Cześć,
proszę o pomoc w usunięciu tego dziadostwa.
Logi:
FRST: http://wklej.to/rPmPj
Addition: http://wklej.to/Dl2Fx
Cześć,
proszę o pomoc w usunięciu tego dziadostwa.
Logi:
FRST: http://wklej.to/rPmPj
Addition: http://wklej.to/Dl2Fx
Odinstaluj McAfee Security Scan Plus,Search App by Ask,Spybot - Search & Destroy,Strong Signal.Otwórz notatnik systemowy i wklej:
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job = C:\WINDOWS\TEMP\{D37E40EE-8E51-4225-A3F1-D0A1ED84AA28}.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\WINDOWS\TEMP\{33B4481F-9797-4229-A97D-93D025EEA607}.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDScan.exe
HKLM\...\Run: [KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [] = [X]
HKLM\...\Run: [SDTray] = C:\Program Files\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1645522239-1123561945-682003330-1003\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1645522239-1123561945-682003330-1003\...\Run: [ALLUpdate] = "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09]
BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll [2011-01-17] (Conduit Ltd.)
Toolbar: HKLM - free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll [2011-01-17] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1645522239-1123561945-682003330-1003 - free-downloads.net Toolbar - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll [2011-01-17] (Conduit Ltd.)
FF Extension: Strong Signal - C:\Documents and Settings\kwiatki\Dane aplikacji\Mozilla\Firefox\Profiles\pc6lehwm.default\Extensions\{ba0a5460-68de-457f-b28e-a05c9f0b3e0e}.xpi [2015-03-21]
FF HKU\S-1-5-21-1645522239-1123561945-682003330-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HomePage: Default - hxxp://www.key-find.com/?type=hpts=1424116386from=coruid=ST3500320AS_5QM2V78XXXXX5QM2V78X
CHR StartupUrls: Default - "hxxp://www.key-find.com/?type=hpts=1424116386from=coruid=ST3500320AS_5QM2V78XXXXX5QM2V78X"
CHR DefaultSearchKeyword: Default - key-find
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
CHR HKU\S-1-5-21-1645522239-1123561945-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\kwiatki\USTAWI~1\DANEAP~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-02]
CHR HKU\S-1-5-21-1645522239-1123561945-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 NeroRegInCDSrv; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [X]
S3 ServiceLayer; "D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe" [X]
R1 pfnfd_1_10_0_9; C:\WINDOWS\System32\drivers\pfnfd_1_10_0_9.sys [52728 2015-02-06] (Phrase Finder)
U4 Spmitsvam; No ImagePath
S3 AR9271; system32\DRIVERS\athuw.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-03-29 14:12 - 2015-03-29 14:25 - 00000000 ____ D () C:\AdwCleaner
2015-03-29 13:41 - 2015-03-29 14:22 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search Destroy).job
2015-03-29 13:41 - 2015-03-29 14:18 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-29 13:41 - 2015-03-29 13:41 - 00001842 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Spybot-SD Start Center.lnk
2015-03-29 13:41 - 2015-03-29 13:41 - 00001836 _____ () C:\Documents and Settings\All Users\Pulpit\Spybot-SD Start Center.lnk
2015-03-29 13:41 - 2015-03-29 13:41 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search Destroy).job
2015-03-29 13:41 - 2015-03-29 13:41 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search Destroy).job
2015-03-29 13:41 - 2015-03-29 13:41 - 00000000 ____ D () C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search Destroy 2
2015-03-29 13:40 - 2015-03-29 13:47 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy
2015-03-29 13:40 - 2015-03-29 13:43 - 00000000 ____ D () C:\Program Files\Spybot - Search Destroy 2
2015-03-29 13:40 - 2015-03-29 13:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\kwiatki\Moje dokumenty\spybot-2.4.exe
2015-03-29 13:40 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-03-29 13:39 - 2015-03-29 13:39 - 00713496 _____ (Software ) C:\Documents and Settings\kwiatki\Pulpit\Spybot-Search-Destroy(12546)-dp.exe
2013-06-27 10:23 - 2014-06-22 22:07 - 0003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
C:\Windows\System32\Drivers\str.sys
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.