Pomoc z key-find

Dla specjalistów Bezpieczeństwo
#1

Proszę o pomoc z odinstalowaniem KEY-FIND. Dodam tylko że jestem totalną amatorką. Z góry dziękuje.

Oto logi:

 

FRST:  http://wklej.org/id/1656698/

 

Addition: http://wklej.org/id/1656699/

#2

Odinstaluj ASUS WebStorage.Otwórz notatnik systemowy i wklej:

Task: {29654765-D9E2-4308-A874-2C50BF71A151} - \EPUpdater No Task File ==== ATTENTION
Task: {93F87FEB-9809-48B2-8F91-CFF136D37E0C} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File ==== ATTENTION
Task: {B6DC7C5B-3970-47A8-A8E2-D8482DE4E2E7} - \QtraxPlayer No Task File ==== ATTENTION
Task: {CDE4FEDE-59CC-4C33-9552-D6B9ED657412} - \BonanzaDealsUpdate No Task File ==== ATTENTION
Task: {D30789ED-7C46-42F5-89DD-5AF4D1E02294} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File ==== ATTENTION
Task: {DBE403CF-7D3B-451D-8A53-59571FB14BFA} - \Lyrmix Update No Task File ==== ATTENTION
Task: {F6741C07-2C5A-4674-976D-3F1F77AF124A} - \DSite No Task File ==== ATTENTION
Task: C:\Windows\Tasks\Lyrmix Update.job = C:\Program Files (x86)\Lyrmix\LymxUD.exe ==== ATTENTION
HKLM\...\Run: [ASUS WebStorage] = C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
HKU\S-1-5-21-3464499121-2418218793-3323959958-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
HKU\S-1-5-21-3464499121-2418218793-3323959958-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1425127727from=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687q={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3464499121-2418218793-3323959958-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD6400BPVT-80HXZT1_WD-WX21AB0V9687V9687ts=1425127788type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
BHO-x32: Lyrmix - {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} - C:\Program Files (x86)\Lyrmix\133.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SelectedSearchEngine: key-find
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q1n9uxe8.default-1383477235820\searchplugins\key-find.xml [2015-03-07]
FF Extension: Fast Start - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q1n9uxe8.default-1383477235820\Extensions\istart_ffnt@gmail.com [2015-02-28]
FF Extension: Search Enginer - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q1n9uxe8.default-1383477235820\Extensions\searchengine@gmail.com [2015-02-28]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q1n9uxe8.default-1383477235820\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\q1n9uxe8.default-1383477235820\extensions\istart_ffnt@gmail.com
FF HKU\S-1-5-21-3464499121-2418218793-3323959958-1001\...\Firefox\Extensions: [{dde15e35-c9b3-4c30-b055-730c5f4a45d3}] - C:\Program Files (x86)\Lyrmix\133.xpi
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-11-03]
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2013-04-20]
CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\admin\AppData\Local\BargainWorkbench.crx [2013-09-04]
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\admin\AppData\Local\RealSummerSale.crx [2013-08-04]
CHR HKU\S-1-5-21-3464499121-2418218793-3323959958-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\admin\AppData\Local\BargainWorkbench.crx [2013-09-04]
CHR HKU\S-1-5-21-3464499121-2418218793-3323959958-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\admin\AppData\Local\RealSummerSale.crx [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\admin\AppData\Local\BargainWorkbench.crx [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files (x86)\Lyrmix\133.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\admin\AppData\Local\RealSummerSale.crx [2013-08-04]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
2015-03-05 18:14 - 2015-03-05 18:14 - 00003154 _____ () C:\Windows\System32\Tasks\{AC207F48-6E4B-40CB-A3E2-7BFA8B79ADEA}
2015-02-28 13:39 - 2015-02-28 13:49 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-02-28 13:39 - 2015-02-28 13:39 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dziękuje za pomoc. Nie mam już key-find.

#4

Skasuj folder C:\FRST