Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak odinstalować Safe Finder? - Załączam logi z FRST.

Mariucha 10 Sty 2016 16:44 807 3
  • #2 10 Sty 2016 17:01
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {1591A2C9-9079-45F4-A6E2-53620BE42126} - System32\Tasks\psv_It-Fan => /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Viaeco.reg" &amp; del "C:\ProgramData\ApphguotoloS\Viaeco.reg" &amp; SCHTASKS /Delete /TN "psv_It-Fan" /F <==== UWAGA
    Task: {32BCC73E-80FE-4E9C-B4B0-91B17BEBECFF} - System32\Tasks\psv_NamNix => /c regedit.exe /s "C:\ProgramData\Solotough\Subtam.reg" &amp; del "C:\ProgramData\Solotough\Subtam.reg" &amp; SCHTASKS /Delete /TN "psv_NamNix" /F <==== UWAGA
    Task: {5E1057B3-24B2-41AA-A2E2-92E9288EF6DE} - System32\Tasks\psv_Groove-Fan => /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Kan-Lex.reg" &amp; del "C:\ProgramData\ApphguotoloS\Kan-Lex.reg" &amp; SCHTASKS /Delete /TN "psv_Groove-Fan" /F <==== UWAGA
    Task: {6421E95F-0FB9-4A02-80FB-355FB7D0E840} - System32\Tasks\psv_Labhold => /c regedit.exe /s "C:\ProgramData\Solotough\Voyatech.reg" &amp; del "C:\ProgramData\Solotough\Voyatech.reg" &amp; SCHTASKS /Delete /TN "psv_Labhold" /F <==== UWAGA
    Task: {9082842D-C496-42E5-97F9-401ED9122C25} - System32\Tasks\psv_Qvo-Tip => /c regedit.exe /s "C:\ProgramData\Solotough\Itdineco.reg" &amp; del "C:\ProgramData\Solotough\Itdineco.reg" &amp; SCHTASKS /Delete /TN "psv_Qvo-Tip" /F <==== UWAGA
    Task: {91E7AD5F-A273-4901-8CE7-B7EC33651875} - System32\Tasks\{051BCF32-7E48-4340-8CD7-172AE2BDD7AE} => pcalua.exe -a "C:\Program Files (x86)\Common Files\S-tam\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\S-tam\uninstall.dat" -a uninstallme 79B4EF9E-FDDD-428B-BC7F-57077443D4CC DeviceId=653bbd73-9829-b859-deea-0463f920fa69 BarcodeId=50081003 ChannelId=3 DistributerName=APSFIMonetizer
    Task: {9E1C2E12-049A-4C9E-A979-99BC550A0B7E} - System32\Tasks\snf => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2016-01-10] () <==== UWAGA
    Task: {B1C62318-C822-4D01-B64E-0E8088E8CE70} - System32\Tasks\psv_Trustdom => /c regedit.exe /s "C:\ProgramData\Solotough\Trantop.reg" &amp; del "C:\ProgramData\Solotough\Trantop.reg" &amp; SCHTASKS /Delete /TN "psv_Trustdom" /F <==== UWAGA
    Task: {E835EC0D-3EF2-4E83-BE9C-3A081896454A} - System32\Tasks\snp => C:\ProgramData\ApphguotoloS\ApphguotoloS.exe [2016-01-10] () <==== UWAGA
    Task: {F10B01C5-8A2D-49B6-9F31-52BFF9BFEB6C} - System32\Tasks\psv_Zumma-Tip => /c regedit.exe /s "C:\ProgramData\ApphguotoloS\Tamdox.reg" &amp; del "C:\ProgramData\ApphguotoloS\Tamdox.reg" &amp; SCHTASKS /Delete /TN "psv_Zumma-Tip" /F <==== UWAGA
    HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2128944 2014-04-09] (Juniper Networks, Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    AppInit_DLLs: C:\ProgramData\ApphguotoloS\Zathstrong.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\ApphguotoloS\ZonHotfind.dll => C:\ProgramData\ApphguotoloS\ZonHotfind.dll [257536 2016-01-10] ()




    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1536520636-2560928755-4053714031-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    HKU\S-1-5-21-1536520636-2560928755-4053714031-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...kkWVwQgVhLSJw56TPzyjQnd8gcA2BQ_BeVuMIy-nmbRGq
    HKU\S-1-5-21-1536520636-2560928755-4053714031-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    HKU\S-1-5-21-1536520636-2560928755-4053714031-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1536520636-2560928755-4053714031-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1536520636-2560928755-4053714031-1000 -> {5FA2CAD6-B133-4A83-B497-BF01BB45387F} URL =
    SearchScopes: HKU\S-1-5-21-1536520636-2560928755-4053714031-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._sa_RoPPUaJLm9yth4SDhOAirAEnH17LZErjsq&q={searchTerms}
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...AFN0hjIkFB-pfbGUQiAoZeGC5ozA5VF1a93l2K5bgjJ6_
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...juvpejtErdcBq4zEpdgi1yQfwKDAycdzaVjLq7&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Extension: (BrowseStudio) - C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajdghpikgbpihjhmjedgcholonidpbdl [2014-11-07] [UpdateUrl: hxxp://wwwbrowsestudioc-a.akamaihd.net/update/chrome] <==== UWAGA
    R2 ApphguotoloS; C:\ProgramData\\ApphguotoloS\\ApphguotoloS.exe [538112 2016-01-10] () [Brak podpisu cyfrowego]
    R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-10] () [Brak podpisu cyfrowego]
    R1 {6d550375-e98e-48ce-8260-daa7e461d495}Gw64; C:\Windows\System32\drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw64.sys [48784 2014-10-11] (StdLib)
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    2016-01-10 15:32 - 2016-01-10 15:32 - 00003572 _____ C:\Windows\System32\Tasks\{051BCF32-7E48-4340-8CD7-172AE2BDD7AE}
    2016-01-10 15:05 - 2016-01-10 15:46 - 00000000 ____D C:\ProgramData\ApphguotoloS
    2016-01-10 15:05 - 2016-01-10 15:05 - 00003286 _____ C:\Windows\System32\Tasks\psv_Groove-Fan
    2016-01-10 15:05 - 2016-01-10 15:05 - 00003280 _____ C:\Windows\System32\Tasks\psv_Zumma-Tip
    2016-01-10 15:05 - 2016-01-10 15:05 - 00003274 _____ C:\Windows\System32\Tasks\psv_It-Fan
    2016-01-10 15:05 - 2016-01-10 15:05 - 00000000 ____D C:\ProgramData\ApphguotoloSs
    2016-01-10 12:38 - 2016-01-10 12:38 - 00003262 _____ C:\Windows\System32\Tasks\psv_NamNix
    2016-01-10 12:14 - 2016-01-10 15:05 - 00003684 _____ C:\Windows\System32\Tasks\snp
    2016-01-10 12:14 - 2016-01-10 15:05 - 00003290 _____ C:\Windows\System32\Tasks\snf
    2016-01-10 12:14 - 2016-01-10 15:05 - 00002401 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-10 12:14 - 2016-01-10 15:05 - 00000000 ____D C:\ProgramData\ApplicationHosting
    2016-01-10 12:14 - 2016-01-10 13:14 - 00000000 ____D C:\ProgramData\Solotough
    2016-01-10 12:14 - 2016-01-10 12:14 - 00003272 _____ C:\Windows\System32\Tasks\psv_Qvo-Tip
    2016-01-10 12:14 - 2016-01-10 12:14 - 00003272 _____ C:\Windows\System32\Tasks\psv_Labhold
    2016-01-10 12:14 - 2016-01-10 12:14 - 00003270 _____ C:\Windows\System32\Tasks\psv_Trustdom
    2016-01-10 12:14 - 2016-01-10 12:14 - 00000000 ____D C:\ProgramData\Solotoughs
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #3 10 Sty 2016 17:42
    Mariucha

    Poziom 12  

    Wielkie, wielkie dzięki.
    Twoje zalecenia pomogły i problem został rozwiązany.
    Serdecznie pozdrawiam.

    0