Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć wirusa Safe Finder?

el-mandato 14 Mar 2016 22:03 777 3
  • Pomocny post
    #2 14 Mar 2016 22:22
    Kolobos
    Spec od komputerów

    W menadzerze urzadzen masz niezainstalowane urzadzenia, moze warto sie tym zajac i zainstalowac?

    Fixlist.txt dla FRST:
    Task: {30467A9E-5C0E-4C9F-8052-6DEEC22136FD} - System32\Tasks\{395AF43B-1BD9-47C3-B76E-F8D2217C4E40} => pcalua.exe -a C:\Users\kamil\Downloads\jxpiinstall.exe -d C:\Users\kamil\Downloads
    Task: {3EDD3066-979F-4766-B653-446ED6C96F9D} - System32\Tasks\{9C63AD6F-74E3-47BD-A715-48FA9F69370A} => pcalua.exe -a C:\Users\kamil\AppData\Roaming\istartpageing\UninstallManager.exe -c -ptid=age
    Task: {4C076D46-A70E-4AE1-A568-3E98D0CE9FED} - System32\Tasks\Eurhuf => C:\Program
    2016-03-14 15:37 - 2016-03-14 15:37 - 00670544 ____N () C:\Users\kamil\AppData\Roaming\Gafpo\Ponryire.dll
    Hosts:
    2016-03-14 16:01 - 2016-03-14 16:01 - 00383488 ____N () C:\Program Files\ktip\ktip.exe
    2016-03-14 19:57 - 2016-03-14 19:35 - 00529408 _____ () C:\ProgramData\lhgu\lhgu.exe
    2016-03-14 15:37 - 2016-03-14 15:37 - 00174416 ____N () C:\Users\kamil\AppData\Roaming\Gafpo\Gafpo.exe
    2016-03-14 15:37 - 2016-03-14 15:37 - 00115536 ____N () C:\Users\kamil\AppData\Roaming\Gafpo\Cenvhedot.exe
    2016-03-14 15:37 - 2016-03-14 15:37 - 00146256 ____N () C:\Users\kamil\AppData\Roaming\Gafpo\Ponryire.exe
    2016-03-14 15:37 - 2016-03-14 15:37 - 00261968 ____N () C:\Users\kamil\AppData\Roaming\Gafpo\Cenvhedot.dll
    2016-03-14 19:58 - 2016-03-14 19:58 - 00257536 ____N () C:\ProgramData\lhgu\Kincof.dll
    () C:\Program Files\ktip\ktip.exe
    () C:\ProgramData\lhgu\lhgu.exe
    () C:\Users\kamil\AppData\Roaming\Gafpo\Gafpo.exe
    () C:\ProgramData\lhgu\lhgu.exe
    () C:\Users\kamil\AppData\Roaming\Gafpo\Cenvhedot.exe
    () C:\Users\kamil\AppData\Roaming\Gafpo\Ponryire.exe
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    FF Extension: Brak nazwy - C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\8zc8fz4y.default\extensions\yahooprotected@gmail.com [nie znaleziono]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...IdfHP6RTRqJH-mJsc1bJ-_oxz1UdcARnkTH65TIpAEgg,,
    CHR StartupUrls: Default -> "hxxp://google.pl/","hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=6EE8A78065B55055A2D74CDEA827EE11&v=20160202&ts=AHEpB3ImB3ArCE..","hxxp://www.istartpageing.com/?type=hp&ts=1457970713&z=cb76c62e92208f3ef244b48g7z5w2mctamaeam2gbo&from=age&uid=TOSHIBAXMQ01ABF050_Z2D2S06WSXXZ2D2S06WS","hxxp://www.yoursearching.com/?type=hp&ts=1457970736&z=36526b3fb8eb0a99f43b538g1z2w2m6tem1e0mcccz&from=brd&uid=TOSHIBAXMQ01ABF050_Z2D2S06WSXXZ2D2S06WS","hxxp://www.mysites123.com/?type=hp&ts=1457971006&z=c0a5699f13da58deead1d4bg4zfw7mftambg5eee1w&from=tt4u&uid=TOSHIBAXMQ01ABF050_Z2D2S06WSXXZ2D2S06WS","hxxp://www.yoursearching.com/?type=hp&ts=1457971123&z=7dc326b9c75eb666b2c26feg1zbwcmbt1m8g1gbo3o&from=brd&uid=TOSHIBAXMQ01ABF050_Z2D2S06WSXXZ2D2S06WS","hxxps://www.google.com/"




    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...bIxOFuNv37WOcYiMtJJko_Z5NtYVU6FHf9BG9cyMHF&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com_
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    S2 Zolmuggy; "C:\Users\kamil\AppData\Roaming\JeihAtyofce\Caafputf.exe" -cms [X]
    2016-03-14 19:57 - 2016-03-14 21:57 - 00000000 ____D C:\ProgramData\lhgu
    2016-03-14 17:29 - 2016-03-14 21:06 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-14 17:09 - 2016-03-14 17:09 - 00000000 ____D C:\Users\kamil\AppData\Roaming\MCorp
    2016-03-14 17:08 - 2016-03-14 17:09 - 00000000 ____D C:\Users\kamil\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-14 17:04 - 2016-03-14 17:04 - 00001567 _____ C:\Users\kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-03-14 17:04 - 2016-03-14 17:04 - 00000000 ____D C:\Users\kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-03-14 17:04 - 2016-03-14 17:04 - 00000000 ____D C:\Users\kamil\AppData\Local\UCBrowser
    2016-03-14 17:00 - 2016-03-14 17:00 - 00000000 ____D C:\Windows\system32\roao
    2016-03-14 16:57 - 2016-03-14 19:57 - 00000000 ____D C:\Program Files\ktip
    2016-03-14 16:57 - 2016-03-14 16:57 - 07600640 _____ C:\Users\kamil\AppData\Roaming\agent.dat
    2016-03-14 16:57 - 2016-03-14 16:57 - 01787404 _____ C:\Users\kamil\AppData\Roaming\K-Domstock.tst
    2016-03-14 16:57 - 2016-03-14 16:57 - 00072711 _____ C:\Users\kamil\AppData\Roaming\Gravetrax.tst
    2016-03-14 16:57 - 2016-03-14 16:57 - 00018432 _____ C:\Users\kamil\AppData\Roaming\Main.dat
    2016-03-14 16:56 - 2016-03-14 16:56 - 00127488 _____ C:\Users\kamil\AppData\Roaming\Installer.dat
    2016-03-14 16:56 - 2016-03-14 16:56 - 00000000 ____D C:\Program Files (x86)\badu
    2016-03-14 16:54 - 2016-03-14 17:14 - 00000000 ____D C:\Users\kamil\AppData\Local\app
    2016-03-14 16:53 - 2016-03-14 16:53 - 00003164 _____ C:\Windows\System32\Tasks\{9C63AD6F-74E3-47BD-A715-48FA9F69370A}
    2016-03-14 16:51 - 2016-03-14 21:31 - 00000000 ____D C:\Users\kamil\AppData\LocalLow\Company
    2016-03-14 16:51 - 2016-03-14 16:51 - 00003408 _____ C:\Windows\System32\Tasks\Eurhuf
    2016-03-14 16:51 - 2016-03-14 16:51 - 00000000 ____D C:\Users\kamil\AppData\Roaming\Gafpo
    2016-03-14 16:51 - 2016-03-14 16:51 - 00000000 ____D C:\Users\kamil\AppData\Local\Tempfolder
    2016-03-14 16:51 - 2016-03-14 16:51 - 00000000 ____D C:\uninst
    2016-03-14 16:35 - 2016-03-14 16:35 - 03643712 _____ (Last Chance Inc) C:\Users\kamil\Downloads\slownik_polsko_angielski_pdf_chomikuj_downloader.exe
    EmptyTemp:


    Zainstaluj tez aktualizacje z https://support.microsoft.com/en-us/kb/2545227

    1
  • #3 14 Mar 2016 22:52
    el-mandato
    Poziom 2  

    Wielki Dzięki za pomoc. Po 10 minutach od fixa ani razu nie pojawiło się to cholerstwo ani razu więc wygląda że wszystko ok. Kolobos <piwo>

    0
  • #4 14 Mar 2016 23:40
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    Jak usunąć wirusa Safe Finder?

    0