maarccinn
(maarccinn)
#1
Acorus
(Acorus)
#2
Odinstaluj McAfee Security Scan Plus
Hosts:
Task: {44FC56CB-485E-4FC2-A9DA-F06AA8888720} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C96D134E-02EB-4B97-8EBD-32AC9A77A965} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CF7D0429-53CF-44E6-8750-4AC9D095FCF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [stv_fr_17] => [X]
HKLM-x32\...\Run: [fst_fr_283] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search
FF Keyword.URL: https://fr.search.yahoo.com/yhs/search
R2 aTCkbbqkU; C:\ProgramData\KhQTOUuOK\aTCkbbqkU.exe [2321776 2014-11-11] (Acute Angle Solutions Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2014-11-15 21:32 - 2014-11-15 21:32 - 00000000 ____ D () C:\SafeWeb
2014-11-15 11:00 - 2014-11-15 11:06 - 00000000 ____ D () C:\AdwCleaner
2014-11-14 11:07 - 2014-11-14 20:24 - 00000000 ____ D () C:\ProgramData\Spybot - Search & Destroy
2014-11-14 11:07 - 2014-11-14 11:12 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-14 11:07 - 2014-11-14 11:07 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-14 11:07 - 2014-11-14 11:07 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-14 11:07 - 2014-11-14 11:07 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-14 11:07 - 2014-11-14 11:07 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-14 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-14 11:04 - 2014-11-14 11:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\aleks\Desktop\spybot-2.4.exe
2014-11-14 10:50 - 2014-11-16 10:06 - 00000000 ____ D () C:\Users\aleks\AppData\Local\SafeWeb
2014-11-11 11:18 - 2014-11-11 12:44 - 00000000 ____ D () C:\ProgramData\KhQTOUuOK
EmpTytemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.