Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

ASUS - wirus safefinder logi z FRST

kinga1109 16 Gru 2015 16:08 666 3
  • Pomocny post
    #2 16 Gru 2015 16:29
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus, WebStorage. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {12C8807F-8FFC-4F4C-8D1C-5D7A38FF10DE} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
    Task: {25232D27-1C24-4BFA-BC7B-3E3D6E26079C} - System32\Tasks\psv_GeoEx => cmd.exe /c regedit.exe /s "C:\ProgramData\Lightzap\Opensing.reg" &amp; del "C:\ProgramData\Lightzap\Opensing.reg" &amp; SCHTASKS /Delete /TN "psv_GeoEx" /F <==== UWAGA
    Task: {3A4EEDCC-5005-47B8-8C62-94A42913F187} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe
    Task: {3A85F3B7-373A-468E-9FD9-AB64B750C931} - System32\Tasks\psv_Zentop => cmd.exe /c regedit.exe /s "C:\ProgramData\Lightzap\Zontip.reg" &amp; del "C:\ProgramData\Lightzap\Zontip.reg" &amp; SCHTASKS /Delete /TN "psv_Zentop" /F <==== UWAGA
    Task: {88FBCE76-982A-46B1-98B1-EF9C54A5B909} - System32\Tasks\psv_Viakaydox => cmd.exe /c regedit.exe /s "C:\ProgramData\Lightzap\OverNimis.reg" &amp; del "C:\ProgramData\Lightzap\OverNimis.reg" &amp; SCHTASKS /Delete /TN "psv_Viakaydox" /F <==== UWAGA
    Task: {D54E132D-7D08-408A-8343-682DAB13E618} - System32\Tasks\psv_Villakaysoft => cmd.exe /c regedit.exe /s "C:\ProgramData\Lightzap\TopCore.reg" &amp; del "C:\ProgramData\Lightzap\TopCore.reg" &amp; SCHTASKS /Delete /TN "psv_Villakaysoft" /F <==== UWAGA
    Task: {DFC3D963-1F15-4523-9A9F-229381A8BD1B} - System32\Tasks\psv_KanQuadtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Lightzap\Tamptough.reg" &amp; del "C:\ProgramData\Lightzap\Tamptough.reg" &amp; SCHTASKS /Delete /TN "psv_KanQuadtax" /F <==== UWAGA
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Lightzap\Rankkayflex.dll => C:\ProgramData\Lightzap\Rankkayflex.dll [518656 2015-12-15] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\An-Air.dll => C:\ProgramData\Lightzap\An-Air.dll [320512 2015-12-15] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-03]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-126942081-2248446550-1976647197-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...BMAanTlccOmO0C2zf9YDk38bv9r4a6PAD1Zw,,&q={searchTerms}




    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    BHO-x32: Middle Rush -> {d00ab4cc-662c-40b6-a85f-d53086f4bb16} -> C:\Program Files (x86)\Middle Rush\Extensions\d00ab4cc-662c-40b6-a85f-d53086f4bb16.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=...id=HGSTXHTS541010A9E680_JD100ACC2WAR0K2WAR0KX
    FF SelectedSearchEngine: webssearches
    FF SearchPlugin: C:\Users\A555L\AppData\Roaming\Mozilla\Firefox\Profiles\fv4xnde6.default-1450275035218\searchplugins\webssearches.xml [2015-12-16]
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
    FF Extension: YahooToolsProtected - C:\Users\A555L\AppData\Roaming\Mozilla\Firefox\Profiles\fv4xnde6.default-1450275035218\extensions\yahooprotected@gmail.com [2015-12-16] [Brak podpisu cyfrowego]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=...id=HGSTXHTS541010A9E680_JD100ACC2WAR0K2WAR0KX
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - <Brak Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursearching.com/?type=sc&ts=...id=HGSTXHTS541010A9E680_JD100ACC2WAR0K2WAR0KX
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [431104 2015-12-15] () [Brak podpisu cyfrowego]
    R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-16] (Sysinternals process Explorer) <==== UWAGA
    U0 msahci; system32\drivers\msahci.sys [X]
    2015-12-16 15:28 - 2015-12-16 15:33 - 00000000 ____D C:\Users\A555L\AppData\Roaming\yoursearching
    2015-12-16 15:28 - 2015-12-16 15:28 - 00000000 ____D C:\ProgramData\Tmp0x0x
    2015-12-16 10:48 - 2015-12-16 15:19 - 00000000 ____D C:\AdwCleaner
    2015-12-16 10:46 - 2015-12-16 10:46 - 00000000 _____ C:\Users\A555L\Downloads\yet_another_cleaner_sk_5697011.exe
    2015-12-16 09:57 - 2015-12-16 09:57 - 00003258 _____ C:\Windows\System32\Tasks\psv_Zentop
    2015-12-15 16:11 - 2015-12-15 16:11 - 00962128 _____ (Installer Soft Program ) C:\Users\A555L\Downloads\DAEMON-Tools-Lite-12708-dp.exe
    2015-12-15 15:47 - 2015-12-15 15:47 - 00000000 ____D C:\ProgramData\Lightzaps
    2015-12-15 15:46 - 2015-12-16 15:21 - 00000000 ____D C:\ProgramData\Lightzap
    2015-12-13 21:15 - 2015-12-13 21:15 - 00003134 _____ C:\Windows\System32\Tasks\{84D99F31-DEBC-4CC7-90D5-F1068E705A22}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #3 16 Gru 2015 17:07
    kinga1109
    Poziom 2  

    Dziękuje bardzo za pomoc, wszystko wydaje się być w porządku :)

    0
  • #4 16 Gru 2015 17:20
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.
    W AdwCleaner użyj opcji Uninstall.
    ASUS - wirus safefinder logi z FRST

    0