Odinstaluj McAfee WebAdvisor
Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [790]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [790]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [790]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [790]
AlternateDataStreams: C:\Users\Dan\Application Data:NT [40]
AlternateDataStreams: C:\Users\Dan\Application Data:NT2 [790]
AlternateDataStreams: C:\Users\Dan\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Dan\AppData\Roaming:NT2 [790]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2871605574-3145998984-2653563390-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2871605574-3145998984-2653563390-1001\...\Run: [Dan] => cmd.exe /c start www.exinariuminix.info
Task: {755E9CC3-55B3-4871-96E7-E6CD967A7273} - System32\Tasks\Opera GX scheduled Autoupdate 1573658631 => C:\Users\Dan\AppData\Local\Programs\Opera GX\launcher.exe [1459224 2020-05-20] (Opera Software AS -> Opera Software)
Task: {7743E0E1-4D83-4D2B-B65E-25E36B536BA6} - no filepath
Task: {7820449E-BCCF-4E31-9728-F2F7BE607ACA} - no filepath
Task: {7A2D7E8D-895C-41DD-A18A-412604E55D6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {898030F8-DA23-4FD4-8546-EDA77BF4932D} - no filepath
Task: {DD39147A-DC4E-422F-ABBC-ACB406980A6C} - System32\Tasks\Dan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Dan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {EC8FCCD1-D10A-49E2-BC77-40C524E7E229} - no filepath
Task: {F70888AA-0CAB-4909-995C-DCEB9FE068CC} - no filepath
C:\Program Files\McAfee\
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-05-22] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [939544 2020-05-22] (McAfee, LLC -> McAfee, LLC)
2020-05-22 15:15 - 2020-05-22 15:17 - 000000000 ___DC C:\AdwCleaner
