Key-find, signal strong i spyhunter 4 sprawdzenie logów

piksle · 14 Luty 2015 10:43

Witam, proszę o sprawdzenie logów, niby sam częsciowo usunąłem, ale po jakimś czasie ponownie mi się instaluje zwłaszcza ten key-find w przeglądarce firefoxa

http://www.wklej.org/id/1635144/

http://www.wklej.org/id/1635143/

Atis · 14 Luty 2015 10:56

W panelu sterowania odinstaluj:

Ad-Aware Antivirus

Ad-Aware Web Companion

AdAwareInstaller

AdAwareUpdater

AntimalwareEngine

LavasoftTcpService

Spybot - Search & Destroy

Web Companion

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Acorus · 14 Luty 2015 10:58

Odinstaluj Ad-Aware Antivirus,Spybot - Search & Destroy.Otwórz notatnik systemowy i wklej:

Task: {0C816A86-51AD-4D60-B2ED-EBF4E516DD9B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDImmunize.exe
Task: {40BC8A8B-8D2D-442A-B93B-2C86D71EE826} - System32\Tasks\{0303F58A-8AB3-4409-A861-9D70D49D6A1B} = pcalua.exe -a C:\Users\Tomek1\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
Task: {66392614-C15A-4343-ADF4-F78533C9A8B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDUpdate.exe
Task: {B7EA4568-6A76-4D6A-BA77-521F2D8DA900} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-13] (Enigma Software Group USA, LLC.)
Task: {F3210615-E5FA-4D54-9C2F-52030235A723} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDScan.exe
HKLM\...\Run: [] = [X]
HKLM\...\Run: [AdAwareTray] = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\...\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmnid=webcompaent=ch_WCYID10088_installki_150213q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsppts=1423163723from=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmnid=webcompaent=ch_WCYID10088_installki_150213q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF SearchPlugin: C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\searchplugins\key-find.xml
FF SearchPlugin: C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\searchplugins\securesearch.xml
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\extensions\faststartff@gmail.com
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-13] (Enigma Software Group USA, LLC.)
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 ____ D () C:\Users\Tomek1\AppData\Roaming\Enigma Software Group
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 ____ D () C:\sh4ldr
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 _____ () C:\autoexec.bat
2015-02-13 22:37 - 2015-02-13 22:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer (2).exe
2015-02-13 22:37 - 2015-02-13 22:37 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-02-13 22:37 - 2015-02-13 22:37 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-02-13 22:36 - 2015-02-13 22:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer (1).exe
2015-02-13 22:34 - 2015-02-13 22:34 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer.exe
2015-02-11 20:23 - 2015-02-11 20:23 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{0303F58A-8AB3-4409-A861-9D70D49D6A1B}
2015-02-05 20:16 - 2015-02-05 20:16 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-05 20:15 - 2015-02-13 22:22 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-02-05 20:15 - 2015-02-05 20:16 - 00000000 ____ D () C:\Program Files (x86)\XTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

piksle · 14 Luty 2015 12:22

Dzięki, wszystko teraz działa dużo szybciej, mam nadzieję że już sie nic takiego natretnego mi nie pojawi, poniżej wklejam jeszcze loga do sprawdzenia po wszystkim

http://www.wklej.org/id/1635220/

Acorus · 14 Luty 2015 12:35

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\...\Run: [ALLUpdate] = C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24]
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
2015-02-14 13:02 - 2015-02-14 13:06 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.