Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe Finder - zainfekowany system

McRancor 28 Gru 2015 14:32 624 3
  • #1 28 Gru 2015 14:32
    McRancor
    VIP Zasłużony dla elektroda

    Hej!

    Dopadło niestety tym razem jeden z komputerów którymi się opiekuję :(

    Niewiele da się zrobić na maszynie, safefinder w przeglądarkach i komputer muli. Firefox nie jest w stanie wyświetlić zawartości okien elektrody...

    Proszę o pomoc!

    0 3
  • Pomocny post
    #2 28 Gru 2015 14:49
    Kolobos
    Spec od komputerów

    Odinstaluj:
    SafeFinder (o ile sie uda)
    WordFly 1.10.0.28

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {1CFD8F72-9107-4E51-9F0B-0E2DBA70993F} - System32\Tasks\{A73197AC-B02D-4A41-B4B2-2B4064B47171} => pcalua.exe -a "C:\Users\Pyszczek\Downloads\CDM v2.12.00 WHQL Certified.exe" -d C:\Users\Pyszczek\Downloads
    Task: {4E515AA2-FDDB-4303-9C91-32A3B7449DB3} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
    Task: {69E80814-B84F-4125-ACAF-3DF2B65A9EC8} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
    Task: {ADB21A34-52FE-4C84-8968-C8F01439354C} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\Pyszczek\Desktop\Małgorzata Sydor - wniosek_urlop_skan.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Pyszczek\Desktop\Małgorzata Sydor - wniosek_urlop_skan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    (WF) C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\...\MountPoints2: {d17964b2-1fc4-11e5-be96-001a6bbf46a2} - "F:\SISetup.exe"
    AppInit_DLLs: C:\ProgramData\Lightzap\Zencom.dll => C:\ProgramData\Lightzap\Zencom.dll [805376 2015-12-28] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Santrax.dll => C:\ProgramData\Lightzap\Santrax.dll [257536 2015-12-28] ()
    GroupPolicyScripts: Restriction <======= ATTENTION
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...z1r1QvM1kvWqawgkn9HU68RH6XZBmNWNhLP8U8U8bqg,,,,




    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2973635610-2144002305-1849690543-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2973635610-2144002305-1849690543-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Lightzaps\\ff.NT
    FF DefaultSearchEngine: findit
    FF SearchPlugin: C:\Users\Pyszczek\AppData\Roaming\Mozilla\Firefox\Profiles\45hv20ak.default\searchplugins\findit.xml [2015-12-28]
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [406016 2015-12-12] () [File not signed]
    R2 wfsrvc_1.10.0.28; C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe [301632 2015-10-30] (WF)
    2015-12-12 17:05 - 2015-12-28 13:50 - 00000000 ____D C:\ProgramData\Lightzap
    2015-12-12 17:05 - 2015-12-28 13:49 - 00002377 _____ C:\WINDOWS\SysWOW64\findit.xml
    2015-12-12 17:05 - 2015-12-12 17:05 - 00004162 _____ C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update
    2015-12-12 17:05 - 2015-12-12 17:05 - 00004150 _____ C:\WINDOWS\System32\Tasks\WordFly Auto Updater 1.10.0.28 Core
    2015-12-12 17:05 - 2015-12-12 17:05 - 00000000 ____D C:\ProgramData\Lightzaps
    2015-12-12 17:05 - 2015-12-12 17:05 - 00000000 ____D C:\Program Files (x86)\WordFly_1.10.0.28
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • Pomocny post
    #3 28 Gru 2015 14:49
    Acorus 20
    Spec od komputerów

    Odinstaluj WordFly 1.10.0.28. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {4E515AA2-FDDB-4303-9C91-32A3B7449DB3} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
    Task: {69E80814-B84F-4125-ACAF-3DF2B65A9EC8} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== ATTENTION
    Task: {ADB21A34-52FE-4C84-8968-C8F01439354C} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\...\MountPoints2: {d17964b2-1fc4-11e5-be96-001a6bbf46a2} - "F:\SISetup.exe"
    AppInit_DLLs: C:\ProgramData\Lightzap\Zencom.dll => C:\ProgramData\Lightzap\Zencom.dll [805376 2015-12-28] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Santrax.dll => C:\ProgramData\Lightzap\Santrax.dll [257536 2015-12-28] ()
    GroupPolicyScripts: Restriction <======= ATTENTION
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...z1r1QvM1kvWqawgkn9HU68RH6XZBmNWNhLP8U8U8bqg,,,,
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    HKU\S-1-5-21-2973635610-2144002305-1849690543-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2973635610-2144002305-1849690543-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2973635610-2144002305-1849690543-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...srakjgAl7STb_Eyqg0XzAXFE_SQbZXLEgzNA,,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Lightzaps\\ff.NT
    FF DefaultSearchEngine: findit
    FF SearchPlugin: C:\Users\Pyszczek\AppData\Roaming\Mozilla\Firefox\Profiles\45hv20ak.default\searchplugins\findit.xml [2015-12-28]
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [406016 2015-12-12] () [File not signed]
    R2 wfsrvc_1.10.0.28; C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe [301632 2015-10-30] (WF)
    2015-12-12 17:05 - 2015-12-28 13:50 - 00000000 ____D C:\ProgramData\Lightzap
    2015-12-12 17:05 - 2015-12-28 13:49 - 00002377 _____ C:\WINDOWS\SysWOW64\findit.xml
    2015-12-12 17:05 - 2015-12-12 17:05 - 00000000 ____D C:\ProgramData\Lightzaps
    2015-12-12 17:05 - 2015-12-12 17:05 - 00000000 ____D C:\Program Files (x86)\WordFly_1.10.0.28
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 28 Gru 2015 15:24
    McRancor
    VIP Zasłużony dla elektroda

    Dzięki chłopaki!

    Wiedziałem że mogę na Was liczyć, problem rozwiązany :)

    0