Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć safe finder, logi z frst

kryllupga 08 Mar 2016 22:33 540 3
  • #1 08 Mar 2016 22:33
    kryllupga
    Poziom 4  

    Witajcie
    Proszę o pomoc bo już ciężko z tym wytrzymać.


    Z góry dzięki :>


    Moderowany przez RADU23:

    Post wydzieliłem jako nowy temat.
    Nie podpinaj się pod cudze wątki. Powoduje to bałagan na forum.

    0 3
  • #2 08 Mar 2016 23:10
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:
    Task: {539C114F-FE47-45E9-83E4-C54A43694EBA} - \wkc1wooj -> No File <==== ATTENTION
    Task: {7F11E921-100F-4BC5-AE58-458B16E56FB8} - \na3ztulv -> No File <==== ATTENTION
    Task: {8A353DE3-B17A-4940-9EBB-9BDFD851F967} - \znzwaah2 -> No File <==== ATTENTION
    Task: {97601E9E-9C9C-415D-B81D-9F86ACA7CDC5} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
    Task: {B1A90809-056B-4CA5-A305-C4D563987DE4} - \Aagoau -> No File <==== ATTENTION
    Task: {B3DD4C81-C4AC-4263-806F-E5B540C1B26A} - \Microsoft\Windows\DiskCleanup\SilentCleanup -> No File <==== ATTENTION
    Task: {BD2FC32A-78F7-4856-BB8C-C864AE39DD46} - \b3vw1quk -> No File <==== ATTENTION
    Hosts:
    HKLM-x32\...\Run: [ospd_us_013010257] => [X]
    HKLM-x32\...\Run: [rec_pl_216] => [X]
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\...\MountPoints2: {876ed880-e3bf-11e5-9bc7-24fd5275a39d} - "E:\AutoRun.exe"
    AppInit_DLLs: C:\ProgramData\Airtostrong\Zotron.dll => C:\ProgramData\Airtostrong\Zotron.dll [363520 2016-03-08] ()
    AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Solola.dll => C:\ProgramData\Airtostrong\Solola.dll [257536 2016-03-08] ()
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}




    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...OaxTiqjnU1GziBPBD_J-njd-D9C9H7yXL2lIcZ-1PhMw,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1507833289-4036767766-2927712537-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1507833289-4036767766-2927712537-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Airtostrongs\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Airtostrongs\\ff.HP
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...kgRlBlFyFe_YLtPYqkDbcEEWj0lPj1D6ZrP0-yaz2ni0,,
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...j2g1NtN91Uw-DqKu8ZSjYcyX_f6wM-EI-c2g8,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [529408 2016-03-08] () [File not signed]

    S2 serfe; C:\ProgramData\\serfe\\serfe.exe -f "C:\ProgramData\\serfe\\serfe.dat" -l -a
    S2 uedatqdowuextraproou; C:\Users\G585\AppData\Local\plexgreen.exe upaate uedatqdowuextraproou [X]
    2016-03-08 16:45 - 2016-03-08 20:36 - 00000000 ____D C:\ProgramData\Airtostrong
    2016-03-08 16:45 - 2016-03-08 16:45 - 03132954 _____ () C:\Program Files\Common Files\zdp2hq40.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 03132954 _____ () C:\Program Files\Common Files\wmwkojys.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 02417760 _____ () C:\Program Files\Common Files\vez4awjc.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 01776820 _____ () C:\Program Files\Common Files\w4nrzeig.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 00000000 ____D C:\ProgramData\Airtostrongs
    2016-03-08 22:06 - 2016-03-08 22:06 - 01524224 _____ C:\Users\G585\Downloads\adwcleaner_5.101 (1).exe
    2016-03-05 00:08 - 2016-03-05 00:08 - 00000000 ____D C:\Users\G585\AppData\Roaming\IeceuBudoeei
    2016-03-08 16:45 - 2016-03-08 16:45 - 2417760 _____ () C:\Program Files\Common Files\vez4awjc.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 1776820 _____ () C:\Program Files\Common Files\w4nrzeig.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 3132954 _____ () C:\Program Files\Common Files\wmwkojys.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 3132954 _____ () C:\Program Files\Common Files\zdp2hq40.exe
    2016-03-03 04:26 - 2016-03-03 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\G585\Desktop\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 08 Mar 2016 23:36
    Kolobos
    Spec od komputerów

    Wykonaj taki Fixlist.txt:
    Task: {539C114F-FE47-45E9-83E4-C54A43694EBA} - \wkc1wooj -> No File <==== ATTENTION
    Task: {7F11E921-100F-4BC5-AE58-458B16E56FB8} - \na3ztulv -> No File <==== ATTENTION
    Task: {8A353DE3-B17A-4940-9EBB-9BDFD851F967} - \znzwaah2 -> No File <==== ATTENTION
    Task: {97601E9E-9C9C-415D-B81D-9F86ACA7CDC5} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
    Task: {B1A90809-056B-4CA5-A305-C4D563987DE4} - \Aagoau -> No File <==== ATTENTION
    Task: {B3DD4C81-C4AC-4263-806F-E5B540C1B26A} - \Microsoft\Windows\DiskCleanup\SilentCleanup -> No File <==== ATTENTION
    Task: {BD2FC32A-78F7-4856-BB8C-C864AE39DD46} - \b3vw1quk -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\G585\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    () C:\ProgramData\Airtostrong\Airtostrong.exe
    () C:\ProgramData\Airtostrong\Airtostrong.exe
    HKLM-x32\...\Run: [ospd_us_013010257] => [X]
    HKLM-x32\...\Run: [rec_pl_216] => [X]
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\...\MountPoints2: {876ed880-e3bf-11e5-9bc7-24fd5275a39d} - "E:\AutoRun.exe"
    AppInit_DLLs: C:\ProgramData\Airtostrong\Zotron.dll => C:\ProgramData\Airtostrong\Zotron.dll [363520 2016-03-08] ()
    AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Solola.dll => C:\ProgramData\Airtostrong\Solola.dll [257536 2016-03-08] ()
    Tcpip\..\Interfaces\{2b6e89e5-26cd-4375-ad30-34c55506898a}: [NameServer] 104.197.191.4
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    HKU\S-1-5-21-1507833289-4036767766-2927712537-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...OaxTiqjnU1GziBPBD_J-njd-D9C9H7yXL2lIcZ-1PhMw,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1507833289-4036767766-2927712537-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1507833289-4036767766-2927712537-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tn_vVnwF8kxvejz6x2w-3w_uDixVkHrlYf8rg,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Airtostrongs\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Airtostrongs\\ff.HP
    FF SearchPlugin: C:\Users\G585\AppData\Roaming\Mozilla\Firefox\Profiles\i8o5lzha.default\searchplugins\findit.xml [2016-03-08]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...kgRlBlFyFe_YLtPYqkDbcEEWj0lPj1D6ZrP0-yaz2ni0,,
    CHR StartupUrls: Default -> "hxxp://google.pl/"
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...j2g1NtN91Uw-DqKu8ZSjYcyX_f6wM-EI-c2g8,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [529408 2016-03-08] () [File not signed]
    S2 serfe; C:\ProgramData\\serfe\\serfe.exe -f "C:\ProgramData\\serfe\\serfe.dat" -l -a
    S2 uedatqdowuextraproou; C:\Users\G585\AppData\Local\plexgreen.exe upaate uedatqdowuextraproou [X]
    2016-03-08 16:45 - 2016-03-08 20:36 - 00000000 ____D C:\ProgramData\Airtostrong
    2016-03-08 16:45 - 2016-03-08 16:45 - 03132954 _____ () C:\Program Files\Common Files\zdp2hq40.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 03132954 _____ () C:\Program Files\Common Files\wmwkojys.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 02417760 _____ () C:\Program Files\Common Files\vez4awjc.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 01776820 _____ () C:\Program Files\Common Files\w4nrzeig.exe
    2016-03-08 16:45 - 2016-03-08 16:45 - 00002393 _____ C:\WINDOWS\SysWOW64\findit.xml
    2016-03-08 16:45 - 2016-03-08 16:45 - 00000000 ____D C:\ProgramData\Airtostrongs
    2016-03-07 15:59 - 2016-03-07 15:59 - 00000000 ____D C:\Program Files\Common Files\qgl3lsou
    2016-03-07 14:59 - 2016-03-07 14:59 - 00000000 ____D C:\Program Files\Common Files\heqef0im
    2016-03-07 13:52 - 2016-03-07 13:52 - 00000000 ____D C:\Program Files\Common Files\jxzfk0dk
    2016-03-07 11:50 - 2016-03-07 11:50 - 00000000 ____D C:\Program Files\Common Files\x3y01qjz
    2016-03-06 20:19 - 2016-03-08 22:07 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-05 00:09 - 2016-03-05 00:09 - 00000000 ____D C:\Users\G585\AppData\LocalLow\Company
    2016-03-05 00:08 - 2016-03-05 00:09 - 00000000 ____D C:\uninst
    2016-03-05 00:08 - 2016-03-05 00:08 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
    2016-03-05 00:08 - 2016-03-05 00:08 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
    2016-03-05 00:08 - 2016-03-05 00:08 - 00000000 ____D C:\Users\G585\AppData\Roaming\IeceuBudoeei
    2016-03-05 00:08 - 2016-03-05 00:08 - 00000000 ____D C:\Users\G585\AppData\Local\Tempfolder
    2016-03-05 00:07 - 2016-03-05 00:07 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
    EmptyTemp:

    W FRST wybierz Napraw.

    :arrow: @krzychupar
    Sprawdzaj dokladnie bo takie cos nie ma sensu i tak trzeba po Tobie poprawiac.

    0
  • #4 09 Mar 2016 18:49
    kryllupga
    Poziom 4  

    Dziękuję Ci @Kolobos :)
    Bardzo mi pomogłeś.
    Problem rozwiązany.

    Jak usunąć safe finder, logi z frst

    0