Elektroda.pl
Elektroda.pl
X
Servizza
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć safe finder, logi z frst

anekd 17 Lut 2016 10:20 795 8
  • Servizza
  • #2 17 Lut 2016 10:27
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    Task: {90D6B705-FF5E-4C2A-A598-52F5CD8993A1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    Task: {9EA86BA1-CF1F-49BC-BAFC-C3847977C5A6} - System32\Tasks\Steam-S-1-8-22-9865GUI => C:\Users\Anek\AppData\Roaming\Steam\Reversed\steam.exe <==== UWAGA
    Task: {CE801AC7-BD03-4345-A264-AE2A3BF3686C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Anek\AppData\Roaming\BitTorrent\googleupd.exe [2015-10-10] () <==== UWAGA
    Task: {E2D16865-2B77-4033-ABCC-355B2790CA0D} - System32\Tasks\UpdateAdmin => C:\Users\Anek\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== UWAGA
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\...\MountPoints2: {4b451b98-e49f-11e3-80a9-8c89a50afeed} - F:\Startme.exe
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\...\MountPoints2: {908c6a7f-295f-11e3-8f38-8c89a50afeed} - H:\LaunchU3.exe -a
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...dkOkKh5_k8isk3e6XyI96NOYPEBzEidxtXBGOc&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWtdAlYDRWVCJ1w=&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWtdAlYDRWVCJ1w=&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...dkOkKh5_k8isk3e6XyI96NOYPEBzEidxtXBGOc&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-4045872809-3278175575-381707318-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...SLLT6nPlsHFgqAesEp9DHJZ4SGmtkcbaIgmtGS5s_LdUN
    CHR StartupUrls: Default -> "hxxp://www.google.pl/"
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._DD0GtAzNeu4IakSNiufabdtuP21AcBTVxw543&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com__
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    S2 Service Mgr RecordPage; "C:\ProgramData\87737dd0-ad90-4193-bd48-336966b8d777\plugincontainer.exe" [X] <==== UWAGA
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    S2 Update Mgr RecordPage; "C:\Program Files (x86)\Common Files\87737dd0-ad90-4193-bd48-336966b8d777\updater.exe" [X] <==== UWAGA
    S3 cpuz138; \??\C:\Users\Anek\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go jako administrator i kliknij Fix.

    0
  • Servizza
  • #5 17 Lut 2016 11:07
    Domino_2
    Pomocny dla użytkowników

    Przeskanuj komputer programem ADWCleaner i usuń wszystko co znalazł:
    http://www.bleepingcomputer.com/download/adwcleaner

    Jeśli to nadal nie pomoże to odinstaluj przeglądarkę (w przypadku Chrome zaznaczając aby usunął wszystko dane, razem z katalogiem profili, możesz wcześniej wyeksportować zakładki) i zaisntaluj ponownie.

    0
  • #6 17 Lut 2016 11:57
    Kolobos
    Spec od komputerów

    @anekd Wykonaj taki Fixlist.txt:
    Task: {900EFA3C-10E5-404D-B1A9-7109D91A34ED} - System32\Tasks\{58737D08-85E3-4902-832B-A206638437A4} => D:\Program Files (x86)\SEGA\Total War - ATTILA\Attila.exe [2015-09-15] (The Creative Assembly Ltd)
    Task: {90D6B705-FF5E-4C2A-A598-52F5CD8993A1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    Task: {9D544F4C-E384-4661-842E-B023873431D4} - System32\Tasks\{890781AB-9C8C-4026-B53D-01752C3E44EC} => D:\Program Files (x86)\SEGA\Total War - ATTILA\Attila.exe [2015-09-15] (The Creative Assembly Ltd)
    Task: {9EA86BA1-CF1F-49BC-BAFC-C3847977C5A6} - System32\Tasks\Steam-S-1-8-22-9865GUI => C:\Users\Anek\AppData\Roaming\Steam\Reversed\steam.exe <==== UWAGA
    Task: {E2D16865-2B77-4033-ABCC-355B2790CA0D} - System32\Tasks\UpdateAdmin => C:\Users\Anek\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== UWAGA
    () C:\ProgramData\AppbalnusnoZ\AppbalnusnoZ.exe
    () C:\ProgramData\Application Hosting\Application Hosting.exe
    () C:\ProgramData\AppbalnusnoZ\AppbalnusnoZ.exe
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\...\MountPoints2: {4b451b98-e49f-11e3-80a9-8c89a50afeed} - F:\Startme.exe
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\...\MountPoints2: {908c6a7f-295f-11e3-8f38-8c89a50afeed} - H:\LaunchU3.exe -a
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-25] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\AppbalnusnoZ\Tris-In.dll => C:\ProgramData\AppbalnusnoZ\Tris-In.dll [1172480 2015-10-10] ()
    AppInit_DLLs-x32: C:\ProgramData\AppbalnusnoZ\Blue-Touch.dll => C:\ProgramData\AppbalnusnoZ\Blue-Touch.dll [384512 2015-10-10] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4045872809-3278175575-381707318-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...dkOkKh5_k8isk3e6XyI96NOYPEBzEidxtXBGOc&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWtdAlYDRWVCJ1w=&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWtdAlYDRWVCJ1w=&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...dkOkKh5_k8isk3e6XyI96NOYPEBzEidxtXBGOc&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4045872809-3278175575-381707318-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...SLLT6nPlsHFgqAesEp9DHJZ4SGmtkcbaIgmtGS5s_LdUN
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61..._DD0GtAzNeu4IakSNiufabdtuP21AcBTVxw543&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com__
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    S2 ALftbQBcb; C:\ProgramData\SQewyWoSRR\ALftbQBcb.exe [2999208 2016-01-24] (Great Apps)
    R2 AppbalnusnoZ; C:\ProgramData\\AppbalnusnoZ\\AppbalnusnoZ.exe [441856 2015-09-17] () [Brak podpisu cyfrowego]
    R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [70656 2015-08-12] () [Brak podpisu cyfrowego]
    S2 Service Mgr RecordPage; "C:\ProgramData\87737dd0-ad90-4193-bd48-336966b8d777\plugincontainer.exe" [X] <==== UWAGA
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    S2 Update Mgr RecordPage; "C:\Program Files (x86)\Common Files\87737dd0-ad90-4193-bd48-336966b8d777\updater.exe" [X] <==== UWAGA
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()]
    S3 cpuz138; \??\C:\Users\Anek\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-02-15 09:15 - 2016-02-15 09:15 - 00000000 ____D C:\ProgramData\Bnuefuejuoumd
    2016-01-24 18:01 - 2016-01-24 18:01 - 00000000 ____D C:\ProgramData\SQewyWoSRR
    2016-01-24 18:00 - 2016-01-24 18:00 - 00000000 ____D C:\Users\Anek\AppData\Local\DailyWiki
    2016-02-15 09:09 - 2015-10-10 09:10 - 00000000 ____D C:\ProgramData\AppbalnusnoZ
    2016-01-24 19:27 - 2015-10-14 14:39 - 00000424 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job
    2014-10-17 18:31 - 2014-10-17 18:31 - 0301608 _____ (VuuPC Limited) C:\Users\Anek\AppData\Local\nsl4563.tmp
    EmptyTemp:


    @Domino_2 chyba widzisz drobna roznice? Jezeli nie znasz niektorych plikow/wpisow to sprawdzaj w google zamiast pomijac.

    1
  • #7 17 Lut 2016 14:28
    anekd
    Poziom 6  

    Dzięki Kolobos
    Wydaje się że jest ok

    0
  • #8 17 Lut 2016 14:44
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  Szukaj w 5mln produktów