Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

SafeFinder - logi z FRST.

technotrance 04 Sty 2016 22:26 594 3
  • CControls
  • Pomocny post
    #2 04 Sty 2016 23:00
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {00EC67D6-306A-418D-9C85-1F7F842868F0} - System32\Tasks\psv_Saltfix => /c regedit.exe /s "C:\ProgramData\Lightzap\Isfax.reg" &amp; del "C:\ProgramData\Lightzap\Isfax.reg" &amp; SCHTASKS /Delete /TN "psv_Saltfix" /F <==== UWAGA
    Task: {18544C24-085B-43E1-A121-7773361411E5} - System32\Tasks\psv_Sandex => /c regedit.exe /s "C:\ProgramData\Lightzap\Konflex.reg" &amp; del "C:\ProgramData\Lightzap\Konflex.reg" &amp; SCHTASKS /Delete /TN "psv_Sandex" /F <==== UWAGA
    Task: {1F9AB599-CCC7-4647-AABD-FAA379B40C90} - System32\Tasks\psv_Stronglam => /c regedit.exe /s "C:\ProgramData\Lightzap\DoubleAir.reg" &amp; del "C:\ProgramData\Lightzap\DoubleAir.reg" &amp; SCHTASKS /Delete /TN "psv_Stronglam" /F <==== UWAGA
    Task: {31D70FFF-FE94-417C-8B37-76645D31DE33} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe
    Task: {37BF6E03-CF97-4EAC-9BF0-D4D7E31128C7} - System32\Tasks\psv_DamCanit => /c regedit.exe /s "C:\ProgramData\Lightzap\Dongtip.reg" &amp; del "C:\ProgramData\Lightzap\Dongtip.reg" &amp; SCHTASKS /Delete /TN "psv_DamCanit" /F <==== UWAGA
    Task: {4001C79F-A857-4906-B447-0DECA0F58E0C} - System32\Tasks\psv_Bigtone => /c regedit.exe /s "C:\ProgramData\Lightzap\Greentrax.reg" &amp; del "C:\ProgramData\Lightzap\Greentrax.reg" &amp; SCHTASKS /Delete /TN "psv_Bigtone" /F <==== UWAGA
    Task: {77690DB2-D9D8-4450-8774-E8B29A47311C} - System32\Tasks\psv_Cantom => /c regedit.exe /s "C:\ProgramData\Lightzap\Hottech.reg" &amp; del "C:\ProgramData\Lightzap\Hottech.reg" &amp; SCHTASKS /Delete /TN "psv_Cantom" /F <==== UWAGA
    Task: {8009F465-03C6-4F22-BA45-E9D5F660AE9D} - System32\Tasks\psv_OpenTone => /c regedit.exe /s "C:\ProgramData\Lightzap\K--Touch.reg" &amp; del "C:\ProgramData\Lightzap\K--Touch.reg" &amp; SCHTASKS /Delete /TN "psv_OpenTone" /F <==== UWAGA
    Task: {962BF626-91D3-4575-8885-E3E922D5FECE} - System32\Tasks\psv_Inchtough => /c regedit.exe /s "C:\ProgramData\Lightzap\Lalab.reg" &amp; del "C:\ProgramData\Lightzap\Lalab.reg" &amp; SCHTASKS /Delete /TN "psv_Inchtough" /F <==== UWAGA
    Task: {D1261045-0B7F-4A73-B6EB-E0F941F7F18B} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
    Task: {D663A8C4-C012-43CC-ABC1-D2FEAB93F39A} - System32\Tasks\psv_Re-Lam => /c regedit.exe /s "C:\ProgramData\Lightzap\Zoneis.reg" &amp; del "C:\ProgramData\Lightzap\Zoneis.reg" &amp; SCHTASKS /Delete /TN "psv_Re-Lam" /F <==== UWAGA
    Task: {D6B14A21-4FE5-459E-9272-D9206870BE57} - System32\Tasks\psv_SanStrong => /c regedit.exe /s "C:\ProgramData\Lightzap\Whitedontough.reg" &amp; del "C:\ProgramData\Lightzap\Whitedontough.reg" &amp; SCHTASKS /Delete /TN "psv_SanStrong" /F <==== UWAGA
    Task: {DC32DFE8-48A7-4272-8E39-923B14A84EF9} - System32\Tasks\psv_Ran-Lex => /c regedit.exe /s "C:\ProgramData\Lightzap\ReLux.reg" &amp; del "C:\ProgramData\Lightzap\ReLux.reg" &amp; SCHTASKS /Delete /TN "psv_Ran-Lex" /F <==== UWAGA




    () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    AppInit_DLLs: C:\ProgramData\Lightzap\Zerity.dll => C:\ProgramData\Lightzap\Zerity.dll [805376 2015-12-26] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Zoosoft.dll => C:\ProgramData\Lightzap\Zoosoft.dll [257536 2015-12-26] ()
    HKU\S-1-5-21-1893547224-1564790839-396555512-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...a1twDn_KL6zaOacRRpQhiK_WXlhoCbQPORMQ,,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...TOSHIBAXMK6475GSX_33A2YBWSFXX33A2YBWSF&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...TOSHIBAXMK6475GSX_33A2YBWSFXX33A2YBWSF&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1893547224-1564790839-396555512-1001 -> {F7E8015C-D9B8-46E9-86A5-0AB001AECBD1} URL =
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F..._TpxndL7MR0cZr_w3sM2GH5kwrqjF78ZJVq7PeR6tQQ,,,,
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [431104 2015-12-24] () [Brak podpisu cyfrowego]
    2016-01-04 21:17 - 2016-01-04 21:17 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Saltfix
    2016-01-04 21:03 - 2016-01-04 21:03 - 00003262 _____ C:\WINDOWS\System32\Tasks\psv_Cantom
    2016-01-04 20:52 - 2016-01-04 20:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\psv_SanStrong
    2016-01-04 20:32 - 2016-01-04 20:32 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_OpenTone
    2016-01-04 14:26 - 2016-01-04 14:26 - 00003256 _____ C:\WINDOWS\System32\Tasks\psv_Ran-Lex
    2016-01-03 10:34 - 2016-01-03 10:34 - 00003272 _____ C:\WINDOWS\System32\Tasks\psv_Bigtone
    2016-01-03 10:34 - 2016-01-03 10:34 - 00003266 _____ C:\WINDOWS\System32\Tasks\psv_DamCanit
    2016-01-03 10:34 - 2016-01-03 10:34 - 00003260 _____ C:\WINDOWS\System32\Tasks\psv_Inchtough
    2015-12-26 15:52 - 2016-01-04 21:17 - 00000000 ____D C:\ProgramData\Lightzap
    2015-12-26 15:52 - 2015-12-26 15:52 - 00003276 _____ C:\WINDOWS\System32\Tasks\psv_Stronglam
    2015-12-26 15:52 - 2015-12-26 15:52 - 00003262 _____ C:\WINDOWS\System32\Tasks\psv_Sandex
    2015-12-26 15:52 - 2015-12-26 15:52 - 00003258 _____ C:\WINDOWS\System32\Tasks\psv_Re-Lam
    2015-12-26 15:52 - 2015-12-26 15:52 - 00003250 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday
    2015-12-26 15:52 - 2015-12-26 15:52 - 00003250 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
    2015-12-26 15:52 - 2015-12-26 15:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Shortcut
    2015-12-26 15:52 - 2015-12-26 15:52 - 00000000 ____D C:\ProgramData\Lightzaps
    2016-01-04 21:15 - 2014-03-02 11:34 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • CControls
  • #3 06 Sty 2016 17:23
    technotrance
    Poziom 2  

    Dziękuję bardzo za pomoc, póki co sprzęt śmiga jak nowy.
    Pozdrawiam.

    0
  • #4 06 Sty 2016 17:55
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.
    SafeFinder - logi z FRST.

    0