Problem z SafeFinder

kamil.gapec · 6 Maj 2017 08:31

Jak wyżej czytałem o tym ze jest to wirus poradziłem sobie z usunięciem go z przeglądarek (przynajmniej tak mi sie wydaje) ale widnieje cały czas w panelu starowania i nie mogę sobie poradzić z usunięciem go ponieważ gdy klikam odinstaluj nic się nie dzieje
Prosiłbym o pomoc.

Addition.txt (24,9 KB)

FRST.txt (20,5 KB)

Shortcut.txt (56,5 KB)

Atis · 6 Maj 2017 11:28

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CreateRestorePoint: CloseProcesses: WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA HKLM\...\Providers\sgm54v1z: C:\Program Files\Jwerpygropich Verfier\local32spl.dll C:\Program Files\Jwerpygropich Verfier AppInit_DLLs: C:\ProgramData\AppmallosayoV\Truejob.dll => Brak pliku C:\ProgramData\AppmallosayoV ShellExecuteHooks: Brak nazwy - {358517C8-3079-11E7-B608-64006A5CFC23} - C:\Program Files\Vopeiedpripercult\Piliatzech.dll -> Brak pliku C:\Program Files\Vopeiedpripercult ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku HKU\S-1-5-21-3404149883-1014334680-1768944144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope - brak wartości CHR Profile: C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-05-05] <==== UWAGA OPR Extension: (Tables) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-05-05] OPR Extension: (Fast search) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-05] S2 AppmallosayoV; C:\ProgramData\\AppmallosayoV\\AppmallosayoV.exe shuz -f "C:\ProgramData\\AppmallosayoV\\AppmallosayoV.dat" -l -a S3 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S3 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X] S3 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X] S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X] R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [176552 2017-04-18] () 2017-05-05 19:17 - 2017-05-06 09:56 - 00000000 ____D C:\AdwCleaner 2017-05-05 17:57 - 2017-05-05 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Giwech 2017-05-05 17:57 - 2017-05-05 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\708841 2017-05-05 17:57 - 2017-05-05 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\595699 2017-05-05 17:57 - 2017-05-05 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\379993 2017-05-05 17:57 - 2017-05-05 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Reudertionsufoch 2017-05-05 17:46 - 2017-05-05 17:46 - 00000000 ____D C:\Program Files\Common Files\Volhold 2017-05-05 17:43 - 2017-05-05 18:43 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Giwech 2017-05-05 17:42 - 2017-05-05 17:43 - 00000000 ____D C:\Users\Kamil\AppData\Local\Busach 2017-05-05 14:45 - 2017-05-05 15:07 - 00000000 ___SD C:\Users\Kamil\AppData\LocalLow\Temp 2017-05-05 14:28 - 2017-05-05 14:28 - 01212728 _____ (Kacamife ) C:\Users\Kamil\Downloads\uTorrent-13270-AsystentPobierania.exe 2017-05-05 14:25 - 2017-05-05 14:25 - 01212728 _____ (Kacamife ) C:\Users\Kamil\Downloads\Free-Torrent-Download-57214-AsystentPobierania.exe 2017-04-27 15:14 - 2017-04-27 15:15 - 00000000 ____D C:\Users\Kamil\AppData\Local\tkdata 2017-04-24 21:44 - 2017-05-05 18:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\tkdata 2017-04-24 21:44 - 2017-04-24 21:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\CEF 2017-04-18 09:12 - 2017-04-18 09:12 - 00176552 _____ C:\Windows\system32\Drivers\cryptfd.sys 2017-05-05 17:45 - 2017-05-05 17:45 - 7290368 _____ () C:\Users\Kamil\AppData\Local\agent.dat 2017-05-05 17:45 - 2017-05-05 17:44 - 1634816 _____ (TODO: <Company name>) C:\Users\Kamil\AppData\Local\GeoTouch.exe 2017-05-05 17:45 - 2017-05-05 17:45 - 1895968 _____ () C:\Users\Kamil\AppData\Local\GeoTouch.tst 2017-05-05 17:44 - 2017-05-05 17:44 - 0016176 _____ () C:\Users\Kamil\AppData\Local\InstallationConfiguration.xml 2017-05-05 17:44 - 2017-05-05 17:44 - 0140800 _____ () C:\Users\Kamil\AppData\Local\installer.dat 2017-05-05 17:45 - 2017-05-05 17:45 - 0018432 _____ () C:\Users\Kamil\AppData\Local\Main.dat 2017-05-05 17:45 - 2017-05-05 17:45 - 0005568 _____ () C:\Users\Kamil\AppData\Local\md.xml 2017-05-05 17:45 - 2017-05-05 17:45 - 0126464 _____ () C:\Users\Kamil\AppData\Local\noah.dat ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DCC411F0-3DB3-4F13-94CF-E0EB947D2D29} Hosts: EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

kamil.gapec · 7 Maj 2017 07:22

Fixlog.txt (12,0 KB)

FRST.txt (16,2 KB)

Atis · 7 Maj 2017 20:53

Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

kamil.gapec · 8 Maj 2017 11:27

Dziekuje za pomoc