Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus - Safe Finder nie mogę usunąć

Wiktor222 11 Gru 2015 20:06 1143 1
  • #1 11 Gru 2015 20:06
    Wiktor222
    Poziom 1  

    Witam
    Złapałem jakieś Safe Finder - straszne badziewie i nijak nie mogę tego usunąć.
    Dodaje wpisy z FRST
    Już nie wiem co mam zrobić, żeby się tego pozbyć. Z góry dziękuję za pomoc.

    0 1
  • #2 11 Gru 2015 21:14
    Kolobos
    Spec od komputerów

    Odinstaluj: SystemStrengthener

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {12E6D5C0-8A59-44D7-92ED-4EC6D17C105E} - System32\Tasks\{40DE49AE-B93C-4129-94B3-192FDDB05BF2} => pcalua.exe -a "D:\MINECRAFT\MODY 1.7.2\forge-1.7.2-10.12.0.1024-installer-win.exe" -d "D:\MINECRAFT\MODY 1.7.2"
    Task: {1E93D139-2568-4A4F-8135-2B5F1579B4F6} - System32\Tasks\{6B43703E-CDB3-492A-A0E0-2F503A66B81D} => pcalua.exe -a c:\users\ja\appdata\local\lollipop\lollipop.bat
    Task: {40617C40-8A90-4B35-86D5-03A2031FCE2F} - System32\Tasks\{D12DE71A-1407-42FB-AD44-E2DED52030E4} => pcalua.exe -a F:\Autorun.exe -d F:\
    Task: {6118876A-0335-46DE-A7FD-9C446DD462C3} - System32\Tasks\{E812FBBC-E492-4487-9A25-4DE41AAA19BC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Trestex\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Trestex\uninstall.dat" -a uninstallme BFB74AB1-33F1-4123-9FC1-649AD463FD18 DeviceId=fa19b2ff-b8bc-d41d-63a2-1dc8243679ee BarcodeId=50036003 ChannelId=3 DistributerName=APSFCovus
    Task: {6DFAEEF5-FEDD-454B-912B-40AFF4F11C05} - System32\Tasks\{A8141B9A-D39C-43DB-8101-EDFAC4007B1A} => pcalua.exe -a F:\setup.exe -d F:\
    Task: {C3919054-9F99-4F77-93F2-35E4C52751C7} - System32\Tasks\{CF6FDA4C-D657-4A1C-8EA8-5725E8981104} => pcalua.exe -a D:\Biny\Minecraft\MinecraftZyczu.exe -d D:\Biny\Minecraft
    Task: {D18BBAF5-540C-4DC3-8844-11D3B41E4C5C} - System32\Tasks\temp_video-high-enabler => C:\Program Files (x86)\video-high\video-high-enabler.exe
    Task: {E789F8A1-0990-473B-99ED-E61C1F49C2FB} - System32\Tasks\PremiumBooster-S-3776119002 => c:\programdata\trusted publisher\augmenter\PremiumBooster.exe <==== UWAGA
    Task: C:\Windows\Tasks\PremiumBooster-S-3776119002.job => c:\programdata\trusted publisher\augmenter\PremiumBooster.exeO/schedule /profile c:\programdata\trusted publisher\augmenter\3776119002.ini <==== UWAGA
    Task: C:\Windows\Tasks\temp_video-high-enabler.job => C:\Program Files (x86)\video-high\video-high-enabler.exeɎ/enablebho /agentregpath='video-high' /appid=52922 /srcid='001199' /subid='0' /zdata='0/' /bic=196A6014DA6C43ECA5CAF56B1D3592E4IE /verifier=9cb4523d1deb41092e244b60bf77c581 /installerversion=1_34_3_6 /installationtime=1394272050 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110511291122 /defbro=ch /useiepol /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /runfrom='installer' /externallog C:\Users\ja\AppData\Local\Temp\video-highInstaller_1394272050.log <==== UWAGA
    AlternateDataStreams: C:\ProgramData\TEMP:054B9966
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    () C:\Program Files (x86)\AFLICS\AfterFLICS.exe
    () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
    () C:\ProgramData\Greentanlex\Greentanlex.exe
    () C:\ProgramData\Greentanlex\Greentanlex.exe




    HKLM-x32\...\Run: [fst_pl_68] => [X]
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\...\MountPoints2: {b6a2fd89-1de8-11e3-9129-60a44ca95c34} - "G:\WD SmartWare.exe" autoplay=true
    AppInit_DLLs: C:\ProgramData\Greentanlex\Itron.dll => C:\ProgramData\Greentanlex\Itron.dll [518656 2015-12-11] ()
    AppInit_DLLs-x32: C:\ProgramData\Greentanlex\Physquadfax.dll => C:\ProgramData\Greentanlex\Physquadfax.dll [320512 2015-12-11] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    HKU\S-1-5-21-1941856960-1806132654-539462686-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1941856960-1806132654-539462686-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1941856960-1806132654-539462686-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...o_I3n-Hnz1sZrAltEz9DacL58-A1HvVIzXKNQ,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Greentanlexs\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Greentanlexs\\ff.HP
    FF SearchPlugin: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\liopitph.default\searchplugins\findit.xml [2015-12-11]
    CHR Extension: (AdBlock) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Google Wallet) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (GameSkip) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhollagcmlahfflcpgpoemjpjfafeo [2015-08-11]
    R2 AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [68610 2015-10-13] () [Brak podpisu cyfrowego]
    R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [406016 2015-12-11] () [Brak podpisu cyfrowego]
    R2 DCPFLICS; C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe [139268 2007-10-24] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 Greentanlex; C:\ProgramData\\Greentanlex\\Greentanlex.exe [401408 2015-12-08] () [Brak podpisu cyfrowego]
    S2 fc67e7a0; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv <==== UWAGA
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-12-11 15:10 - 2015-12-11 15:10 - 00000000 ____D C:\Users\ja\AppData\Roaming\dlg
    2015-12-11 15:07 - 2015-12-11 15:08 - 00000000 ____D C:\ProgramData\Greentanlexs
    2015-12-11 15:07 - 2015-12-11 15:07 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
    2015-12-11 15:06 - 2015-12-11 19:36 - 00000000 ____D C:\ProgramData\Greentanlex
    2015-12-11 15:06 - 2015-12-11 15:06 - 00000000 ____D C:\ProgramData\ApplicationHosting
    2015-12-07 15:53 - 2015-12-07 15:53 - 00000000 ____D C:\Users\ja\AppData\Roaming\Babylon
    2015-12-07 15:53 - 2015-12-07 15:53 - 00000000 ____D C:\Users\ja\AppData\Local\Babylon
    2015-12-07 15:53 - 2015-12-07 15:53 - 00000000 ____D C:\ProgramData\Babylon
    EmptyTemp:

    W FRST wybierz Napraw.

    0