Witam,
Mam problem z przeglądarkami internetowymi po kolei Chrome, Firefox i IE, Problemem jest tzw “mulenie” komputera po otwarciu oraz oczywiście wszechobecne wyskakujące okienka reklamowe.
. Proszę o jakieś wskazówki co mogę poprawić
Poniżej linki z raportami z FRST
http://www.wklej.org/id/2198636/
http://www.wklej.org/id/2198644/
http://www.wklej.org/id/2198649/
Pozdrawiam
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Run: [KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150315
HKU\S-1-5-21-1085031214-1957994488-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150315
Toolbar: HKU\S-1-5-21-1085031214-1957994488-1606980848-1004 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
S3 ASUSProcObsrv; \??\D:\I386\AsProcOb.sys [X]
U3 DfSdkS; Brak ImagePath
S4 IntelIde; Brak ImagePath
U1 WS2IFSL; Brak ImagePath
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\Ewka\Dane aplikacji\NZ
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\Ewka\Dane aplikacji\QLAWYA
C:\Windows\Tasks\{AAAEE774-E229-B137-40EB-2C1A6E59984B}.job
C:\Windows\Tasks\{F7EA0456-E646-FEF2-8A5F-F670999065E2}.job
Task: C:\WINDOWS\Tasks\NZ.job = C:\Documents and Settings\Ewka\Dane aplikacji\NZ.exe ==== UWAGA
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\QLAWYA.job = C:\Documents and Settings\Ewka\Dane aplikacji\QLAWYA.exe ==== UWAGA
Task: C:\WINDOWS\Tasks\{AAAEE774-E229-B137-40EB-2C1A6E59984B}.job = C:\WINDOWS\system32\regsvr32.exeF /s /n /i:/rt C:\DOCUME~1\ALLUSE~1\DANEAP~1\f520d735\8379c624.dll ==== UWAGA
Task: C:\WINDOWS\Tasks\{F7EA0456-E646-FEF2-8A5F-F670999065E2}.job = powershell exe
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Witam,
Po przeprowadzonych czynnościach j.w.
Link do fixlog
http://www.wklej.org/id/2210106/
oraz do nowego FRST.txt
http://www.wklej.org/id/2210061/
Pozdrawiam
Skasuj folder C:\FRST
Dzięki za pomoc
Jak się uda na drugim kompie to pewnie zaraz powklejam linki raportów.
Podaje raporty z drugiego kompa dzieje się to samo co w tytule + non stop wyskakujące przekierowania.
http://www.wklej.org/id/2210287/ - FRST
http://www.wklej.org/id/2210315/ - Additon
http://www.wklej.org/id/2210316/ - Shortcut
Na pierwszym komputerze we właściwościach połączenia sieciowego usuń szkodliwe adresy DNS:
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
GroupPolicyUsers\S-1-5-21-3691673883-2721689847-326675705-1002\User: Ograniczenia ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
Tcpip…\Interfaces{6d5017f2-ebc1-4ce3-b4dd-ace495a648fe}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip…\Interfaces{6d5017f2-ebc1-4ce3-b4dd-ace495a648fe}: [DhcpNameServer] 82.163.142.7
Tcpip…\Interfaces{afe92477-bbf7-43ca-9efb-e751af7a9a72}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip…\Interfaces{f8331e11-7882-4d05-85d5-5b285ed5dd96}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip…\Interfaces{f8331e11-7882-4d05-85d5-5b285ed5dd96}: [DhcpNameServer] 82.163.142.7
HKU\S-1-5-21-3691673883-2721689847-326675705-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
HKU\S-1-5-21-3691673883-2721689847-326675705-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=homepartner=11467guid={E8B96EC4-518F-476C-A21B-09D21E72AEE9}i=
HKU\S-1-5-21-3691673883-2721689847-326675705-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=dsts=1431372544z=015216eb20a74bb0849b474g1zdc9g4c7m0ofwcz7efrom=coruid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726q={searchTerms}
HKU\S-1-5-21-3691673883-2721689847-326675705-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dsts=1431372544z=015216eb20a74bb0849b474g1zdc9g4c7m0ofwcz7efrom=coruid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476aid=114itype=aver=12692tm=296src=dsp={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476aid=114itype=aver=12692tm=296src=dsp={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - DefaultScope {4A7117D7-D325-4497-A449-CFAC9C7385C4} URL = hxxp://search.yahoo.com/search?p={searchTerms}fr=tightropetbtype=11467
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=butm_medium=ildutm_campaign=install_ieutm_content=dsfrom=ilduid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726ts=1423517470type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {4A7117D7-D325-4497-A449-CFAC9C7385C4} URL = hxxp://search.yahoo.com/search?p={searchTerms}fr=tightropetbtype=11467
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=butm_medium=ildutm_campaign=install_ieutm_content=dsfrom=ilduid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726ts=1423517470type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=butm_medium=ildutm_campaign=install_ieutm_content=dsfrom=ilduid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726ts=1423517470type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - {DC53C5B4-C397-47A0-BB67-4AD8989DCAB2} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=butm_medium=ildutm_campaign=install_ieutm_content=dsfrom=ilduid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726ts=1423517470type=defaultq={searchTerms}
Toolbar: HKU\S-1-5-21-3691673883-2721689847-326675705-1002 - Brak nazwy - {1D47EB15-6A98-4B4D-AAA6-9C51B04FC467} - Brak pliku
FF DefaultSearchEngine: eShield Safe Web
FF SelectedSearchEngine: eShield Safe Web
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={E8B96EC4-518F-476C-A21B-09D21E72AEE9}action=default_searchk=
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR HKLM-x32…\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
2016-03-31 20:22 - 2016-03-31 20:22 - 00000000 ____ D C:\ProgramData{0671a4e5-112c-0}
2016-03-31 20:22 - 2016-03-31 20:22 - 00000000 ____ D C:\ProgramData{040fa4a5-112c-1}
2016-03-26 22:10 - 2016-03-31 20:22 - 00000000 ____ D C:\ProgramData\40f3f48f-6d25-1
2016-03-26 22:10 - 2016-03-31 20:22 - 00000000 ____ D C:\ProgramData\40f3f48f-1fb1-0
2016-03-20 19:04 - 2016-03-20 19:04 - 00000000 ____ D C:\ProgramData\de1781e9-2511-0
2016-03-20 19:04 - 2016-03-20 19:04 - 00000000 ____ D C:\ProgramData\de1781e9-1363-1
2016-03-15 22:10 - 2016-03-15 22:10 - 00000000 ____ D C:\ProgramData\40f3f48f-6621-0
2016-03-15 22:05 - 2016-03-15 22:05 - 00000000 ____ D C:\ProgramData\40f3f48f-0211-0
2016-03-15 22:04 - 2016-03-15 22:04 - 00000000 ____ D C:\ProgramData\f9b72e70
2016-03-15 22:04 - 2016-03-15 22:04 - 00000000 ____ D C:\ProgramData{3645c64b-212c-1}
2016-03-15 22:04 - 2016-03-15 22:04 - 00000000 ____ D C:\ProgramData{18e6474a-012c-1}
2016-03-15 22:04 - 2016-03-15 22:04 - 00000000 ____ D C:\ProgramData{1652b287-612c-0}
2016-03-15 22:04 - 2016-03-15 22:04 - 00000000 ____ D C:\ProgramData{03cade4f-512c-0}
2015-03-06 21:51 - 2015-05-25 16:09 - 0000020 _____ () C:\Users\Mariusz\AppData\Roaming\appdataFr3.bin
2014-09-20 21:48 - 2014-09-20 21:49 - 0000318 _____ () C:\Users\Mariusz\AppData\Roaming\aps.uninstall.scan.results
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Mariusz\AppData\Roaming\WPOLXBFS
Task: {01C58FA9-A36D-45EF-B8F0-18676C1F4E5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - Brak pliku ==== UWAGA
Task: {0C6BBC77-6CA6-4F06-B3EA-713F4D33BA9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess - Brak pliku ==== UWAGA
Task: {1C7EF20C-526D-45B5-98EB-860B06C93B08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig - Brak pliku ==== UWAGA
Task: {1D14033E-A3AC-403C-A458-EACE17C62CA0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d - Brak pliku ==== UWAGA
Task: {5FBDEE6D-EEB6-4CC0-97C9-29D1A5182F35} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - Brak pliku ==== UWAGA
Task: {61480D7D-DE7C-4203-8312-89AF90225D4A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d - Brak pliku ==== UWAGA
Task: {84FF8F75-E066-4CA9-B8C2-1EFE560FA977} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d - Brak pliku ==== UWAGA
Task: {85E9465D-DD65-4A78-A5CE-932E6762EDCA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d - Brak pliku ==== UWAGA
Task: {B7504B6A-8184-4F45-AE8D-6936C1A5B621} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - Brak pliku ==== UWAGA
Task: {C53E3741-7C16-40D4-B4A0-444742744B22} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - Brak pliku ==== UWAGA
Task: {C89F43C7-CC8F-4473-B013-EDDC463F0B46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent - Brak pliku ==== UWAGA
Task: {D218DAB8-5A2D-465C-9E98-483183EE5F2A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d - Brak pliku ==== UWAGA
Task: {F49DB9C8-29BB-4D8F-8ABB-69C9F886A915} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d - Brak pliku ==== UWAGA
ShortcutWithArgument: C:\Users\Mariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - hxxp://isearch.omiga-plus.com/?type=scts=1423517353from=ilduid=WDCXWD5000LPVT-60G33T0_WD-WXF1C527272672726
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Skasuj folder C:\FRST i C:\AdwCleaner