Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe finder- jak usunąć Safe Finder?

gocha15190 02 Kwi 2017 16:07 600 3
  • CControls
  • #2 02 Kwi 2017 16:28
    krzychupar
    Poziom 41  

    Odinstaluj:
    SafeFinder (HKLM-x32\...\{D0475CA7-FC4A-4F18-8E2E-F8B3D34C84CD}) (Version: 1.0.0.0 - Linkury) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {02E3E22D-7EB1-451A-8F8D-EC1158799962} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {1A794E99-07CD-4233-ABC5-ADCC02DE030F} - System32\Tasks\{6F5FB605-8799-446B-A4F2-C1F110C79204} => pcalua.exe -a D:\EasySetupAssistant\TD-W8951ND\TD-W8951ND.exe -d D:\EasySetupAssistant\TD-W8951ND
    Task: {1B5CC282-A524-4E23-B281-DFE86A955E2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {2C8D04C1-6A95-47E9-8361-E1CF1A5AF25A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {326824F6-ACD4-40B7-B9A0-1EE731A272A0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {3FC78EF8-F6BE-4B57-BF1C-29A0BC8310C8} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA
    Task: {508B99C1-873D-4700-B86F-16E9A3138906} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {622D91FA-D25C-4B3D-9812-B9A45214244F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {62E030EA-2CA7-419A-B99D-7BDFEACF9358} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {6485E7F9-E109-4D18-BF39-AD59E9DF111A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {897A9F86-CBD3-4527-8973-7CF82D0C1FBD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {91B31799-CF40-4211-81CB-C28443255DD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {92B7CBD7-A3C8-4345-AE50-F66EA5B9FF77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {A7075F99-CCA4-495B-B3D8-D3C7CC437B36} - System32\Tasks\{68134BFC-45D3-420D-915B-7648064E62BF} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Maintenance=2
    Task: {ABEDCF92-D904-4FC3-B428-54E7ACAF54F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {E55E4039-EE47-4E28-9D52-16247CB9B267} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {FB7BACEE-351F-4CFC-9E08-384BF76DBF8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    SearchScopes: HKU\S-1-5-21-1250248710-3106306559-1672372988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={EFD84DF5-C011-4A4F-92A2-215C8BE57D32}&mid=ed4fa8097e0247d1add4326b32726231-2d56e6d4e9e5530d7927544837a64543b67c2392&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-11-12 14:36:20&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}




    BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => Brak pliku
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Brak pliku
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
    CHR HomePage: Default -> search.ask.com/?gct=hp
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
    U0 aswVmm; Brak ImagePath
    U3 idsvc; Brak ImagePath
    2017-04-02 14:34 - 2017-04-02 14:44 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • CControls
  • Pomocny post
    #3 02 Kwi 2017 16:29
    Kolobos
    Spec od komputerów

    Wiesz, ze ta infekcja szyfruje pliki na dysku?!
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ.exe
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ (2).exe
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ (1).exe

    Nie sciagaj takich rzeczy i nie uruchamiaj! To samo dotyczy ReimageRepair.

    Odinstaluj:
    Adobe Reader 9.1 - Polish
    Java(TM) 6 Update 20 (64-bit)
    SafeFinder

    Zainstaluj najnowsza wersje AR lub Foxit: http://ninite.com/foxit/
    Do tego Java -> http://ninite.com/java/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {02E3E22D-7EB1-451A-8F8D-EC1158799962} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {1A794E99-07CD-4233-ABC5-ADCC02DE030F} - System32\Tasks\{6F5FB605-8799-446B-A4F2-C1F110C79204} => pcalua.exe -a D:\EasySetupAssistant\TD-W8951ND\TD-W8951ND.exe -d D:\EasySetupAssistant\TD-W8951ND
    Task: {1B5CC282-A524-4E23-B281-DFE86A955E2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {2C8D04C1-6A95-47E9-8361-E1CF1A5AF25A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {326824F6-ACD4-40B7-B9A0-1EE731A272A0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {3FC78EF8-F6BE-4B57-BF1C-29A0BC8310C8} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA
    Task: {508B99C1-873D-4700-B86F-16E9A3138906} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {622D91FA-D25C-4B3D-9812-B9A45214244F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {62E030EA-2CA7-419A-B99D-7BDFEACF9358} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {6485E7F9-E109-4D18-BF39-AD59E9DF111A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {897A9F86-CBD3-4527-8973-7CF82D0C1FBD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {91B31799-CF40-4211-81CB-C28443255DD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {92B7CBD7-A3C8-4345-AE50-F66EA5B9FF77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {A7075F99-CCA4-495B-B3D8-D3C7CC437B36} - System32\Tasks\{68134BFC-45D3-420D-915B-7648064E62BF} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Maintenance=2
    Task: {ABEDCF92-D904-4FC3-B428-54E7ACAF54F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {E55E4039-EE47-4E28-9D52-16247CB9B267} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {FB7BACEE-351F-4CFC-9E08-384BF76DBF8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\euro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    HKU\S-1-5-21-1250248710-3106306559-1672372988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    HKU\S-1-5-21-1250248710-3106306559-1672372988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
    SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1250248710-3106306559-1672372988-1000 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1250248710-3106306559-1672372988-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1250248710-3106306559-1672372988-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={EFD84DF5-C011-4A4F-92A2-215C8BE57D32}&mid=ed4fa8097e0247d1add4326b32726231-2d56e6d4e9e5530d7927544837a64543b67c2392&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-11-12 14:36:20&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1250248710-3106306559-1672372988-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
    CHR HomePage: Default -> search.ask.com/?gct=hp
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Extension: (Friendly Print Gmail) - C:\Users\euro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciiagihjnceooeicjijdnmhpdhlahmao [2017-03-25]
    C:\Users\euro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciiagihjnceooeicjijdnmhpdhlahmao
    CHR HKLM\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [aaaacnnimempmlomnnhdkimkfahjplfp] - hxxps://clients2.google.com/service/update2/crx
    2017-04-02 14:34 - 2017-04-02 14:44 - 00000000 ____D C:\AdwCleaner
    2017-04-02 14:13 - 2017-04-02 14:13 - 00685448 _____ (Reimage®) C:\Users\euro\Desktop\AntiToolbar.exe
    2017-04-02 13:48 - 2017-04-02 13:51 - 00881904 _____ (Plumbytes Software) C:\Users\euro\Downloads\antimalwaresetup.exe
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ.exe
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ (2).exe
    2017-04-01 18:28 - 2017-04-01 18:28 - 00065536 _____ C:\Users\euro\Downloads\Ϲһromе fоnṫ (1).exe
    2017-03-30 12:48 - 2017-03-30 12:48 - 00604928 _____ (Reimage) C:\Users\euro\Downloads\ReimageRepair (2).exe
    2017-03-29 11:57 - 2017-03-29 11:58 - 00604928 _____ (Reimage) C:\Users\euro\Downloads\ReimageRepair (1).exe
    2015-09-15 08:06 - 2015-09-15 08:06 - 6420480 _____ () C:\Program Files (x86)\GUT5D4C.tmp
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    0
  • #4 03 Kwi 2017 11:37
    gocha15190
    Poziom 1  

    Dziękuję bardzo za pomoc! Wszystko juz działa.

    To mamy komputer, juz ją poinstruowalam, żeby nie ściągala takich rzeczy.
    Jeszcze raz dziękuję.

    0