Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe Finder! Jak usunąć? Logi z FRST

mik_e21 07 Paź 2018 21:47 147 10
  • Pomocny post
    #2 07 Paź 2018 22:01
    RADU23
    Moderator - Komputery Serwis

    Otwórz notatnik i wklej zawartość:

    Cytat:
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {01a2d8fc-9958-11e6-aa41-001999b5ed44} - F:\LGAutoRun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {01a2d92a-9958-11e6-aa41-001999b5ed44} - G:\AutoRun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {01a2d93a-9958-11e6-aa41-001999b5ed44} - G:\AutoRun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {0e8e5d29-692e-11e6-b3c8-001999b5ed44} - F:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {2a0b9767-a7a3-11e7-9bb7-001999b5ed44} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {56d3b79b-0e1b-11e6-a30e-001999b5ed44} - autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {5a2c3f1c-4101-11e6-aac3-001999b5ed44} - G:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {9cf90d9b-a6d2-11e7-b4cd-001999b5ed44} - F:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {9cf90da2-a6d2-11e7-b4cd-001999b5ed44} - F:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {c2092515-cddb-11e7-90f3-001999b5ed44} - E:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {c2092598-cddb-11e7-90f3-001999b5ed44} - E:\autorun.exe
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\MountPoints2: {e560f074-94ac-11e6-8cae-ae6d1c7f3b28} - F:\autorun.exe
    ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (Brak pliku)
    GroupPolicy\User: Ograniczenia ? <==== UWAGA
    GroupPolicyUsers\S-1-5-21-233488157-739985543-3569218801-1001\User: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-233488157-739985543-3569218801-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox




    SearchScopes: HKU\S-1-5-21-233488157-739985543-3569218801-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-233488157-739985543-3569218801-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 [nie znaleziono] <==== UWAGA
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-233488157-739985543-3569218801-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Brak pliku]
    CHR HKU\S-1-5-21-233488157-739985543-3569218801-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-233488157-739985543-3569218801-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    "udeapzpj" => serwis został odblokowany. <==== UWAGA
    S2 udeapzpj; C:\Windows\SysWOW64\udeapzpj\szmmpasn.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S4 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S3 cpuz138; C:\Users\user\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2017-01-05] (CPUID) <==== UWAGA
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2018-09-30 21:21 - 2018-09-30 21:22 - 000000000 ____D C:\AdwCleaner
    SafeFinder1 (HKLM-x32\...\{25BDCD95-D219-42BF-A32D-E171B44CF6F1}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    Task: {336529D7-6DD2-49C7-8DE3-2DE4C7B06726} - \FastDataX Task -> Brak pliku <==== UWAGA
    Task: {395E6F94-0706-4693-AB9E-BDD059484F09} - \YoutubeDownloader -> Brak pliku <==== UWAGA
    Task: {56A3C29F-BAAD-46B3-89DA-A98911C442F2} - \WarThunder3 -> Brak pliku <==== UWAGA
    Task: {63F62790-70CD-48E8-A9A9-B52CCF5E02B6} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {6543BB94-0009-4099-94D9-011E56EE05F2} - \YoutubeDownloader_upd -> Brak pliku <==== UWAGA
    Task: {93595848-495A-4122-A9AC-346160580D4C} - \Opera scheduled Autoupdate 2796787680 -> Brak pliku <==== UWAGA
    Task: {B9D5352C-6BA9-44B7-9B92-D96029F914F9} - \WarThunder2 -> Brak pliku <==== UWAGA
    Task: {C8FB9847-FCB5-40F5-9F3C-D82AB72FAFE2} - \WordFly Auto Updater 1.10.0.28 Pending Update -> Brak pliku <==== UWAGA
    Task: {DDB5C1A0-5C33-4166-B6E6-A4140ABBA399} - \WordFly Auto Updater 1.10.0.28 Core -> Brak pliku <==== UWAGA


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #4 07 Paź 2018 23:15
    krzychupar
    Poziom 40  

    Zamieść nowe logi z FRST.

    0
  • Pomocny post
    #6 07 Paź 2018 23:46
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Task: {1793AD87-1664-4E6F-AE65-8F258BA645C2} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {975C29BF-BDDA-4E7C-A3F0-72B8EF2AEFB9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-14] (AVAST Software)
    Hosts:
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-233488157-739985543-3569218801-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {5a2c3f1c-4101-11e6-aac3-001999b5ed44} - G:\autorun.exe
    ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (Brak pliku)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\urgrffrv.lnk [2018-09-30]
    ShortcutTarget: urgrffrv.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    FF Homepage: Mozilla\Firefox\Profiles\acn2gtry.default -> hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pl-pl
    hxxps://www.google.com/?trackid=sp-006
    FF NewTab: Mozilla\Firefox\Profiles\acn2gtry.default -> about:newtab
    FF Extension: (Bing Search) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\acn2gtry.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-27] [Przestarzałe]
    FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\acn2gtry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16] [Przestarzałe]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [nie znaleziono]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\acn2gtry.default\searchplugins\bing-.xml [2015-11-27]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\acn2gtry.default\searchplugins\google-avast.xml [2015-11-28]
    CHR StartupUrls: Default -> "hxxp://google.pl/","hxxp://fortresscatalogue.com/"
    2018-10-07 22:33 - 2018-10-07 22:33 - 000000000 ____D C:\AdwCleaner
    2017-05-21 14:45 - 2017-05-21 14:45 - 000000063 _____ () C:\Users\user\AppData\Local\emaildefaults
    2018-09-30 18:40 - 2018-09-30 18:40 - 000140800 _____ () C:\Users\user\AppData\Local\installer.dat
    2017-05-30 22:29 - 2017-05-30 22:29 - 000000039 _____ () C:\Users\user\AppData\Local\kritadisplayrc
    2017-05-21 14:45 - 2017-05-30 22:29 - 000015774 _____ () C:\Users\user\AppData\Local\kritarc
    2018-09-26 21:52 - 2018-09-26 21:52 - 000010427 _____ () C:\Users\user\AppData\Local\recently-used.xbel
    2016-01-27 18:33 - 2016-01-27 18:33 - 000007597 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
    2017-04-29 01:47 - 2017-04-29 01:47 - 000003225 _____ () C:\Users\user\AppData\Local\unins000.dat
    2017-04-29 01:47 - 2017-04-29 01:47 - 000711640 _____ () C:\Users\user\AppData\Local\unins000.exe
    2017-04-29 01:47 - 2017-04-29 01:47 - 000011761 _____ () C:\Users\user\AppData\Local\unins000.msg
    2016-02-25 14:57 - 2016-02-25 14:57 - 000000000 _____ () C:\Users\user\AppData\Local\{1A61F38F-6A25-4DF3-879D-D5BFD925EB40}
    2016-09-28 14:02 - 2016-09-28 14:02 - 000000000 _____ () C:\Users\user\AppData\Local\{8EE8C89C-FAFA-4600-8161-62CD56F82929}
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #8 08 Paź 2018 09:39
    Kolobos
    Spec od komputerów

    Uruchom regedit, odszukaj SafeFinder1 lub 25BDCD95-D219-42BF-A32D-E171B44CF6F1 (az znajdzie w kluczu uninstall) i usun.

    Odinstaluj SpyHunter

    Zaktualizuj Mbam i sprawdz czy nadal tworzy pliki w
    C:\Windows\SysWOW64\*.quar
    C:\Windows\system32\*.quar_temp
    C:\Windows\SysWOW64\*.data
    (same pliki mozesz usunac)

    Wykonaj Fixlist.txt dla FRST:
    (EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
    (EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-233488157-739985543-3569218801-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)
    HKU\S-1-5-21-233488157-739985543-3569218801-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {5a2c3f1c-4101-11e6-aac3-001999b5ed44} - G:\autorun.exe
    Startup: C:\Users\Kuba i Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2016-03-28]
    ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (Brak pliku)
    C:\Users\Kuba i Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk
    R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-09-30] (EnigmaSoft Limited)
    R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-09-30] (EnigmaSoft Limited)
    R3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-10-08] (EnigmaSoft Limited)
    2018-10-08 00:13 - 2018-10-08 00:13 - 000000000 ____D C:\AdwCleaner
    2018-09-30 18:50 - 2018-10-08 00:12 - 000061624 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
    2018-09-30 18:50 - 2018-09-30 19:23 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
    2018-09-30 18:50 - 2018-09-30 18:50 - 000000000 ____D C:\sh5ldr
    2018-09-30 18:50 - 2018-09-30 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
    2018-09-30 18:48 - 2018-09-30 18:48 - 000000000 ____D C:\Program Files\EnigmaSoft
    2018-09-30 18:46 - 2018-09-30 18:48 - 000000000 ____D C:\Users\user\AppData\Local\GoogleChromeUserData
    2018-09-30 18:46 - 2018-09-30 18:46 - 000000000 ____D C:\Windows\SysWOW64\udeapzpj
    2018-09-30 18:45 - 2018-09-30 19:51 - 000000000 ____D C:\Users\user\AppData\Roaming\mcj3iswkp2g
    2018-09-30 18:45 - 2018-09-30 19:51 - 000000000 ____D C:\Program Files\T7H8YCJ37M
    2018-09-30 18:45 - 2018-09-30 18:52 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-09-30 18:45 - 2018-09-30 18:46 - 000000000 ____D C:\Users\user\AppData\Local\GoogleChromeApplication
    2018-09-30 18:43 - 2018-09-30 19:51 - 000000000 ____D C:\Users\user\AppData\Roaming\wrj1d4plzwa
    2018-09-30 18:43 - 2018-09-30 18:43 - 000000000 ____D C:\Program Files (x86)\4efd56ba-5963-1
    2018-09-30 18:41 - 2018-09-30 19:51 - 000000000 ____D C:\Program Files\fik Taconite Updater
    2018-09-30 18:41 - 2018-09-30 19:23 - 000000000 ____D C:\Program Files (x86)\Balls
    2018-09-30 18:40 - 2018-09-30 18:40 - 000000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics
    2018-09-30 18:39 - 2018-09-30 18:42 - 000000000 ____D C:\Users\user\AppData\Roaming\YoutubeDownloader

    0
  • Pomocny post
    #10 08 Paź 2018 18:51
    Kolobos
    Spec od komputerów

    Po wykonaniu Fixlist juz go nie odinstalujesz, zostal usuniety. Usun katalog C:\FRST i to wszystko.

    0
  • #11 08 Paź 2018 21:13
    mik_e21
    Poziom 7  

    Dzięki serdeczne Panowie, pomogliście mi bardzo!!!

    0