Witam, proszę o sprawdzenie logów, niby sam częsciowo usunąłem, ale po jakimś czasie ponownie mi się instaluje zwłaszcza ten key-find w przeglądarce firefoxa
http://www.wklej.org/id/1635144/
http://www.wklej.org/id/1635143/
Witam, proszę o sprawdzenie logów, niby sam częsciowo usunąłem, ale po jakimś czasie ponownie mi się instaluje zwłaszcza ten key-find w przeglądarce firefoxa
http://www.wklej.org/id/1635144/
http://www.wklej.org/id/1635143/
W panelu sterowania odinstaluj:
Ad-Aware Antivirus
Ad-Aware Web Companion
AdAwareInstaller
AdAwareUpdater
AntimalwareEngine
LavasoftTcpService
Spybot - Search & Destroy
Web Companion
Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Odinstaluj Ad-Aware Antivirus,Spybot - Search & Destroy.Otwórz notatnik systemowy i wklej:
Task: {0C816A86-51AD-4D60-B2ED-EBF4E516DD9B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDImmunize.exe
Task: {40BC8A8B-8D2D-442A-B93B-2C86D71EE826} - System32\Tasks\{0303F58A-8AB3-4409-A861-9D70D49D6A1B} = pcalua.exe -a C:\Users\Tomek1\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
Task: {66392614-C15A-4343-ADF4-F78533C9A8B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDUpdate.exe
Task: {B7EA4568-6A76-4D6A-BA77-521F2D8DA900} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-13] (Enigma Software Group USA, LLC.)
Task: {F3210615-E5FA-4D54-9C2F-52030235A723} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDScan.exe
HKLM\...\Run: [] = [X]
HKLM\...\Run: [AdAwareTray] = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\...\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmnid=webcompaent=ch_WCYID10088_installki_150213q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsppts=1423163723from=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmnid=webcompaent=ch_WCYID10088_installki_150213q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273705213-3005526632-4121142838-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000LM024XHN-M101MBB_S314JB0F873820873820ts=1423163748type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF SearchPlugin: C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\searchplugins\key-find.xml
FF SearchPlugin: C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\searchplugins\securesearch.xml
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Tomek1\AppData\Roaming\Mozilla\Firefox\Profiles\rkv4c3m7.default\extensions\faststartff@gmail.com
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-13] (Enigma Software Group USA, LLC.)
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 ____ D () C:\Users\Tomek1\AppData\Roaming\Enigma Software Group
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 ____ D () C:\sh4ldr
2015-02-13 22:38 - 2015-02-13 22:38 - 00000000 _____ () C:\autoexec.bat
2015-02-13 22:37 - 2015-02-13 22:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer (2).exe
2015-02-13 22:37 - 2015-02-13 22:37 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-02-13 22:37 - 2015-02-13 22:37 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-02-13 22:36 - 2015-02-13 22:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer (1).exe
2015-02-13 22:34 - 2015-02-13 22:34 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomek1\Downloads\SpyHunter-Installer.exe
2015-02-11 20:23 - 2015-02-11 20:23 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{0303F58A-8AB3-4409-A861-9D70D49D6A1B}
2015-02-05 20:16 - 2015-02-05 20:16 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-05 20:15 - 2015-02-13 22:22 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-02-05 20:15 - 2015-02-05 20:16 - 00000000 ____ D () C:\Program Files (x86)\XTab
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Dzięki, wszystko teraz działa dużo szybciej, mam nadzieję że już sie nic takiego natretnego mi nie pojawi, poniżej wklejam jeszcze loga do sprawdzenia po wszystkim
Otwórz notatnik systemowy i wklej:
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2273705213-3005526632-4121142838-1001\...\Run: [ALLUpdate] = C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24]
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
2015-02-14 13:02 - 2015-02-14 13:06 - 00000000 ____ D () C:\AdwCleaner
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.