Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

SafeFinder jak się pozbyć - logi z FRST

Minczii 21 Lut 2016 00:26 573 3
  • Pomocny post
    #2 21 Lut 2016 07:58
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    Task: {58FBAA02-216B-4E2F-ABA4-93F4590F0848} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku <==== UWAGA
    Task: {F41F9881-959D-41CF-9FFA-BDF21E740FF0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
    Hosts:
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\...\MountPoints2: {62831f8e-645e-11e5-89be-806e6f6e6963} - D:\InstAll.exe
    AppInit_DLLs: C:\ProgramData\Airtostrong\Zertone.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Tranlight.dll => Brak pliku
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TjIPID5wI1oW2TQxrP5ZpS_UhxTjli_OXd4nY,&q={searchTerms}
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...yJeX4qGah5BG808em2JSkGPaF44c9JYVE5hDnAKtRP7k,,
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TjIPID5wI1oW2TQxrP5ZpS_UhxTjli_OXd4nY,&q={searchTerms}
    HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TjIPID5wI1oW2TQxrP5ZpS_UhxTjli_OXd4nY,&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...35VZXd1A48R5TML2fEhhnSqbotGWUzWAkah40-LcEe3k,,
    CHR StartupUrls: Default -> "hxxp://www.google.pl/"
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...4GH2bWu1CfhgzlWF69Mo6qJQGT48Mvq9Cii20,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    S2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a
    S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a
    S3 ASUSProcObsrv; \??\D:\I386\AsPrOb64.sys [X]
    2016-02-20 19:02 - 2016-02-20 23:44 - 00000000 ____D C:\ProgramData\Airtostrong
    2016-02-20 19:02 - 2016-02-20 19:02 - 00000000 ____D C:\ProgramData\Airtostrongs
    2016-02-20 16:55 - 2016-02-20 23:44 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-01-31 20:26 - 2016-01-31 20:26 - 00000000 ____D C:\3938de3d123668a44523
    2016-01-28 16:13 - 2016-01-28 16:13 - 00504147 _____ C:\Users\Marzena\Desktop\download.zip
    2016-01-25 08:18 - 2016-01-25 08:18 - 00000000 ____D C:\258d8cdf7b34305d1196ddc241a5
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu skryptu zresetuj ustawienia przeglądarki chrome https://support.google.com/chrome/answer/3296214?hl=pl

    0
  • Pomocny post
    #3 21 Lut 2016 10:39
    Kolobos
    Spec od komputerów

    Jeszcze to:

    2016-02-20 19:02 - 2016-02-20 23:44 - 00000000 ____D C:\Program Files\Common Files\uuw4znww
    2016-02-20 18:02 - 2016-02-20 23:44 - 00000000 ____D C:\Program Files\Common Files\24qofezn
    2016-02-20 16:56 - 2016-02-20 16:56 - 00222699 _____ C:\Users\Marzena\AppData\Roaming\Stimtop.bin
    CHR HKU\S-1-5-21-2609638701-3919774548-4277110541-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    2016-02-20 16:55 - 2016-02-20 16:55 - 7951360 _____ () C:\Users\Marzena\AppData\Roaming\agent.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0054272 _____ () C:\Users\Marzena\AppData\Roaming\ApplicationHosting.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0063696 _____ () C:\Users\Marzena\AppData\Roaming\Config.xml
    2016-02-20 16:53 - 2016-02-20 16:54 - 0018672 _____ () C:\Users\Marzena\AppData\Roaming\InstallationConfiguration.xml
    2016-02-20 16:53 - 2016-02-20 16:53 - 0126976 _____ () C:\Users\Marzena\AppData\Roaming\Installer.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0189694 _____ () C:\Users\Marzena\AppData\Roaming\Kontam.bin
    2016-02-20 16:55 - 2016-02-20 16:55 - 0126464 _____ () C:\Users\Marzena\AppData\Roaming\lobby.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0018432 _____ () C:\Users\Marzena\AppData\Roaming\Main.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0005568 _____ () C:\Users\Marzena\AppData\Roaming\md.xml
    2016-02-20 16:55 - 2016-02-20 16:55 - 0126464 _____ () C:\Users\Marzena\AppData\Roaming\noah.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 1882165 _____ () C:\Users\Marzena\AppData\Roaming\Round-Sing.tst
    2016-02-20 16:54 - 2016-02-20 16:54 - 0848437 _____ () C:\Users\Marzena\AppData\Roaming\SailRemlax.bin
    2016-02-20 16:56 - 2016-02-20 16:56 - 0222699 _____ () C:\Users\Marzena\AppData\Roaming\Stimtop.bin
    2016-02-20 16:56 - 2016-02-20 16:56 - 0001150 _____ () C:\Users\Marzena\AppData\Roaming\uninstall_temp.ico
    2016-02-20 16:55 - 2016-02-20 16:55 - 0072708 _____ () C:\Users\Marzena\AppData\Roaming\Zaamin.tst
    2016-02-20 16:55 - 2016-02-20 16:55 - 0041472 _____ () C:\Users\Marzena\AppData\Local\Xxx-line.dat
    2016-02-20 16:55 - 2016-02-20 16:55 - 0000187 _____ () C:\Users\Marzena\AppData\Local\Xxx-line.exe.config

    0
  • #4 21 Lut 2016 12:04
    Minczii
    Poziom 5  

    Dziękuję bardzo za pomoc. Przeglądarki działają poprawnie.
    Pozdrawiam

    0