Witam serdecznie,
jak w temacie.
FRST: http://www.wklej.org/id/3092590/
Addition: http://www.wklej.org/id/3092623/
Shortcut: http://www.wklej.org/id/3092626/
Będę wdzięczna za pomoc,
Pozdrawiam
Nie widać aktywnej infekcji.
Odinstaluj WebStorage.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:
GroupPolicy: Ograniczenia <======= UWAGA
HKU\S-1-5-21-2151703934-1049905182-3447498842-1001\...\RunOnce: [Uninstall C:\Users\Sarajewo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sarajewo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DtB0FyCyDzz0B0ByDyBtDtN0D0Tzu0StCyEyCyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEyBzztA0FyDzytGyDyCyC0AtGtDtD0AtBtGyB0AtA0CtGyC0AyCtCyC0DtCzzzy0B0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyC0Ezy0DzzyEtGtA0C0DtBtGyE0AyEyDtG0ByBzytCtGyEtAyD0BtDyEzyzyyDtC0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D356120828%26a%3Dwbf_ir_16_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DtB0FyCyDzz0B0ByDyBtDtN0D0Tzu0StCyEyCyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEyBzztA0FyDzytGyDyCyC0AtGtDtD0AtBtGyB0AtA0CtGyC0AyCtCyC0DtCzzzy0B0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyC0Ezy0DzzyEtGtA0C0DtBtGyE0AyEyDtG0ByBzytCtGyEtAyD0BtDyEzyzyyDtC0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D356120828%26a%3Dwbf_ir_16_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2151703934-1049905182-3447498842-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DtB0FyCyDzz0B0ByDyBtDtN0D0Tzu0StCyEyCyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEyBzztA0FyDzytGyDyCyC0AtGtDtD0AtBtGyB0AtA0CtGyC0AyCtCyC0DtCzzzy0B0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyC0Ezy0DzzyEtGtA0C0DtBtGyE0AyEyDtG0ByBzytCtGyEtAyD0BtDyEzyzyyDtC0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D356120828%26a%3Dwbf_ir_16_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2151703934-1049905182-3447498842-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DtB0FyCyDzz0B0ByDyBtDtN0D0Tzu0StCyEyCyCtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEyBzztA0FyDzytGyDyCyC0AtGtDtD0AtBtGyB0AtA0CtGyC0AyCtCyC0DtCzzzy0B0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyC0Ezy0DzzyEtGtA0C0DtBtGyE0AyEyDtG0ByBzytCtGyEtAyD0BtDyEzyzyyDtC0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D356120828%26a%3Dwbf_ir_16_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2151703934-1049905182-3447498842-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_opnsb_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DtB0FyCyDzz0B0ByDyBtDtN0D0Tzu0StCyDzyyDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0DyEtA0DyC0DtCtGtDtBtD0AtG0E0EzztBtGtB0EzyyEtGyByByCzytDtC0Czz0F0DtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyC0Ezy0DzzyEtGtA0C0DtBtGyE0AyEyDtG0ByBzytCtGyEtAyD0BtDyEzyzyyDtC0CtB2QtN0A0LzuyE%26cr%3D4394350%26a%3Dwnf_opnsb_16_19%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9vzzgfib.default -> Search Provided by Yahoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9vzzgfib.default -> Search Provided by Yahoo
CHR HKU\S-1-5-21-2151703934-1049905182-3447498842-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2151703934-1049905182-3447498842-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
S2 0127711492023034mcinstcleanup; C:\WINDOWS\TEMP\012771~1.EXE [1030904 2017-02-09] (McAfee, Inc.)
CustomCLSID: HKU\S-1-5-21-2151703934-1049905182-3447498842-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sarajewo\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-2151703934-1049905182-3447498842-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Sarajewo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Brak pliku
Task: {24892EDC-A608-4735-998A-8DD8B5ED47F3} - \WPD\SqmUpload_S-1-5-21-2151703934-1049905182-3447498842-1001 -> Brak pliku <==== UWAGA
Task: {46213906-AF9F-402B-9773-BE014E643410} - \McAfee\McAfee Idle Detection Task -> Brak pliku <==== UWAGA
Task: {93627CF5-EC9A-4A61-8D94-93D1021BB46A} - System32\Tasks\{580867BF-F65F-4776-8C11-CDACF6478290} => pcalua.exe -a C:\Users\Sarajewo\AppData\Local\{01A437F8-250C-5B40-4894-7EA86CFC8230}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.
Wydaje się, że odinstalowanie WebStorage pomogło, dziękuję za sugestię!
FRST: http://www.wklej.org/id/3092858/
Pozdrawiam!
Skasuj folder C:\FRST