Witam,
Bardzo proszę o pomoc w usunięciu Deal Keeper.
Raporty:
FRST: http://wklej.org/id/1667048/
Addition: http://wklej.org/id/1667052/
Z góry bardzo dziękuję za pomoc:)
Odinstaluj McAfee Security Scan Plus,uTorrentControl2 Toolbar.Otwórz notatnik systemowy i wklej:
Task: C:\Windows\Tasks\Norton Security Scan for Rafał.job = C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9650720 2009-12-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2591360249-3144961933-3153636399-1001\...\Run: [Ahfeqa] = C:\Users\Rafał\AppData\Roaming\Citya\faof.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-2591360249-3144961933-3153636399-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={AF7EBC6A-EF2E-40D3-A665-AE864BF28AFB}mid=9a7ffa795a6847d0977c9128c0239702-c7378aa04ed390f11a8112289789794b53f8641alang=plds=AVGcoid=avgtbavgcmpid=0215pipr=frd=2015-03-18 11:34:02v=4.1.0.411pid=wtusg=sap=hp
URLSearchHook: [S-1-5-21-2591360249-3144961933-3153636399-1001] ATTENTION == Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF SearchPlugin: C:\Users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\e6yojgwo.default\searchplugins\aol-search.xml [2012-11-13]
FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\e6yojgwo.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-02-12]
FF HKU\S-1-5-21-2591360249-3144961933-3153636399-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR DefaultSearchKeyword: Default - dsrlte.com
CHR DefaultNewTabURL: Default - http://rts.dsrlte.com?affID=pr_6f55d236-b8be-40be-8454-601f49e5b349
CHR Extension: (Deal Keeper) - C:\Users\Rafał\AppData\Local\Google\Chrome\User Data\Default\Extensions\eencbeelgfacnhekfiklkobllfleohce [2014-09-17]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MaintainerSvc2.02.5636706; "C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe" [X]
S2 MaintainerSvc2.35.7151888; "C:\ProgramData\46a7822e-e081-4280-9f6b-e4649130bea1\maintainer.exe" [X]
U3 agzz6u8z; C:\Windows\System32\Drivers\agzz6u8z.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
S1 aswKbd; \\C:\Windows\system32\drivers\aswKbd.sys [X]
2015-03-19 17:46 - 2015-03-19 17:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rafał\Downloads\SpyHunter-Installer.exe
2015-03-19 17:46 - 2015-03-19 17:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rafał\Downloads\SpyHunter-Installer (1).exe
2015-03-20 12:26 - 2015-02-16 14:01 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Bardzo dziękuję za pomoc :-) Czy jeszcze coś mam zrobić?
Skasuj folder C:\FRST