Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunać wyszukiwarkę Safe Finder?

luke_b 04 Maj 2016 20:10 744 4
  • #1 04 Maj 2016 20:10
    luke_b
    Poziom 2  

    Witam

    Przy okazji aktualizacji złapałem złodziei wyszukiwarki, wyskakujące reklamy itp. Co jakiś czas zmienia mi wyszukiwarkę, przerabia zdjęcia na stronach www na banery reklamowe itd.
    Pomóżcie mi się tego pozbyć.
    Załaczam log z FRST.

    Dzieki.
    Pozdr

    0 4
  • #2 04 Maj 2016 20:12
    Kolobos
    Spec od komputerów

    Jeszcze Addition.txt.

    1
  • #4 04 Maj 2016 21:04
    Kolobos
    Spec od komputerów

    Odinstaluj:
    PriceFountain
    RelayDouble

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    Task: {31080064-5154-43D1-AEA8-0D8D1396C7FF} - System32\Tasks\psv_Damsing => /c regedit.exe /s "C:\ProgramData\Quotenamron\Solonix.reg" &amp; del "C:\ProgramData\Quotenamron\Solonix.reg" &amp; SCHTASKS /Delete /TN "psv_Damsing" /F <==== UWAGA
    Task: {4715D156-6562-4B3C-A8B8-7EF9136599FD} - System32\Tasks\psv_NimTinsing => /c regedit.exe /s "C:\ProgramData\AppnormanetouQ\Plusdax.reg" &amp; del "C:\ProgramData\AppnormanetouQ\Plusdax.reg" &amp; SCHTASKS /Delete /TN "psv_NimTinsing" /F <==== UWAGA
    Task: {6B799C05-4B83-4972-A944-7E50B70FD5FD} - System32\Tasks\psv_Labsing => /c regedit.exe /s "C:\ProgramData\Quotenamron\S-Phase.reg" &amp; del "C:\ProgramData\Quotenamron\S-Phase.reg" &amp; SCHTASKS /Delete /TN "psv_Labsing" /F <==== UWAGA
    Task: {94CB301B-9A2F-4689-A542-26187B4BA3D0} - System32\Tasks\ShdUpdate => C:\Users\Lukasz Agatka\AppData\Local\ShdUpdate\shupd.exe [2015-12-03] (Visual Tools)
    Task: {C46BF9E6-9ADF-4BDD-BDBB-353CBD763A74} - System32\Tasks\Lukasz AgatkaOffersShearsV2 => Rundll32.exe AmplitudesPerpetrated.dll,main 7 1 <==== UWAGA
    Task: {D79972CB-7A13-4255-9CB7-87B1A326F5DD} - System32\Tasks\psv_Freshstrong => /c regedit.exe /s "C:\ProgramData\Quotenamron\Tansilcof.reg" &amp; del "C:\ProgramData\Quotenamron\Tansilcof.reg" &amp; SCHTASKS /Delete /TN "psv_Freshstrong" /F <==== UWAGA
    2016-05-03 10:21 - 2016-05-03 10:05 - 00692736 _____ () C:\ProgramData\AppnormanetouQ\AppnormanetouQ.exe
    2016-04-12 20:08 - 2016-04-12 17:35 - 00400384 _____ () C:\ProgramData\DCHP\DCHP.exe
    2016-05-03 10:21 - 2016-05-03 10:21 - 00257536 _____ () C:\ProgramData\AppnormanetouQ\Sailstrong.dll
    () C:\ProgramData\AppnormanetouQ\AppnormanetouQ.exe
    () C:\ProgramData\DCHP\DCHP.exe
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\...\MountPoints2: {4960704b-7487-11e2-b2b7-047d7b1dbdaf} - E:\Startme.exe
    AppInit_DLLs: C:\ProgramData\AppnormanetouQ\Fax-Tough.dll => C:\ProgramData\AppnormanetouQ\Fax-Tough.dll [361984 2016-05-03] ()
    AppInit_DLLs-x32: C:\ProgramData\AppnormanetouQ\Sailstrong.dll => C:\ProgramData\AppnormanetouQ\Sailstrong.dll [257536 2016-05-03] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911...amp;GUID=58A2A952-97CE-4DCD-9872-8DCEBA130A21
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911...amp;GUID=58A2A952-97CE-4DCD-9872-8DCEBA130A21




    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...-rzDXG14lGYtO2B102f7gL7Ci4ApQ6AEtzPfvRdVdoyL8
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&am...65E60D8194EDE8C&affID=119357&tsp=4950
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    HKU\S-1-5-21-405425825-343597657-3207590581-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-405425825-343597657-3207590581-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-405425825-343597657-3207590581-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-405425825-343597657-3207590581-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-405425825-343597657-3207590581-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\S-1-5-21-405425825-343597657-3207590581-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...C5FKIoQhiq8p66brahlA42ree3_ijz9UhPi03u&q={searchTerms}
    BHO: offferdoeal -> {521937FC-1CDB-4CAA-9656-E4B20D1DBE4D} -> C:\Program Files (x86)\offferdoeal\9uNmanwz2Z6Whz.x64.dll => Brak pliku
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121214120634.dll => Brak pliku
    BHO: offeRdeaal -> {DF5F29E9-DD5E-4192-8AEE-8889D6035A57} -> C:\Program Files (x86)\offeRdeaal\aia2AgMtDRi35O.x64.dll => Brak pliku
    BHO-x32: offferdoeal -> {521937FC-1CDB-4CAA-9656-E4B20D1DBE4D} -> C:\Program Files (x86)\offferdoeal\9uNmanwz2Z6Whz.dll => Brak pliku
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121214120636.dll => Brak pliku
    BHO-x32: offeRdeaal -> {DF5F29E9-DD5E-4192-8AEE-8889D6035A57} -> C:\Program Files (x86)\offeRdeaal\aia2AgMtDRi35O.dll => Brak pliku
    FF NewTab: C:\\ProgramData\\AppnormanetouQs\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\AppnormanetouQs\\ff.HP
    FF SearchPlugin: C:\Users\Lukasz Agatka\AppData\Roaming\Mozilla\Firefox\Profiles\r7fpbjam.default\searchplugins\findit.xml [2016-05-03]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => nie znaleziono
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    CHR HomePage: Profile 1 -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...5i8jfhcjWLaLgKnY8rfuYdiYhiTL0Mp7XjbQwLluG9LfJ
    CHR StartupUrls: Profile 1 -> "hxxps://www.google.pl/webhp?ie=UTF-8&rct=j"
    CHR DefaultSearchURL: Profile 1 -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eWWxsOzKgxstvvjm8WOpYWtCkpLZUUedeinH0h&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> feed.sonic-search.com
    CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [knnaihaddpogmkclkahpcnhppgapinpe] - hxxps://clients2.google.com/service/update2/crx
    R2 AppnormanetouQ; C:\ProgramData\\AppnormanetouQ\\AppnormanetouQ.exe [692736 2016-05-03] () [Brak podpisu cyfrowego]
    R2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Brak podpisu cyfrowego]
    S2 4dd8d474; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelayDouble\RelayDouble.dll",serv
    S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
    R1 wfdrvr_vt_1_10_0_25; C:\Windows\System32\drivers\wfdrvr_vt_1_10_0_25.sys [61296 2015-09-30] (WF)
    S1 abhogvif; \??\C:\Windows\system32\drivers\abhogvif.sys [X]
    S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    2016-05-04 18:31 - 2016-05-04 18:31 - 00003294 _____ C:\Windows\System32\Tasks\psv_NimTinsing
    2016-05-02 19:53 - 2016-05-02 19:54 - 00000000 ____D C:\sh4ldr
    2016-05-02 19:06 - 2016-05-02 19:06 - 00003600 _____ C:\Windows\System32\Tasks\{4E1BEE8A-A5C8-4C84-B25D-9DEEC15C9499}
    2016-05-02 15:53 - 2016-05-04 18:31 - 00000000 ____D C:\ProgramData\AppnormanetouQ
    2016-05-02 15:53 - 2016-05-02 15:53 - 00000000 ____D C:\ProgramData\AppnormanetouQs
    2016-04-24 20:23 - 2016-04-24 20:23 - 00003276 _____ C:\Windows\System32\Tasks\psv_Labsing
    2016-04-12 20:08 - 2016-05-03 10:20 - 00000000 ____D C:\ProgramData\DCHP
    2016-04-07 19:07 - 2016-04-07 19:07 - 00003292 _____ C:\Windows\System32\Tasks\psv_Freshstrong
    2016-05-03 16:21 - 2016-04-02 20:17 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-05-03 10:10 - 2016-04-02 20:16 - 00000000 ____D C:\ProgramData\Quotenamron
    2016-05-02 22:02 - 2016-02-26 13:35 - 00000000 ____D C:\Users\Lukasz Agatka\AppData\Local\ShdUpdate
    2016-05-02 22:02 - 2015-06-12 12:51 - 00000000 ____D C:\ProgramData\7357060824517926754
    2016-05-02 19:52 - 2013-10-13 21:40 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-04-02 20:16 - 2016-04-02 20:16 - 6504960 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\agent.dat
    2016-04-02 20:16 - 2016-04-02 20:16 - 0065856 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\Config.xml
    2016-04-02 20:16 - 2016-04-02 20:16 - 0120466 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\inst.lat
    2016-04-02 20:16 - 2016-04-02 20:16 - 0014448 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\InstallationConfiguration.xml
    2016-04-02 20:16 - 2016-04-02 20:16 - 0127488 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\Installer.dat
    2016-04-02 20:16 - 2016-04-02 20:16 - 0402905 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\Lexitouch.bin
    2016-04-02 20:16 - 2016-04-02 20:16 - 0018432 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\Main.dat
    2016-04-02 20:16 - 2016-04-02 20:16 - 0005568 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\md.xml
    2016-04-02 20:16 - 2016-04-02 20:16 - 0126464 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\noah.dat
    2016-04-02 20:16 - 2016-04-02 20:16 - 1626591 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\Tranflex.tst
    2016-04-02 20:17 - 2016-04-02 20:17 - 0032038 _____ () C:\Users\Lukasz Agatka\AppData\Roaming\uninstall_temp.ico
    2013-04-07 19:34 - 2013-04-14 13:11 - 0004397 _____ () C:\Users\Lukasz Agatka\AppData\Local\unins000.dat
    2013-04-14 13:11 - 2013-04-14 13:11 - 0707504 _____ () C:\Users\Lukasz Agatka\AppData\Local\unins000.exe
    2013-04-07 19:34 - 2013-04-14 13:11 - 0011761 _____ () C:\Users\Lukasz Agatka\AppData\Local\unins000.msg
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #5 04 Maj 2016 22:02
    luke_b
    Poziom 2  

    udało sie :D
    Super - ślicznie dziękuje.

    Pozdrawiam.
    Jak usunać wyszukiwarkę Safe Finder?

    0