Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć safe finder? - Logi z FRST

virus1991 10 Gru 2015 12:04 555 2
  • Pomocny post
    #2 10 Gru 2015 12:16
    Kolobos
    Spec od komputerów

    Zainstaluj https://support.microsoft.com/en-us/kb/2545227

    Fixlist.txt dla Frst:
    Task: {356AA9F7-B4BC-45E9-999E-1493C105F47A} - System32\Tasks\psv_Physjob => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Sailex.reg" &amp; del "C:\ProgramData\Zonzap\Sailex.reg" &amp; SCHTASKS /Delete /TN "psv_Physjob" /F <==== UWAGA
    Task: {487A4D4D-2C09-4230-850C-B66EECC66A47} - System32\Tasks\psv_Dingtone => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Plus-Fax.reg" &amp; del "C:\ProgramData\Zonzap\Plus-Fax.reg" &amp; SCHTASKS /Delete /TN "psv_Dingtone" /F <==== UWAGA
    Task: {7049533F-8229-4EB8-AB3D-DB9CBD1F89C6} - System32\Tasks\psv_Sanis => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\RanLamdom.reg" &amp; del "C:\ProgramData\Zonzap\RanLamdom.reg" &amp; SCHTASKS /Delete /TN "psv_Sanis" /F <==== UWAGA
    Task: {7B975DAF-5DA2-4C52-A229-DD4C478D3564} - System32\Tasks\close sysprep => C:\rpktools\closesysprep.bat [2014-07-04] ()
    Task: {E40490CD-071D-4802-8E0A-A829BF834351} - System32\Tasks\psv_Stringtam => cmd.exe /c regedit.exe /s "C:\ProgramData\Zonzap\Zendax.reg" &amp; del "C:\ProgramData\Zonzap\Zendax.reg" &amp; SCHTASKS /Delete /TN "psv_Stringtam" /F <==== UWAGA
    (© 2015 Microsoft Corporation) C:\Users\Maria\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKU\S-1-5-21-3118358175-3456465161-1876326620-1000\...\Run: [BingSvc] => C:\Users\Maria\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-06] (© 2015 Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Zonzap\Indigofan.dll => C:\ProgramData\Zonzap\Indigofan.dll [518656 2015-10-23] ()
    AppInit_DLLs-x32: C:\ProgramData\Zonzap\Ranin.dll => C:\ProgramData\Zonzap\Ranin.dll [320512 2015-10-23] ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3118358175-3456465161-1876326620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-3118358175-3456465161-1876326620-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3118358175-3456465161-1876326620-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
    S2 Zonzap; C:\ProgramData\\Zonzap\\Zonzap.exe -f "C:\ProgramData\\Zonzap\\Zonzap.dat" -l -a
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2015-12-10 10:43 - 2015-12-10 10:43 - 00019172 _____ C:\ComboFix.txt
    2015-12-10 10:37 - 2015-12-10 10:43 - 00000000 ____D C:\Qoobox
    2015-12-10 10:37 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-10 10:37 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-10 10:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-10 10:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-10 10:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-10 10:37 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-10 10:37 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-10 10:37 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2015-12-09 20:02 - 2015-10-23 10:38 - 00000000 ____D C:\ProgramData\Zonzap
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0
  • #3 10 Gru 2015 12:31
    virus1991
    Poziom 6  

    Dziękuje za pomoc :)

    0