"omniboxes" opanował przeglądarki, coś jeszcze musi być


(Tkzygalo) #1

po kliknięciu w co cokolwiek wyskakuje kilkanaście okien z propozycja usunięcia.

FRST

addition.txt

Shortcut.txt 

 


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Run: [KSS] = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hpts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hpts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-882791433-3015492900-3782709270-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hpts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {13CC6647-DD4A-476A-9EEE-B507CA35B7D4} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {66C8052B-F81C-4664-87BB-F2C76D802BFB} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {9B549BD7-348B-43C6-AF70-3C3C85F442E8} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {CD9911B8-D0E3-49DB-AF85-20243347B77C} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-882791433-3015492900-3782709270-1000 - {szukaj.gazeta.pl} URL =
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: omniboxes
FF SelectedSearchEngine: omniboxes
FF Homepage: hxxp://www.omniboxes.com/?type=hpts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S
FF SearchPlugin: C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\searchplugins\omniboxes.xml [2015-12-04]
FF SearchPlugin: C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\searchplugins\webssearches.xml [2015-11-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-10-08]
FF Extension: Default SearchProtected  - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\extensions\defsearchp@gmail.com.xpi [2015-11-06] [Brak podpisu cyfrowego]
FF Extension: Default NewTab - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\extensions\default_newtabff@gmail.com [2015-11-10] [Brak podpisu cyfrowego]
FF Extension: YahooToolsProtected  - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\extensions\yahooprotected@gmail.com.xpi [2015-12-04] [Brak podpisu cyfrowego]
FF Extension: Default SearchProtected  - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\Extensions\defsearchp@gmail.com [2015-11-10] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Hrabia\AppData\Roaming\Mozilla\Firefox\Profiles\yjadng1y.default\extensions\default_newtabff@gmail.com
CHR StartupUrls: Default - "hxxp://www.omniboxes.com/?type=hpts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S"
CHR HKU\S-1-5-21-882791433-3015492900-3782709270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
2015-11-10 19:32 - 2015-11-11 19:31 - 00003260 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-11-10 12:13 - 2015-11-11 20:42 - 00000000 ____ D C:\Program Files (x86)\WinZipper
2015-11-10 12:13 - 2015-11-10 12:13 - 00000000 ____ D C:\Users\Hrabia\AppData\Roaming\WinZipper
2015-11-10 12:12 - 2015-12-03 03:02 - 00000000 ____ D C:\ProgramData\QWMiniProQ
2015-11-10 12:11 - 2015-11-24 11:31 - 00000000 ____ D C:\Users\Hrabia\AppData\Roaming\TSv
2015-11-10 12:07 - 2015-12-03 03:02 - 00000000 ____ D C:\ProgramData\ZWMiniProZ
2015-11-24 11:31 - 2015-10-25 01:57 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2014-10-08 00:58 - 2014-10-08 00:58 - 0000003 _____ () C:\Users\Hrabia\AppData\Local\proxy.log
CustomCLSID: HKU\S-1-5-21-882791433-3015492900-3782709270-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 - C:\Users\Hrabia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-882791433-3015492900-3782709270-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 - C:\Users\Hrabia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-882791433-3015492900-3782709270-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 - C:\Users\Hrabia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-882791433-3015492900-3782709270-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 - C:\Users\Hrabia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll = Brak pliku
Task: {000E1191-C564-4C20-B84B-2AC0DEAC2C28} - System32\Tasks\bench-S-1-5-21-882791433-3015492900-3782709270-1000 = C:\Program Files (x86)\Bench\Updater\updater.exe ==== UWAGA
Task: {2CBC6FCF-7B0D-4F5A-8F16-9DAD2B816F3D} - \{3A97ADB3-FA9A-4A6D-AFCD-92614BCAA13F} - Brak pliku ==== UWAGA
Task: {56E4BC16-C308-4D73-8818-ADB415068F5E} - System32\Tasks\{93093CF3-78B7-41AC-B732-95FA52D70817} = pcalua.exe -a "C:\Users\Hrabia\Desktop\Nowy folder\Instcodec.exe" -d "C:\Users\Hrabia\Desktop\Nowy folder"
Task: {7B9E3A22-25E3-4947-A54F-608D59A93435} - \GoogleUpdateTaskUserS-1-5-21-882791433-3015492900-3782709270-1000UA - Brak pliku ==== UWAGA
Task: {81EB1166-7720-4144-87EF-AFD408051B8C} - \User_Feed_Synchronization-{A13E9387-A7D8-437B-AAA8-69BDA830E307} - Brak pliku ==== UWAGA
Task: {AF5FA8CA-A96E-46AD-8D06-FE9D1EFDA196} - \{05069A2A-4616-4EEE-AE95-E81E3B5A08A3} - Brak pliku ==== UWAGA
Task: {C2BF6547-D91A-453C-8470-58F25D40483A} - \{10B3BB0E-7E31-4A74-A906-E529CDC55BD7} - Brak pliku ==== UWAGA
Task: {E654CCA3-C74F-40CE-9BAA-F0E0FA9B3D03} - \{AC3EB2BB-4A55-4766-BC05-07841949E9FE} - Brak pliku ==== UWAGA
Task: {F883ACD2-88A4-4D8C-A200-6645697FB3A7} - \{5BB9E411-F7A4-42DC-89A4-0B99863F57C9} - Brak pliku ==== UWAGA
Task: {FECB1517-F5A8-42A3-902F-ABCEDDBC2330} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
ShortcutWithArgument: C:\Users\Hrabia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.omniboxes.com/?type=scts=1448361048z=bf107d15e53849d976017afg4z2z6bfc7q0g6e7zcwfrom=ient07031uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S ==== UWAGA
ShortcutWithArgument: C:\Users\Hrabia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://www.omniboxes.com/?type=scts=1447153628z=a45a782e112d95ce434b5a0gaz5zam1g1wfc3q9cbbfrom=wpm07163uid=TOSHIBAXMK5075GSX_61E6F2F8SXX61E6F2F8S ==== UWAGA
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

 


(Tkzygalo) #3

fixlog

frst


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

C:\Users\Hrabia\AppData\Local\Temp\*.dll
C:\Users\Hrabia\AppData\Local\Temp\*.exe
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST