F3} - System32\Tasks\ghokswaBrowserUpdateUA => C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [2015-12-02] () <==== UWAGA
C:\Program Files (x86)\ghokswa Browser
ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1448349541&z=0ba7ab2b9d570d93d409297gfz1zab1cfz0tbw0z4c&from=ient07031&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\Users\Staroniowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\p.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ <==== UWAGA
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: yoursites123
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: yoursites123
FF Homepage: hxxp://www.yoursites123.com/?type=hp&ts=1449818330&z=cf859a2f05c84c3d780f373gcz8zetbb4g8b4c1cag&from=ient07021&uid=ST9120823AS_5NJ0WJLQ
FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\vf61tfx6.default\searchplugins\V9.xml [2015-10-19]
FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\V9.xml [2015-10-19]
FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\webssearches.xml [2015-12-11]
FF SearchPlugin: C:\Users\Staroniowy\AppData\Roaming\Mozilla\Firefox\Profiles\kr8q0olj.default-1445152275533\searchplugins\yoursites123.xml [2015-12-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-06]
CHR HomePage: Profile 4 -> hxxp://www.v9.com?type=hp&ts=1444192095&from=mych123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b
CHR StartupUrls: Profile 4 -> "hxxp://www.v9.com?type=hp&ts=1444192095&from=mych123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b"
CHR DefaultSearchURL: Profile 4 -> hxxp://www.v9.com/web?type=ds&ts=1444192095&from=zzgbkk123&uid=st9120823as_5nj0wjlq&z=c1589335e074939dc6e9fe6g3zez7zdg7tdoce6t3b&q={searchTerms}
CHR DefaultSearchKeyword: Profile 4 -> v9
S2 WSModules; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [459480 2015-12-02] ()
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).


----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.
xnxx123
komentarz
komentarz

Teraz pomogło! :) Dzzzzzziiiiiiiiiiiięęęęęęęęęęęęęęęęęęękkkkkujjjjjjjęęęęęęęę!!!!!!!!! :D

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.