Safe finder


(Kavsa2) #1

Złapałam safe findera i nie umiem się go pozbyć :( Może mi ktoś łopatologicznie wytłumaczyć jak to zrobić? 

adw cleaner już nic nie wykrywa

Raporty z FRST

http://www.wklej.org/hash/1082fd9cf5d/


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Kliknij Skanuj (Scan) i pokaż nowy raport  FRST i Addition.

 


(Kavsa2) #3

http://www.wklej.org/id/1926952/


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [pcmgr] = C:\Program Files (x86)\ppt\Uninst.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\ProgramData\dlohn\X-zamtex.dll = C:\ProgramData\dlohn\X-zamtex.dll [805376 2016-02-01] ()
AppInit_DLLs-x32: C:\ProgramData\dlohn\Quadkeybam.dll = C:\ProgramData\dlohn\Quadkeybam.dll [257536 2016-02-01] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] - {B7667919-3765-4815-A66D-98A09BE662D6} =  Brak pliku
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
CHR HomePage: Default - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdsewbU5trFmL6piYoQCJmyTc7_JBclCuqRYzZkutoAKYBltWBzm73Y1MLV9G_AFFQK8XuxKUPgtcm6FALQLlU1gOQoLVGbgwswyR4-OI8MO4e0QRzubFbxjJUCDErSxuaoFrR4JUHUG-O3cvJVPDRX8oF2E
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
R2 dlohn; C:\ProgramData\\dlohn\\dlohn.exe [531456 2016-02-01] () [Brak podpisu cyfrowego]
S2 eebxpdatedownloadpi; C:\Users\Kasia\AppData\Local\Joymedia.exe [28160 2016-01-31] () [Brak podpisu cyfrowego]
R2 REACHit; C:\Program Files\REACHit\REACHit.exe [383488 2016-01-31] () [Brak podpisu cyfrowego]
S2 upyatqpyoductprh; C:\Users\Kasia\AppData\Local\Tamptone.exe [28160 2016-01-31] () [Brak podpisu cyfrowego]
S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [295096 2016-01-25] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
2016-02-01 23:15 - 2016-02-01 23:15 - 00000000 ____ D C:\Program Files (x86)\SearchesToYesbnd
2016-02-01 12:45 - 2016-02-01 12:45 - 00000000 ____ D C:\ProgramData\dlohns
2016-02-01 12:43 - 2016-02-01 23:14 - 00000000 ____ D C:\ProgramData\dlohn
File: C:\Windows\system32\dnsapi.dll
2016-01-31 19:56 - 2016-01-31 19:56 - 00000000 ____ D C:\Users\Kasia\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-01-31 19:12 - 2016-02-01 21:40 - 00000000 ____ D C:\Users\Kasia\AppData\Roaming\kingsoft
2016-01-31 19:12 - 2016-02-01 21:40 - 00000000 ____ D C:\ProgramData\lWdMl
2016-01-31 18:03 - 2016-02-01 21:40 - 00000000 ____ D C:\Users\Kasia\AppData\Roaming\LabviIjugt
2016-01-31 18:03 - 2016-02-01 21:39 - 00000000 ____ D C:\Windows\system32\kofp
2016-01-31 18:03 - 2016-01-31 18:04 - 00000000 ____ D C:\Users\Kasia\AppData\Local\Tempfolder
2016-01-31 18:02 - 2016-01-31 18:02 - 00003336 _____ C:\Windows\System32\Tasks\Tonjua
2016-01-31 18:02 - 2016-01-31 18:02 - 00000000 ____ D C:\Users\Kasia\AppData\LocalLow\Company
2016-01-31 18:01 - 2016-02-01 22:54 - 00000330 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_Kasia.job
2016-01-31 18:01 - 2016-01-31 20:11 - 00000000 ____ D C:\Users\Kasia\AppData\Local\PPTAssist
2016-01-31 18:01 - 2016-01-31 19:12 - 00000000 ____ D C:\ProgramData\kingsoft
2016-01-31 18:01 - 2016-01-31 18:01 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2016-01-31 17:49 - 2016-02-01 21:40 - 00000000 ____ D C:\Program Files\REACHit
2016-01-31 17:49 - 2016-01-31 17:49 - 00041472 _____ C:\Users\Kasia\AppData\Local\Tamptone.dat
2016-01-31 17:49 - 2016-01-31 17:49 - 00041472 _____ C:\Users\Kasia\AppData\Local\Joymedia.dat
2016-01-31 17:49 - 2016-01-31 17:49 - 00028160 _____ C:\Users\Kasia\AppData\Local\Tamptone.exe
2016-01-31 17:49 - 2016-01-31 17:49 - 00028160 _____ C:\Users\Kasia\AppData\Local\Joymedia.exe
2016-01-31 17:49 - 2016-01-31 17:49 - 00000187 _____ C:\Users\Kasia\AppData\Local\Tamptone.exe.config
2016-01-31 17:49 - 2016-01-31 17:49 - 00000187 _____ C:\Users\Kasia\AppData\Local\Joymedia.exe.config
2016-01-31 17:48 - 2016-02-01 21:40 - 00000000 ____ D C:\Program Files (x86)\WinTaske
2016-01-31 17:48 - 2016-02-01 21:40 - 00000000 ____ D C:\Program Files (x86)\Winsere
2016-01-29 00:04 - 2016-01-30 13:08 - 00014228 ____ H C:\Users\Kasia\Desktop\~WRL3554.tmp
2016-01-02 02:03 - 2016-01-02 21:54 - 00000000 ____ D C:\ProgramData\tmp
2016-02-01 23:11 - 2015-11-12 23:33 - 00000000 ____ D C:\AdwCleaner
Task: {16FB7075-08E8-4CA3-8A62-B236969610FF} - System32\Tasks\{5822A2F6-C430-44AD-8502-648F38E6883E} = pcalua.exe -a C:\Users\Kasia\Desktop\sp71815.exe -d C:\Users\Kasia\Desktop
Task: {4AE9420E-06B3-4051-A221-4EA9EE7AC76D} - System32\Tasks\Tonjua = C:\PROGRA~1\GROOVE~1\Dyees.bat
C:\PROGRA~1\GROOVE~1\Dyees.bat
Task: {6824E366-813A-4544-B310-60C6E9A3B31A} - System32\Tasks\{AA849AA5-1DE3-4B5E-A67D-9365CBF14078} = pcalua.exe -a C:\Users\Kasia\AppData\Local\PPTAssist\utility\uninst.exe
Task: {EE8F609C-1538-492B-879A-DC1219BC01E9} - System32\Tasks\WinTaske = C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-01-25] ()
Task: {E39C02AD-C9E5-461C-9AF7-886F33D35C67} - System32\Tasks\{312E2464-42A7-4D6D-A932-F414D77E5B08} = pcalua.exe -a C:\Users\Kasia\Downloads\sp55364.exe -d C:\Users\Kasia\Downloads
Task: C:\Windows\Tasks\PPTAssistantNotifyTask_Kasia.job = C:\Users\Kasia\AppData\Local\PPTAssist\notify.exe
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

 


(Kavsa2) #5

Na pierwszy rzut oka chrome wygląda już dobrze :smiley:


(Atis) #6

Usuń szkodliwą stronę startową i  wyszukiwarkę:


(Kavsa2) #7

Bardzo dziękuję! Sama nie dałabym z tym rady :slight_smile: