Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

safe finder - pomocy! - jak usunac zlosliwe oprogramowanie

komandos1607 30 Paź 2016 16:41 633 10
  • #1 30 Paź 2016 16:41
    komandos1607
    Poziom 7  

    Witam. Posiadam problem z uciazliwym oprogramowaniem, mianoowicie jest nim safe finder. Usunelam go z listy programow, z przegladarki jednak nadal blokuje otwieranie stron internetowych. Kazda strone ktora probuje otworzyc przekierowuje na feed.helperbar.com po czym otrzymuje komunikat ze witryna jest nieosiagalna. Skanowalam komputer programem FRST, dodaje raporty[/syntax][/tex]

    0 10
  • #2 30 Paź 2016 16:59
    krzychupar
    Poziom 41  

    Jeszcze Addition.txt.

    0
  • Pomocny post
    #8 30 Paź 2016 18:06
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:
    Task: {35C3439D-F614-4848-B4E9-079EEF276192} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {380310CD-3671-48F2-84B5-46A5BF268BE7} - System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5 => Rundll32.exe "C:\Program Files (x86)\Microleaves\aa2ozm.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    Task: {B2C90477-A655-46C0-9077-AF0C00EDCCB3} - System32\Tasks\{77D63CBC-38D1-57FD-6DAE-440F05BA322E} => C:\Users\x\AppData\Roaming\{77D63~1\PRICEF~1.EXE <==== UWAGA
    Task: {B615139E-08D3-4D8D-A673-EF7C8C53D9D8} - System32\Tasks\{BA05935F-3D72-4F9A-834B-BF25F2172FEB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\StockDinfax\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\StockDinfax\uninstall.dat" -a uninstallme 6E1FEB16-FC67-4B87-A3F0-93DCF3F00915 DeviceId=a99b5765-97f9-1c7a-25bd-20621b734a0c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {D2E6C4E2-86B6-429D-A1C9-E9FFC716EF6F} - System32\Tasks\{BA4CD774-784C-497A-AAA7-7317C22A543A} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: {D94873FE-D4B4-4830-851A-FCEC788B96C1} - System32\Tasks\{566989E8-A780-4D67-8081-89D561B5AC5E} => pcalua.exe -a F:\CRACK\Spolszczenie\gtasanandreas_pl_0.9.exe -d F:\CRACK\Spolszczenie
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\{77D63CBC-38D1-57FD-6DAE-440F05BA322E}.job => C:\Users\x\AppData\Roaming\{77D63~1\PRICEF~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%




    Hosts:
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\...\MountPoints2: F - F:\RunGame.exe
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\...\MountPoints2: {12ace789-7c34-11e6-8e1e-0016e6d401ec} - G:\AutoRun.exe
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\...\MountPoints2: {e80d26c1-0c7d-11e6-8f8a-0016e6d401ec} - F:\RunGame.exe
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\...\MountPoints2: {e80d26c5-0c7d-11e6-8f8a-0016e6d401ec} - G:\autorun.exe
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tZwzdUJ7jqr4T6tlbuByMg_C-pfAcE9lGHQw,,&q={searchTerms}
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...yzoP4_73uE3SE5G9h1CswR6GB0l_pgh8EUM-ZAZAqtw,,,,
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tZwzdUJ7jqr4T6tlbuByMg_C-pfAcE9lGHQw,,&q={searchTerms}
    HKU\S-1-5-21-234889924-1929596341-3439668213-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tZwzdUJ7jqr4T6tlbuByMg_C-pfAcE9lGHQw,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-234889924-1929596341-3439668213-1000 -> DefaultScope {ielnksrch} URL =
    FF DefaultProfile: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    FF NewTab: Mozilla\Firefox\Profiles\4kbsvthz.default -> C:\\ProgramData\\Quoteexs\\ff.NT
    FF Homepage: Mozilla\Firefox\Profiles\4kbsvthz.default -> C:\\ProgramData\\Quoteexs\\ff.HP
    CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...TZcKd6DFRXL0DEScooiJx-HVL6uffgHq9Nryi9baYyA,,,,
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...DktI8lEO2IjqXJBo3AYVSfvpoSwuQqoU68iw,,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    2016-10-30 17:24 - 2016-10-30 17:42 - 00000000 ____D C:\AdwCleaner
    2016-10-21 17:00 - 2016-10-21 17:00 - 00000000 ____D C:\ProgramData\Microleaves
    2016-10-21 16:10 - 2016-10-21 16:10 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
    2016-10-21 16:06 - 2016-10-21 16:06 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-10-21 16:06 - 2016-10-21 16:06 - 00000000 ____D C:\Program Files\Aiduwb
    2016-10-21 16:05 - 2016-10-30 17:41 - 00000448 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-10-21 16:05 - 2016-10-27 14:36 - 00000000 ____D C:\Program Files (x86)\Gruheph
    2016-10-21 16:05 - 2016-10-21 16:05 - 00003518 _____ C:\Windows\System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5
    2016-10-21 16:05 - 2016-10-21 16:05 - 00003414 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2016-10-21 16:05 - 2016-10-21 16:05 - 00000000 ____D C:\Users\x\AppData\Roaming\Drerhty
    2016-10-21 16:05 - 2016-10-21 16:05 - 00000000 ____D C:\Users\x\AppData\Local\Grisale
    2016-10-21 16:04 - 2016-10-21 16:04 - 00000000 ____D C:\Users\x\AppData\Local\UCBrowser
    2016-10-21 16:04 - 2016-10-21 16:04 - 00000000 _____ C:\TOSTACK
    2016-10-21 16:02 - 2016-10-21 16:05 - 00000000 ____D C:\Program Files (x86)\hhh
    2016-10-21 16:02 - 2016-10-21 16:03 - 00000000 ____D C:\Users\x\AppData\Roaming\Microleaves
    2016-10-21 16:02 - 2016-10-21 16:02 - 01897571 _____ C:\Users\x\AppData\Roaming\AlphaCof.bin
    2016-10-21 16:02 - 2016-10-21 16:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2016-10-21 16:01 - 2016-10-21 16:01 - 07214592 _____ C:\Users\x\AppData\Roaming\agent.dat
    2016-10-21 16:01 - 2016-10-21 16:01 - 01910940 _____ C:\Users\x\AppData\Roaming\Biola.tst
    2016-10-21 16:01 - 2016-10-21 16:01 - 00190394 _____ C:\Users\x\AppData\Roaming\Stringdantam.bin
    2016-10-21 16:01 - 2016-10-21 16:01 - 00126464 _____ C:\Users\x\AppData\Roaming\noah.dat
    2016-10-21 16:01 - 2016-10-21 16:01 - 00070704 _____ C:\Users\x\AppData\Roaming\Config.xml
    2016-10-21 16:01 - 2016-10-21 16:01 - 00018432 _____ C:\Users\x\AppData\Roaming\Main.dat
    2016-10-21 16:01 - 2016-10-21 16:01 - 00005568 _____ C:\Users\x\AppData\Roaming\md.xml
    2016-10-21 16:01 - 2016-10-21 16:00 - 00710656 _____ C:\Users\x\AppData\Roaming\Biola.exe
    2016-10-21 16:00 - 2016-10-21 16:01 - 00016224 _____ C:\Users\x\AppData\Roaming\InstallationConfiguration.xml
    2016-10-21 16:00 - 2016-10-21 16:00 - 00140288 _____ C:\Users\x\AppData\Roaming\Installer.dat
    2016-10-21 15:50 - 2016-10-21 15:50 - 00000000 ____D C:\Users\x\AppData\Roaming\WOW
    C:\Users\Public\02_17_00.dll
    C:\Users\Public\02_22_00.dll
    C:\Users\Public\03_06_00.dll
    C:\Users\Public\03_33_00.dll
    C:\Users\Public\04_03_04.dll
    C:\Users\Public\05_07_00.dll
    C:\Users\Public\05_15_00.dll
    C:\Users\Public\05_34_00.dll
    C:\Users\Public\07_09_00.dll
    C:\Users\Public\07_10_00.dll
    C:\Users\Public\08_37_00.dll
    C:\Users\Public\08_39_00.dll
    C:\Users\Public\08_51_00.dll
    C:\Users\Public\09_33_00.dll
    C:\Users\Public\09_35_00.dll
    C:\Users\Public\09_46_02.dll
    C:\Users\Public\09_47_00.dll
    C:\Users\Public\10_05_00.dll
    C:\Users\Public\10_07_00.dll
    C:\Users\Public\10_23_00.dll
    C:\Users\Public\11_15_04.dll
    C:\Users\Public\11_42_00.dll
    C:\Users\Public\12_55_00.dll
    C:\Windows\Tasks\{77D63CBC-38D1-57FD-6DAE-440F05BA322E}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #9 30 Paź 2016 18:15
    komandos1607
    Poziom 7  

    Ok zrobilam wszystko zgodnie ze wskazówkami. Czy powinnam cos zrobic dalej?

    0
  • #10 30 Paź 2016 18:21
    krzychupar
    Poziom 41  

    Jak problem ustąpił to usuń folder C:\FRST i zamknij temat.

    0
  • #11 30 Paź 2016 18:22
    komandos1607
    Poziom 7  

    Ok, dzieki wielkie za pomoc i poswiecony czas, pozdrawiam! :)

    0