Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 10 - Wyskakujące co minute okno ipconfig

MrFace 12 Gru 2016 19:41 573 5
  • #1 12 Gru 2016 19:41
    MrFace
    Poziom 4  

    Mam ten sam problem tylko ze na windows 7

    Moderowany przez RADU23:

    Wydzieliłem jako nowy temat.
    Nie podpinaj się pod cudze wątki. Powoduje to bałagan na forum.

    0 5
  • CControls
  • CControls
  • #4 13 Gru 2016 23:13
    Kolobos
    Spec od komputerów

    Ale smietnik, na przyszlosc uwazaj co sciagasz i instalujesz. Niektore infekcje masz juz od lat, nie przeszkadzalo Ci to wczesniej?

    Odinstaluj:
    Audio Converter Packages
    FilesFrog Update Checker
    Qtrax Player
    Setup

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {046E727B-6E88-4F33-ADF6-EFD7E86EF1E7} - System32\Tasks\{54449349-7ADC-48C2-A232-18F05DF6469E} => C:\Users\Home\Desktop\Xpadder.exe
    Task: {0AC43D90-C98A-4F88-8424-157A488ADC05} - System32\Tasks\Opera scheduled Autoupdate 1464795234 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
    Task: {1ED10875-E949-476D-B690-40CFE1D916DD} - System32\Tasks\{4E346133-10AF-445D-8892-2C2C389CE77E} => C:\Users\Home\Desktop\Xpadder.exe
    Task: {20965E14-5C0A-43D3-BDE9-B2DA54616494} - System32\Tasks\{E4F3CDA4-BC3F-45F0-BB7C-D3D4E5560900} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {2637AD84-0C6B-4570-8AC8-904760037044} - System32\Tasks\Media Software Viewer => C:\Program Files (x86)\Media Software\MediaSoftware.exe <==== UWAGA
    Task: {280EAEC8-9CA3-44E0-8DA6-71B93C9417D2} - System32\Tasks\{993AF50B-233B-4F2C-A575-C69F627F404C} => C:\Users\Home\Desktop\Xpadder.exe
    C:\Users\Home\AppData\Roaming\Smlupd\
    Task: {2D4C591A-1D94-468F-A519-F793FC4F8808} - System32\Tasks\{5CE60A05-AE01-46A4-AC3F-7E63F26D7929} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {3BF4887B-B3DA-4C7D-98E2-1164E099B0ED} - System32\Tasks\{FED96A78-6EB9-4E9F-A448-4F88A2ABA21B} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)
    Task: {3F9BDAE5-B0DD-4803-A8E1-42D1740A3455} - System32\Tasks\{AC4E57EF-31A5-41B1-91BA-D76E79CD031B} => C:\Users\Home\Desktop\My Shared Folder\bbbnbn\Xpadder.exe
    Task: {4768083B-D219-4A67-8E6A-EDD674CF7381} - System32\Tasks\MyBrowser => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe <==== UWAGA
    Task: {4E4F9495-7A50-400A-A448-F77A256242DE} - System32\Tasks\{2DE902BB-1845-498E-852A-3E67E7F4667C} => C:\Program Files (x86)\Origin\Origin.exe [2016-08-16] (Electronic Arts)
    Task: {5C909AA1-32A8-4D42-97C4-5816C99FC516} - System32\Tasks\{8F39CAED-8FC8-425E-A19F-5DBB534EEE9B} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)
    Task: {61BE6640-B420-4272-8A66-72078673480A} - System32\Tasks\{561BDC4E-8015-4980-9793-902E0D559AC5} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {643F809C-095C-4A0C-8131-4E00A5A5C55B} - System32\Tasks\{D57C9055-EEB9-4C9A-965C-300196C3D754} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)




    Task: {651F14DF-CB72-4D6D-BB58-7735F9AFD84C} - System32\Tasks\{391817DE-9989-40F1-8ACB-F21A1B83999B} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {6A31F0E9-6F6A-4CD4-99D5-86EB89B924EA} - System32\Tasks\{11367F3C-0781-4425-98D0-A3F57A58C105} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)
    Task: {6BE510C2-A1F4-45B1-9E38-235471FAE4F6} - System32\Tasks\{D8918BB5-BB21-4C41-B908-4637D14D035A} => pcalua.exe -a C:\Users\Home\Desktop\Mythruna-20120627.exe -d C:\Users\Home\Desktop
    Task: {6E185135-D622-4F53-89CC-91E6474430DE} - System32\Tasks\{040F31DA-554A-4A6F-A5B4-36AF8754B743} => C:\Users\Home\Desktop\Xpadder.exe
    Task: {6F437653-8843-4E6B-89F6-F261C3B85072} - System32\Tasks\Opera scheduled Autoupdate 1421506099 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
    Task: {78EFE2E8-02DB-40BE-B8EC-64FB2CCDBB77} - System32\Tasks\{22DB7140-1C29-47A9-A94B-96AA81662B8F} => C:\Program Files (x86)\Origin\Origin.exe [2016-08-16] (Electronic Arts)
    Task: {79F8D273-FDE1-4AA6-B00C-6FA66F1438DD} - System32\Tasks\{8C2B0CFF-2F18-41C0-8234-C1AB0C34B60A} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)
    Task: {7E0391D6-6FA2-4642-9D33-1384645B5520} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {8349E3CD-5AFD-4640-A363-E490648F6B8A} - System32\Tasks\{34F34E28-03D5-451B-A691-70E93DE7FC1B} => C:\Ubisoft\Ghost Recon Phantoms\PDC-Live\GhostReconPhantoms.exe [2015-09-22] ()
    Task: {9611B6B6-3E00-4983-9716-9F3A26CF097E} - System32\Tasks\{790EECE7-31F9-4493-B5FC-99EECC3CBA3C} => C:\Users\Home\Desktop\My Shared Folder\bbbnbn\Xpadder.exe
    Task: {996CAE50-B4CE-4ED3-BE6C-7BCBB781F83A} - System32\Tasks\Smlupd => C:\Users\Home\AppData\Roaming\Smlupd\smlupd.exe [2015-02-05] (HFT Player) <==== UWAGA
    Task: {9BEAF697-B752-4B35-9FCF-B71098E33D30} - System32\Tasks\{7B1C2B90-542F-4606-A0C5-4318FB4BC64F} => pcalua.exe -a F:\SETUP.EXE -d F:\
    Task: {AB1AB5AD-528C-43B9-BF1A-7A54F91DBA98} - System32\Tasks\{AE287BFD-EF8F-4CD5-B3BA-48C4703D7A3C} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\unins000.exe [2013-02-02] ()
    Task: {B69268D7-936A-4715-A4A4-21E19D86A913} - System32\Tasks\{2B526926-E905-4F8B-B233-19C635DA1F04} => C:\Program Files (x86)\Origin\Origin.exe [2016-08-16] (Electronic Arts)
    Task: {B8B4596D-EE33-40C5-8740-888F238750D7} - System32\Tasks\{58614C61-776C-4BBC-93CD-AE1FA6A42AFB} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {BECD6971-F60B-40E5-A75D-9BBC43A6E483} - System32\Tasks\QtraxPlayer => 2627599626.portal.qtrax.com
    Task: {C1308E7A-32D2-49C7-BD32-52CA73B18F52} - System32\Tasks\{5AFA9502-C441-41A6-A7C8-47992B1CA5BC} => C:\Ubisoft\Ghost Recon Phantoms\PDC-Live\GhostReconPhantoms.exe [2015-09-22] ()
    Task: {C1B54616-4551-438B-BE76-68FAB40AD38E} - System32\Tasks\{AD2B778C-D9D3-4804-BA0C-162D1C8D38BB} => pcalua.exe -a C:\Users\Home\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cornl
    Task: {C4686B0F-AA5A-4F91-84C6-E6580F2DFE96} - System32\Tasks\{4E1F7052-BA67-45FC-9772-5263AA034DD3} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {D3750ECF-AB79-419E-A53D-335773390644} - System32\Tasks\Opera scheduled Autoupdate 1434176215 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
    Task: {D9EEF0AA-FE7D-403A-983A-E324F2288B9F} - System32\Tasks\Opera scheduled Autoupdate 1447791932 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
    Task: {DD1C14AF-DAE2-4AAA-B00A-B4D7AF6B5228} - System32\Tasks\EPUpdater => C:\Users\Home\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== UWAGA
    Task: {E06BC707-1D20-4581-AA59-374F61C7F0F8} - System32\Tasks\{401D56EA-759C-4B3B-A9CC-CE9FDCF80303} => pcalua.exe -a "C:\Users\Home\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
    Task: {E2CD80A5-9F39-4BE6-B905-90F158A0B21B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3A27608D-DC2A-4EAC-8E94-DDB7D5F59CAC}.exe <==== UWAGA
    Task: {EDF6419C-00F7-486C-935D-A36EBDCB621C} - System32\Tasks\Malware Cleaner => C:\Users\Home\AppData\Roaming\12B8.tmp.exe <==== UWAGA
    Task: {EF708DAE-0700-40BB-AFB9-2BFF46E4E118} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\5C9036529903B6D481F5ED45C9447BCF\Update\BrowserUpdate.exe <==== UWAGA
    Task: {F1DD322A-89E1-42BC-B686-2E48EF16FDD2} - System32\Tasks\{43F7AFA2-A8C0-46FF-9816-C0C92C4632F4} => C:\Program Files (x86)\Kalypso Media\Airline Tycoon 2\AirlineTycoon2.exe [2011-12-22] (b-alive)
    Task: {F6541943-9E71-4F73-BB86-9E025FDC3A8D} - System32\Tasks\{0B266C84-8610-476E-8713-27F637A27505} => pcalua.exe -a C:\Users\Home\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: {F7AAA090-0951-400D-A9B8-E4C4A6C58839} - System32\Tasks\{CF6109E2-DFBC-4434-8B74-5F221363473C} => pcalua.exe -a C:\Users\Home\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {FF171CB9-1593-4D9F-86D4-1B7C532EC580} - System32\Tasks\{A3A5F1D5-C517-412D-A619-1CC0808AB07D} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2014-03-10] (Mirillis Ltd.)
    Task: {FF3C2642-A89F-4637-AEDB-01CD1144A221} - System32\Tasks\{025349F3-AEC6-4809-A59F-B5EFD9FBF3E0} => pcalua.exe -a C:\Users\Home\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3A27608D-DC2A-4EAC-8E94-DDB7D5F59CAC}.exe <==== UWAGA
    Task: C:\Windows\Tasks\MyBrowser.job => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1468583661
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1447338921
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire\GoodGameEmpire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1447338921
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1447338921
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1468583661
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1468583661
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1468583661
    ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Osoba 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.123rede.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1445878507
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.istartsurf.com/?type=sc&ts=144...uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U341712817128
    2015-12-17 08:25 - 2015-12-16 10:21 - 04845408 _____ () C:\Users\Home\AppData\Roaming\WinNetSvc\WinNetSvc.exe
    2016-03-17 10:40 - 2016-07-07 13:06 - 05098760 _____ () C:\Users\Home\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
    2015-12-17 08:25 - 2015-11-28 10:45 - 00083456 _____ () C:\Users\Home\AppData\Roaming\WinNetSvc\Interface.dll
    2016-03-17 10:40 - 2015-11-28 10:45 - 00083456 _____ () C:\Users\Home\AppData\Roaming\WMPNetworkAcSvc\Interface.dll
    Hosts:
    () C:\Users\Home\AppData\Roaming\WinNetSvc\WinNetSvc.exe
    () C:\Users\Home\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
    HKLM\...\Run: [hshhsaaaws] => [X]
    HKLM-x32\...\Run: [tuto4pc_pl_6] => [X]
    HKLM-x32\...\Run: [Tutorials] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010126] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010129] => [X]
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\...\MountPoints2: {03fa927c-87f1-11e6-811a-5404a6ce053c} - G:\autorun.exe
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\...\MountPoints2: {5ac4587c-6607-11e6-b1cb-5404a6ce053c} - G:\autorun.exe
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\...\MountPoints2: {5ac45880-6607-11e6-b1cb-5404a6ce053c} - G:\autorun.exe
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\...\MountPoints2: {5ac45884-6607-11e6-b1cb-5404a6ce053c} - H:\autorun.exe
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\...\MountPoints2: {a82e191c-3450-11e6-a865-5404a6ce053c} - G:\autorun.exe
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyEnable: [S-1-5-21-3548413511-3092257766-1065704430-1000] => Proxy [funkcja włączona]
    ProxyServer: [S-1-5-21-3548413511-3092257766-1065704430-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=WD-WMC1U3417128_WDCWD10EZRX-00A8LB0&tm=1445878507
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&am...XWD10EZRX-00A8LB0_WD-WMC1U341712817128&q={searchTerms}
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0C0EtDyDtA0C0DyEtC0BtN0D0Tzu0CtBzzyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1685357574
    SearchScopes: HKLM-x32 -> {06F958DC-C730-76E2-4F43-1BC0AFDA7890} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={F1CC6945-39CA-461A-B1D9-9C0888ED8A4E}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={F1CC6945-39CA-461A-B1D9-9C0888ED8A4E}
    SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {06F958DC-C730-76E2-4F43-1BC0AFDA7890} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {4EFAC7D6-7AE0-47F5-AA23-3B4DBF36E9EB} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {617EA70B-08C2-4FA3-B0C2-4389120CBDB2} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {67E95ABD-103B-40C8-879B-B6DD8CF02DB1} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {BEF582B2-D325-4259-944C-091E748538D0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> {szukaj.gazeta.pl} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...128&ts=1437652828&type=default&q={searchTerms}
    BHO: Brak nazwy -> {00e71626-0bef-11dc-8314-0864264c9a64} -> Brak pliku
    BHO-x32: Brak nazwy -> {00e71626-0bef-11dc-8314-0800200c9a66} -> Brak pliku
    BHO-x32: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku
    BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - Brak pliku
    Toolbar: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> Brak nazwy - {EEE6C35B-6118-11DC-9C72-001320C79847} - Brak pliku
    Toolbar: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Toolbar: HKU\S-1-5-21-3548413511-3092257766-1065704430-1000 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku
    FF Extension: (Firefox Helper) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\7e20c16203a445b25792fd9946fecb99 [2015-03-27] [Brak podpisu cyfrowego]
    FF Extension: (Firefox Helper Tool) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8b2cce7012b456a44286ea914ff6c499 [2015-04-01] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => nie znaleziono
    CHR StartupUrls: Default -> "hxxps://www.google.pl/","hxxp://www.sweet-page.com/?type=hp&ts=1446876423&z=ccb222089fd1e0f895eb9d9g2z8zfq4b1mdqfc1c9z&from=cornl&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U341712817128"
    CHR Extension: (SavePages) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcamfllailmlhibpelbdcpehpegbbjk [2016-10-29]
    CHR Extension: (Easy Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-01-27]
    CHR Extension: (Build with Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-01-21]
    CHR Extension: (Easy Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-02-10]
    CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <nie znaleziono>
    CHR HKU\S-1-5-21-3548413511-3092257766-1065704430-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    S4 NetTcpHandler; C:\Users\Home\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
    R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [171440 2016-06-08] (skype.cog.cc)
    R2 WinNetSvc; C:\Users\Home\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
    R2 WMPNetworkAcSvc; C:\Users\Home\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-07] ()
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S1 wwfd_vt_1_10_0_24; system32\drivers\wwfd_vt_1_10_0_24.sys [X]
    S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
    2016-12-13 20:29 - 2015-10-28 14:29 - 00001046 _____ C:\Windows\Tasks\MyBrowser.job
    2016-12-13 17:20 - 2016-03-17 10:40 - 00000000 ____D C:\Users\Home\AppData\Roaming\WMPNetworkAcSvc
    2016-12-13 17:15 - 2016-05-27 17:22 - 00000000 ____D C:\ProgramData\Windows Security
    2016-12-13 17:14 - 2013-06-03 13:41 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2016-12-06 20:11 - 2015-12-17 08:25 - 00000000 ____D C:\Users\Home\AppData\Roaming\WinNetSvc
    2016-06-07 19:00 - 2016-06-07 19:00 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
    2015-03-27 17:12 - 2015-03-27 17:12 - 0000000 _____ () C:\Users\Home\AppData\Roaming\12B8.tmp
    2015-10-26 17:56 - 2015-11-07 07:07 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.
    Czy w Chrome synchronizujesz ustawienia z konta google?


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #6 15 Gru 2016 20:08
    Kolobos
    Spec od komputerów

    > Czy w Chrome synchronizujesz ustawienia z konta google?

    Nie odpowiedziales. Jezeli nie to nie musisz juz odpowiadac.

    Nowy Fixlist.txt dla FRST:
    CHR Extension: (Brak nazwy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgjjnmgaajmdknhoopnddmjgfgcgaeg [2016-02-10]
    2016-12-15 18:26 - 2016-12-15 18:35 - 00000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST.

    Utworz punkt przywracania systemu lub lepiej obraz calego dysku na innym nosniku zanim ponownie zaczniesz infekowac system.

    To wszystko.

    1