ImageToPneG poważny problem z przeglądarką

iwanonee · 27 Październik 2014 12:45

Witam,

Acorus · 27 Październik 2014 13:20

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.

iwanonee · 27 Październik 2014 14:39

FRST:

Acorus · 27 Październik 2014 15:39

Otwórz Notatnik i wklej:

Task: {25120F5E-EE7D-4B9A-9875-620CF5387093} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3135860982-261939177-4136438857-1000Core = C:\Users\Klient X\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {454927BA-6EF6-4797-900C-DFEA40321F95} - System32\Tasks\{32ED3E7B-A1C4-4BDE-8D76-3DB1C4850C40} = D:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
Task: {8B91BC04-AB3B-4C32-AE91-32A701BBB4E0} - System32\Tasks\{D018C656-0871-420A-B8B2-E8C2C8AD72A1} = Firefox.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=5.0.0.152.259amp;LastError=12002
Task: {9D410F83-A638-46A1-AAA9-A660462C6CE0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3135860982-261939177-4136438857-1000UA = C:\Users\Klient X\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135860982-261939177-4136438857-1000Core.job = C:\Users\Klient X\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135860982-261939177-4136438857-1000UA.job = C:\Users\Klient X\AppData\Local\Facebook\Update\FacebookUpdate.exe
ShellIconOverlayIdentifiers: [DropboxExt1] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt2] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt3] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt4] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHH
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=102systemid=473v=a13277-248apn_uid=0016112158384557apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKLM-x32 - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://startsear.ch/?aff=1src=spcf=9f65d3f9-f9c6-11e0-b591-00266c5d8569q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=102systemid=473v=a13277-248apn_uid=0016112158384557apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT3031817
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://startsear.ch/?aff=1src=spcf=9f65d3f9-f9c6-11e0-b591-00266c5d8569q={searchTerms}
SearchScopes: HKCU - {31E1EB42-409C-4ACE-8FCB-22498B8B4DBE} URL = http://klit.startnow.com/s/?q={searchTerms}src=defsearchprovider=provider_name=yahooprovider_code=partner_id=693product_id=741affiliate_id=channel=toolbar_id=200toolbar_version=2.3.0install_country=PLinstall_date=20111002user_guid=F0290983B1A447CC9DC9F3D1A9FF847Emachine_id=70d9d444095248431e67f1741bf69ac6browser=IEos=winos_version=6.1-x64-SP0iesrc={referrer:source}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1403451051from=smtuid=ST9500325AS_5VEBMEHHXXXX5VEBMEHHq={searchTerms}
SearchScopes: HKCU - {48117D04-4948-4515-9E23-046DE9EC4942} URL =
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=102systemid=473v=a13277-248apn_uid=0016112158384557apn_dtid=BND101o=APN10640apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKCU - {75D23442-3CBD-4C0D-9A1B-ADB9645CB7FA} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
SearchScopes: HKCU - {A1B0B85C-181C-48A9-AD97-EC2D6919BC62} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT3031817
SearchScopes: HKCU - {BCF42474-7EFA-4769-8C81-DCB738A6A376} URL =
BHO-x32: Weebbiung - {dad249a2-7b03-4745-845a-317692826ec9} - C:\Program Files (x86)\Weebbiung\WNLZfwDnGJtym0.dll No File
Toolbar: HKLM-x32 - No Name - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - No File
Toolbar: HKLM-x32 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKLM-x32 - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
CHR Extension: (ImageToPneG) - C:\Users\Klient X\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeloaelhbbgdeibebjpbeclalfmopee [2014-10-26]
CHR Extension: (SweetIM for Facebook) - C:\Users\Klient X\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2014-10-26]
CHR Extension: (vshare plugin) - C:\Users\Klient X\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-01-21]
CHR Extension: (Adblock Pro) - C:\Users\Klient X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-10-27]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Klient X\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2013-01-28]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \\C:\Users\KLIENT~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 dump_wmimmc; \\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [X]
S3 Gun; \\D:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [X]
U4 vsserv; No ImagePath
U4 WMCoreService; No ImagePath
2014-10-26 13:30 - 2014-10-26 13:43 - 00000000 ____ D () C:\ComboFix
2014-10-26 13:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-26 13:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-26 13:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-26 13:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-26 13:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-26 13:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-26 13:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-26 13:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 12:33 - 2014-10-14 12:37 - 00000000 ____ D () C:\Users\Klient X\AppData\Roaming\Systweak
2014-10-14 12:33 - 2014-08-29 16:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-01 13:55 - 2014-10-01 14:11 - 00000000 ____ D () C:\ProgramData\NexuteCOup
2014-10-01 13:55 - 2014-10-01 14:10 - 00000000 ____ D () C:\Program Files (x86)\NexuteCOup
2014-10-01 13:21 - 2014-10-01 14:10 - 03549184 _____ () C:\Windows\SysWOW64\setup.exe
2014-09-30 12:44 - 2014-10-01 13:56 - 00000000 ____ D () C:\ProgramData\GoSaivve
2014-09-30 12:44 - 2014-10-01 13:54 - 00000000 ____ D () C:\Program Files (x86)\GoSaivve
2014-09-30 12:44 - 2014-10-01 13:23 - 00000000 ____ D () C:\ProgramData\YeoouteubeADBloCkee
2014-09-30 12:44 - 2014-10-01 13:21 - 00000000 ____ D () C:\Program Files (x86)\YeoouteubeADBloCkee
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Klient X\AppData\Local\Torch
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Klient X\AppData\Local\Comodo
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Klient X\AppData\Local\Chromatic Browser
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\HomeGroupUser$
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Torch
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Google
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Comodo
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Gość\AppData\Local\Chromatic Browser
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Gość
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Torch
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Google
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-30 12:44 - 2014-09-30 12:44 - 00000000 ____ D () C:\Users\Administrator
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe