Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus safe finder - brak pomysłu jak usunąć :/

dominika288 28 Paź 2015 18:55 867 3
  • CControls
  • Pomocny post
    #2 28 Paź 2015 19:14
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus,VshareComplete. Otwórz notatnik systemowy i wklej:

    Cytat:
    CustomCLSID: HKU\S-1-5-21-946183883-2892840864-3245604088-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lidia\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Brak pliku
    Task: {124EE759-6C5E-4E29-86B1-2A5CEDB95010} - System32\Tasks\psv_Zaamdax => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Donsoldex.reg" &amp; del "C:\ProgramData\Zonzap\Donsoldex.reg" &amp; SCHTASKS /Delete /TN "psv_Zaamdax" /F <==== UWAGA
    Task: {1E2483EF-D399-476A-90D9-E0DDA6B381C5} - System32\Tasks\{F35046C5-6E00-4FFA-8299-C8090A67AB1C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Sao-Flex\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Sao-Flex\uninstall.dat" -a uninstallme 2F6ABC37-5768-4941-8DAE-60E42D8B1325 DeviceId=efff0a2c-80d4-52d9-c656-6fc9aafc7404 BarcodeId=50028003 ChannelId=3 DistributerName=APSFIsc
    Task: {22259105-613C-4940-BFA9-0628ACEDF2B8} - System32\Tasks\psv_RanHottrax => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Y-it.reg" &amp; del "C:\ProgramData\Zonzap\Y-it.reg" &amp; SCHTASKS /Delete /TN "psv_RanHottrax" /F <==== UWAGA
    Task: {2AC747F0-6D39-4FB9-80F8-B1A9E3BEE1C1} - \BrowserProtect -> Brak pliku <==== UWAGA
    Task: {56F77267-9DB7-4628-AF03-13D3A451F592} - System32\Tasks\psv_Biofax => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\FaxTax.reg" &amp; del "C:\ProgramData\Zonzap\FaxTax.reg" &amp; SCHTASKS /Delete /TN "psv_Biofax" /F <==== UWAGA
    Task: {F05D0E65-CBA6-4003-9D89-2FF7F531EBF2} - System32\Tasks\psv_Zummain => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Rounddox.reg" &amp; del "C:\ProgramData\Zonzap\Rounddox.reg" &amp; SCHTASKS /Delete /TN "psv_Zummain" /F <==== UWAGA
    Task: C:\Windows\Tasks\Norton Security Scan for Lidia.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
    AppInit_DLLs: C:\ProgramData\Zonzap\Opefax.dll => C:\ProgramData\Zonzap\Opefax.dll [518656 2015-10-20] ()
    AppInit_DLLs-x32: C:\ProgramData\Zonzap\Ozercom.dll => C:\ProgramData\Zonzap\Ozercom.dll [320512 2015-10-20] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-21]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...toshibaxmk2565gsx_50bas181sxx50bas181s&q={searchTerms}




    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...toshibaxmk2565gsx_50bas181sxx50bas181s&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Cze99WqqcB2mwsHjVSNINFX-IgxIwSmDrkng,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {A4ADC789-A7A3-4CEE-B287-788B4FBFFE0D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E11EBDB6-D8CD-406C-B636-F4F867F69A29} URL = hxxp://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByC0ByC0EyBtByDtAtDtCzy0FyD0DtN0D0TzutBtDtCtCtDzztCtC&cr=262192411
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {342F6241-3B24-4129-95DE-1D56D4BA579B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {36668FFD-7809-43FB-A609-999C5A7AB5FE} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=4134a228-18c6-11e1-917e-00266c4ec104&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {4DDE11E4-BE8A-4DB6-AE60-A00F249BD091} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {A4ADC789-A7A3-4CEE-B287-788B4FBFFE0D} URL =
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {D0BAB654-1519-4F81-B401-C82A03F8EDC2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {E11EBDB6-D8CD-406C-B636-F4F867F69A29} URL = hxxp://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtByC0ByC0EyBtByDtAtDtCzy0FyD0DtN0D0TzutBtDtCtCtDzztCtC&cr=262192411
    SearchScopes: HKU\S-1-5-21-946183883-2892840864-3245604088-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Cze99WqqcB2mwsHjVSNINFX-IgxIwSmDrkng,,&q={searchTerms}
    U3 DfSdkS; Brak ImagePath
    2015-10-26 19:35 - 2015-10-26 19:35 - 00003558 _____ C:\Windows\System32\Tasks\{F35046C5-6E00-4FFA-8299-C8090A67AB1C}
    2015-10-24 07:11 - 2015-10-24 07:11 - 00003250 _____ C:\Windows\System32\Tasks\psv_RanHottrax
    2015-10-24 07:11 - 2015-10-24 07:11 - 00003250 _____ C:\Windows\System32\Tasks\psv_Biofax
    2015-10-24 07:10 - 2015-10-24 07:10 - 00003260 _____ C:\Windows\System32\Tasks\psv_Zummain
    2015-10-23 11:19 - 2015-10-23 11:19 - 00003264 _____ C:\Windows\System32\Tasks\psv_Zaamdax
    2015-10-20 21:07 - 2015-10-24 16:56 - 00000000 ____D C:\ProgramData\Zonzap
    2015-10-20 21:07 - 2015-10-24 07:10 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
    2015-10-20 21:07 - 2015-10-20 21:07 - 00000000 ____D C:\ProgramData\Zonzaps
    2015-10-20 15:26 - 2015-10-20 15:26 - 00000000 ____D C:\Program Files (x86)\RayDld
    2011-03-31 19:39 - 2013-08-02 22:59 - 0003102 _____ () C:\Users\Lidia\AppData\Roaming\wklnhst.dat
    2010-11-14 12:49 - 2010-11-14 21:04 - 0002432 _____ () C:\Users\Lidia\AppData\Local\Tempcnn236.html
    2010-09-14 19:37 - 2010-09-14 20:51 - 0002432 _____ () C:\Users\Lidia\AppData\Local\Tempdtl344.html
    2010-09-15 18:02 - 2010-09-15 18:03 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempgJN732.html
    2010-12-01 18:21 - 2010-12-01 22:38 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TemphCE812.html
    2010-12-01 18:21 - 2010-12-01 22:38 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempJcf812.html
    2010-11-25 17:31 - 2010-11-25 21:48 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempjEa588.html
    2010-11-19 09:54 - 2010-11-19 10:16 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempjoK772.html
    2010-12-04 21:20 - 2010-12-04 22:47 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempkMm628.html
    2010-12-27 09:43 - 2010-12-27 09:51 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempLCn704.html
    2010-11-19 09:54 - 2010-11-19 10:16 - 0002432 _____ () C:\Users\Lidia\AppData\Local\Tempmyu772.html
    2010-09-14 19:37 - 2010-09-14 20:51 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempNWY344.html
    2010-11-19 19:53 - 2010-11-19 23:18 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempQAA416.html
    2010-11-19 19:53 - 2010-11-19 23:18 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempSXM416.html
    2010-11-25 17:31 - 2010-11-25 21:48 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempsXQ588.html
    2010-11-14 12:49 - 2010-11-14 21:04 - 0002089 _____ () C:\Users\Lidia\AppData\Local\TempwGv236.html
    2010-12-04 21:20 - 2010-12-04 22:47 - 0002432 _____ () C:\Users\Lidia\AppData\Local\TempxZp628.html
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • #3 28 Paź 2015 20:02
    dominika288
    Poziom 2  

    Wygląda na to że wszystko jest ok. Dziękuję bardzo za pomoc ! :D

    0
  • #4 28 Paź 2015 20:08
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.

    0