Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

SafeFinder - jak usunąć? FRST

ThisIsLove 18 Lut 2016 10:56 681 4
  • #2 18 Lut 2016 11:49
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {6A621DFC-BF86-468D-9C5D-CC102031696E} - System32\Tasks\PrzemekCorkscrewedUnledV2 => Rundll32.exe WedderUncounted.dll,main 7 1 <==== UWAGA
    Task: {DD6D2FBF-A678-4B72-9978-2C239511D1A6} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
    Hosts:
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\Run: [BingSvc] => C:\Users\Przemek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Lightzap\Bamhome.dll => C:\ProgramData\Lightzap\Bamhome.dll [805376 2016-01-21] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Inchtantop.dll => C:\ProgramData\Lightzap\Inchtantop.dll [257536 2016-01-21] ()
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...Nco_JcAiL57AfYaqgKnpPFxV5o7kwsqG5wU2r9f2JYI4,,
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
    FF Homepage: C:\ProgramData\Lightzaps\ff.HP
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...HKBn34oGc3AOkzJcUvmZIpRwvbi-IgAFnipWTD6gbwgU,,
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    S2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [702464 2016-01-21] () [Brak podpisu cyfrowego]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-01-21 19:18 - 2016-01-21 19:18 - 07767040 _____ C:\Users\Przemek\AppData\Roaming\agent.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 01827104 _____ C:\Users\Przemek\AppData\Roaming\SonHold.tst
    2016-01-21 19:18 - 2016-01-21 19:18 - 00126464 _____ C:\Users\Przemek\AppData\Roaming\noah.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 00062976 _____ C:\Users\Przemek\AppData\Roaming\Config.xml
    2016-01-21 19:18 - 2016-01-21 19:18 - 00018432 _____ C:\Users\Przemek\AppData\Roaming\Main.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 00005568 _____ C:\Users\Przemek\AppData\Roaming\md.xml
    2016-01-21 19:18 - 2016-01-21 19:18 - 00003484 _____ C:\Windows\System32\Tasks\ByteFence Scan
    2016-01-21 19:18 - 2016-01-21 19:18 - 00003452 _____ C:\Windows\System32\Tasks\PrzemekCorkscrewedUnledV2
    2016-01-21 19:18 - 2016-01-21 19:18 - 00000068 _____ C:\Users\Przemek\AppData\Roaming\WB.CFG
    2016-01-21 19:18 - 2016-01-21 19:18 - 00000000 ____D C:\ProgramData\Lightzaps
    2016-01-21 19:18 - 2016-01-21 19:17 - 00702464 _____ C:\Users\Przemek\AppData\Roaming\SonHold.exe
    2016-01-21 19:18 - 2016-01-21 19:14 - 00000000 ____D C:\ProgramData\Lightzap
    2016-01-21 19:15 - 2016-01-21 19:15 - 00003568 _____ C:\Windows\System32\Tasks\{C7626025-7D62-4EF1-8C9F-E078BD740E5E}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Odinstaluj SafeFinder. Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl

    0
  • #3 18 Lut 2016 11:51
    ThisIsLove
    Poziom 8  

    Acorus 20 napisał:
    Odinstaluj SafeFinder. Użyj Jeefogui >http://downloads.sophos.com/support/cleaners/jeefogui.com


    Ok dzięki, link nie działa u mnie u Ciebie/Was działa?

    0
  • #4 18 Lut 2016 11:54
    Kolobos
    Spec od komputerów

    Odinstaluj Java(TM) 6 Update 21
    Zainstaluj http://ninite.com/java/

    Po wszystkim odinstaluj tez SafeFinder

    Nie pobieraj programow z dobrychprogramow przy pomocy menadzera pobierania z ich strony, ktory instaluje szkodliwe oprogramowanie!

    Fixlist.txt dla FRST:
    Task: {219ADBF9-C3CB-475B-90E1-E5004BB9A375} - System32\Tasks\{C7626025-7D62-4EF1-8C9F-E078BD740E5E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Fundom\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Fundom\uninstall.dat" -a uninstallme 435CAC78-75E4-4CC2-A2CF-A1E74236C3C7 DeviceId=eef029af-af1e-1c13-84a2-f5e65494a744 BarcodeId=50028100 ChannelId=100 DistributerName=APSFIsc
    Task: {599D0208-5233-40EA-8144-3CD4AF61D838} - System32\Tasks\{F4EF8459-31AF-4710-B37E-1578757D15DB} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {6A621DFC-BF86-468D-9C5D-CC102031696E} - System32\Tasks\PrzemekCorkscrewedUnledV2 => Rundll32.exe WedderUncounted.dll,main 7 1 <==== UWAGA
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\Run: [BingSvc] => C:\Users\Przemek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {02147d83-cc99-11df-b952-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {02147d87-cc99-11df-b952-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {1fac0bf8-ccc6-11df-b86d-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {1fac0bfa-ccc6-11df-b86d-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {1fac0bfd-ccc6-11df-b86d-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1000\...\MountPoints2: {a1a0bd29-ccbc-11df-8f99-00235a244094} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-21] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Lightzap\Bamhome.dll => C:\ProgramData\Lightzap\Bamhome.dll [805376 2016-01-21] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Inchtantop.dll => C:\ProgramData\Lightzap\Inchtantop.dll [257536 2016-01-21] ()
    C:\Users\Przemek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...Nco_JcAiL57AfYaqgKnpPFxV5o7kwsqG5wU2r9f2JYI4,,
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    HKU\S-1-5-21-1237439789-2403457907-752521653-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1237439789-2403457907-752521653-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TckDIKIlNsfOPMitiuVgJ8UZLjoqJhZ3vZH3U,&q={searchTerms}
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
    FF Homepage: C:\ProgramData\Lightzaps\ff.HP
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...HKBn34oGc3AOkzJcUvmZIpRwvbi-IgAFnipWTD6gbwgU,,
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    S2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [702464 2016-01-21] () [Brak podpisu cyfrowego]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-02-18 09:54 - 2016-02-18 09:57 - 00000000 ____D C:\AdwCleaner
    2016-01-21 19:18 - 2016-01-21 19:18 - 07767040 _____ C:\Users\Przemek\AppData\Roaming\agent.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 01827104 _____ C:\Users\Przemek\AppData\Roaming\SonHold.tst
    2016-01-21 19:18 - 2016-01-21 19:18 - 00126464 _____ C:\Users\Przemek\AppData\Roaming\noah.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 00062976 _____ C:\Users\Przemek\AppData\Roaming\Config.xml
    2016-01-21 19:18 - 2016-01-21 19:18 - 00018432 _____ C:\Users\Przemek\AppData\Roaming\Main.dat
    2016-01-21 19:18 - 2016-01-21 19:18 - 00005568 _____ C:\Users\Przemek\AppData\Roaming\md.xml
    2016-01-21 19:18 - 2016-01-21 19:18 - 00003484 _____ C:\Windows\System32\Tasks\ByteFence Scan
    2016-01-21 19:18 - 2016-01-21 19:18 - 00003452 _____ C:\Windows\System32\Tasks\PrzemekCorkscrewedUnledV2
    2016-01-21 19:18 - 2016-01-21 19:18 - 00000068 _____ C:\Users\Przemek\AppData\Roaming\WB.CFG
    2016-01-21 19:18 - 2016-01-21 19:18 - 00000000 ____D C:\ProgramData\Lightzaps
    2016-01-21 19:18 - 2016-01-21 19:17 - 00702464 _____ C:\Users\Przemek\AppData\Roaming\SonHold.exe
    2016-01-21 19:18 - 2016-01-21 19:14 - 00000000 ____D C:\ProgramData\Lightzap
    2016-01-21 19:17 - 2016-01-21 19:18 - 00010944 _____ C:\Users\Przemek\AppData\Roaming\InstallationConfiguration.xml
    2016-01-21 19:17 - 2016-01-21 19:17 - 00984634 _____ (Application Soft ) C:\Users\Przemek\Downloads\Opera-12614-dp.exe
    2016-01-21 19:17 - 2016-01-21 19:17 - 00126976 _____ C:\Users\Przemek\AppData\Roaming\Installer.dat
    2016-01-21 19:15 - 2016-01-21 19:15 - 00003568 _____ C:\Windows\System32\Tasks\{C7626025-7D62-4EF1-8C9F-E078BD740E5E}
    2016-01-21 19:21 - 2016-01-21 19:24 - 0029220 _____ () C:\Users\Przemek\AppData\Roaming\ICSW_1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1ItJ1V0P1C1L1R1P0F1F2Y1G2Z1T1L1G.txt
    C:\Windows\svchost.exe
    EmptyTemp:


    Zrob pelny skan przy pomocy mbam oraz cureit i usun to co wykryja:
    http://download.drweb.co.jp/pub/drweb/cureit/setup.exe
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #5 18 Lut 2016 12:00
    ThisIsLove
    Poziom 8  

    Kolobos napisał:

    Nie pobieraj programow z dobrychprogramow przy pomocy menadzera pobierania z ich strony, ktory instaluje szkodliwe oprogramowanie!

    Dostałem laptopa do naprawy wiem że śmieci się instalują przy menagerach,
    Najpierw naprawię FRST może usunie mi on SafeFinder

    0