Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe finder, http://feed.sonic - Safe finder, http://feed.sonic-search.com/,

montstal 08 Sty 2016 19:48 1428 13
  • #1 08 Sty 2016 19:48
    montstal
    Poziom 6  

    Witam.
    Mam problem straszny z safe finder w google i feed sonic. Nie moge tego usunac z dodaj/usun programy. Adw cleaner nic nie pomaga, teraz nawet w chrome nie wchodza wszystkie strony i caly czas wrzuca sie w ustawieniach websearch. Dodaje loga z frst.Nie daje mi dodatkowo zainstalowac zadnego antyvirusa. Prosze o pomoc!!

    1 13
  • #2 08 Sty 2016 21:53
    krzychupar
    Poziom 40  

    Jeszcze log Addition.txt.

    -1
  • Pomocny post
    #4 10 Sty 2016 09:51
    krzychupar
    Poziom 40  

    Dla autora tematu.

    Odinstaluj SafeFinder
    Otwórz notatnik systemowy i wklej:
    Task: E:\WINDOWS\Tasks\At5.job => E:\DOCUME~1\Szymon\DANEAP~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    2016-01-05 18:51 - 2016-01-05 18:33 - 00538112 _____ () E:\Documents and Settings\All Users\Dane aplikacji\Lightzap\Lightzap.exe
    2016-01-05 18:51 - 2016-01-05 18:51 - 00257536 _____ () E:\Documents and Settings\All Users\Dane aplikacji\Lightzap\Yearzooin.dll
    HKU\S-1-5-21-73586283-220523388-725345543-1005\Control Panel\Desktop\\Wallpaper -> (Brak)
    HKU\S-1-5-21-73586283-220523388-725345543-1005\Control Panel\Desktop\\Wallpaper -> (Brak)HKLM\...\Run: [] => [X]
    HKLM\...\Run: [egui] => "B:\Temp\DLCDTemp\ESET\egui.exe" /hide /waitservice <===== UWAGA
    HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
    HKU\S-1-5-21-73586283-220523388-725345543-1004\...\MountPoints2: {86707282-f95c-11e4-af4f-fdaf2d77da70} - G:\sources\sperr32.exe x64
    HKU\S-1-5-21-73586283-220523388-725345543-1004\...\MountPoints2: {b838b20e-f8d3-11e4-a091-806d6172696f} - F:\DLCDMenu.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-73586283-220523388-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}




    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-73586283-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    HKU\S-1-5-21-73586283-220523388-725345543-1005\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    URLSearchHook: HKLM -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" <======= UWAGA
    SearchScopes: HKU\S-1-5-21-73586283-220523388-725345543-1005 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wnvOW-F8F-703z6Fvs8XONDPSSc_P1388C8A,,&q={searchTerms}
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...zU0h7NijHXo9FKi2LIsTtizJ0JBHgfncK4_w,,&q={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Plugin: (Shockwave Flash) - E:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll => Brak pliku
    CHR Plugin: (Native Client) - E:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - E:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => Brak pliku
    CHR Plugin: (Google Update) - E:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll => Brak pliku
    StartMenuInternet: Google Chrome.OJZSUL5N6W2LZBRE3QYZXW5GQM - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=...=cor&uid=ST3500418AS_9VMT2JHLXXXX9VMT2JHL
    S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X]
    S3 cpuz134; \??\E:\DOCUME~1\Szymon\USTAWI~1\Temp\cpuz134\cpuz134_x32.sys [X]
    S4 IntelIde; Brak ImagePath
    S3 NAVENG; \??\E:\Program Files\Norton AntiVirus\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\E:\Program Files\Norton AntiVirus\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\NAVEX15.SYS [X]
    U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U1 WS2IFSL; Brak ImagePath
    2016-01-08 19:18 - 2016-01-08 19:18 - 00000000 ____D E:\Program Files\Norton AntiVirus
    2016-01-08 19:14 - 2016-01-08 19:14 - 00000000 ____D E:\Program Files\NortonInstaller
    2016-01-08 19:14 - 2016-01-08 19:14 - 00000000 ____D E:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
    2016-01-08 19:09 - 2016-01-08 19:10 - 05066104 _____ (AVAST Software) E:\Documents and Settings\Szymon\Moje dokumenty\avast_free_antivirus_setup_online (2).exe
    2016-01-08 19:09 - 2016-01-08 19:10 - 05066104 _____ (AVAST Software) E:\Documents and Settings\All Users\Pulpit\avast_free_antivirus_setup_online (2).exe
    2016-01-08 19:09 - 2016-01-08 19:09 - 05066104 _____ (AVAST Software) E:\Documents and Settings\Szymon\Moje dokumenty\avast_free_antivirus_setup_online (1).exe
    2016-01-08 19:06 - 2016-01-08 19:06 - 05066104 _____ (AVAST Software) E:\Documents and Settings\Szymon\Moje dokumenty\avast_free_antivirus_setup_online.exe
    2016-01-08 19:06 - 2016-01-08 19:06 - 05066104 _____ (AVAST Software) E:\Documents and Settings\All Users\Pulpit\avast_free_antivirus_setup_online.exe
    2016-01-06 17:32 - 2016-01-06 19:05 - 00000000 ____D E:\AdwCleaner
    2016-01-05 18:51 - 2016-01-06 19:07 - 00000000 ____D E:\Documents and Settings\All Users\Dane aplikacji\Lightzap
    2016-01-05 18:51 - 2016-01-05 18:51 - 00000000 ____D E:\Documents and Settings\All Users\Dane aplikacji\Lightzaps
    E:\Documents and Settings\Szymon\SetupComponents.exe
    E:\Windows\Tasks\At1.job
    E:\Windows\Tasks\At2.job
    E:\Windows\Tasks\At3.job
    E:\Windows\Tasks\At4.job
    E:\Windows\Tasks\At5.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #5 10 Sty 2016 10:44
    montstal
    Poziom 6  

    wlaczam frst.exe biore napraw idzie chwile a za sekund kilka wyskakuje "wystapil problem z aplikajca frst i zostanie ona zamknieta..." i tak za kazdym razem, sciagnalem ja drugi raz i to samo. Nie wiem dlaczego ale chrome zaczal dzialac, nie zalaczaja sie juz te bzdury, usunalem websearch z opcji zarzadzania wyszukarkam i jest ok.

    Dodano po 1 [minuty]:

    po prostu moze doszlo to tego momentu ze to wyrzucilo i sie zamyka ten frst, czary mary ale dziala, jak mozesz napisz jak sprobowac dokonczyc proces naprawiania do konca, pomimo tego ze dziala chrome. na ta chwile dzieki wielkie

    0
  • #6 10 Sty 2016 12:33
    mati211p
    Specjalista - HDD i odzyskiwanie danych

    W trybie awaryjnym sprawdzałeś?

    0
  • #7 10 Sty 2016 12:58
    montstal
    Poziom 6  

    nie, ale sprawdze, dzieki

    0
  • #9 16 Sty 2016 21:51
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    Task: {01E6330E-6737-4705-AD6A-3C583BAD857F} - System32\Tasks\psv_Tripple-Plus => /c regedit.exe /s "C:\ProgramData\Lightzap\VivaRemwarm.reg" &amp; del "C:\ProgramData\Lightzap\VivaRemwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Tripple-Plus" /F <==== ATTENTION
    Task: {1D1DAD83-4B6A-431D-AB1B-644ED4C74972} - System32\Tasks\psv_Treewarm => /c regedit.exe /s "C:\ProgramData\Lightzap\Sundondax.reg" &amp; del "C:\ProgramData\Lightzap\Sundondax.reg" &amp; SCHTASKS /Delete /TN "psv_Treewarm" /F <==== ATTENTION
    Task: {3CA7A61A-40A7-49AC-93D4-7ED36A948DB9} - System32\Tasks\psv_Qvoing => /c regedit.exe /s "C:\ProgramData\Lightzap\KanBam.reg" &amp; del "C:\ProgramData\Lightzap\KanBam.reg" &amp; SCHTASKS /Delete /TN "psv_Qvoing" /F <==== ATTENTION
    Task: {54AE3A95-2DC7-46D5-8865-5E477394DF21} - \WPD\SqmUpload_S-1-5-21-434718064-3954086748-1541840570-500 -> No File <==== ATTENTION
    Task: {58691806-0811-44CA-AFFE-B887214D6243} - System32\Tasks\psv_Quotedomcom => /c regedit.exe /s "C:\ProgramData\Lightzap\HoldPhase.reg" &amp; del "C:\ProgramData\Lightzap\HoldPhase.reg" &amp; SCHTASKS /Delete /TN "psv_Quotedomcom" /F <==== ATTENTION
    Task: {5BA7DFCD-C475-4C28-8543-3958D5B6B7F6} - System32\Tasks\psv_Unalamnix => /c regedit.exe /s "C:\ProgramData\Lightzap\Hotredtrax.reg" &amp; del "C:\ProgramData\Lightzap\Hotredtrax.reg" &amp; SCHTASKS /Delete /TN "psv_Unalamnix" /F <==== ATTENTION
    Task: {5CFF9EA0-21E1-49F8-9072-8186327F66D0} - System32\Tasks\psv_Runlight => /c regedit.exe /s "C:\ProgramData\Lightzap\Softity.reg" &amp; del "C:\ProgramData\Lightzap\Softity.reg" &amp; SCHTASKS /Delete /TN "psv_Runlight" /F <==== ATTENTION
    Task: {5FA67A42-A9DC-4AF2-950C-9536B66A1309} - System32\Tasks\psv_Uno-Phase => /c regedit.exe /s "C:\ProgramData\Lightzap\Alphaeco.reg" &amp; del "C:\ProgramData\Lightzap\Alphaeco.reg" &amp; SCHTASKS /Delete /TN "psv_Uno-Phase" /F <==== ATTENTION
    Task: {5FB47669-220B-4595-AA86-BC068E4ED6F4} - System32\Tasks\psv_Ising => /c regedit.exe /s "C:\ProgramData\Lightzap\Sollex.reg" &amp; del "C:\ProgramData\Lightzap\Sollex.reg" &amp; SCHTASKS /Delete /TN "psv_Ising" /F <==== ATTENTION
    Task: {61D5225F-3E81-4088-88B1-3F3713D60743} - System32\Tasks\psv_InZap => /c regedit.exe /s "C:\ProgramData\Lightzap\Ranklateco.reg" &amp; del "C:\ProgramData\Lightzap\Ranklateco.reg" &amp; SCHTASKS /Delete /TN "psv_InZap" /F <==== ATTENTION
    Task: {BEEB0919-23AB-4923-8B67-E68D44672E04} - System32\Tasks\psv_Strongfind => /c regedit.exe /s "C:\ProgramData\Lightzap\Tamcore.reg" &amp; del "C:\ProgramData\Lightzap\Tamcore.reg" &amp; SCHTASKS /Delete /TN "psv_Strongfind" /F <==== ATTENTION
    Task: {E9593F3F-B463-41FB-9F75-4658813EA54A} - System32\Tasks\psv_Doubleit => /c regedit.exe /s "C:\ProgramData\Lightzap\Lexitax.reg" &amp; del "C:\ProgramData\Lightzap\Lexitax.reg" &amp; SCHTASKS /Delete /TN "psv_Doubleit" /F <==== ATTENTION
    Task: {FB7C9CCA-5690-4D28-AD79-09898D5758E7} - System32\Tasks\psv_ZumTouch => /c regedit.exe /s "C:\ProgramData\Lightzap\Saosailfix.reg" &amp; del "C:\ProgramData\Lightzap\Saosailfix.reg" &amp; SCHTASKS /Delete /TN "psv_ZumTouch" /F <==== ATTENTION
    Task: {FDD2193D-8F54-4AD7-B748-47FB70F06631} - System32\Tasks\psv_Tamit => /c regedit.exe /s "C:\ProgramData\Lightzap\Solotone.reg" &amp; del "C:\ProgramData\Lightzap\Solotone.reg" &amp; SCHTASKS /Delete /TN "psv_Tamit" /F <==== ATTENTION
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {16431582-a51a-11e2-8fad-005056c00008} - G:\iStudio.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {43592f44-b7a3-11e1-a43f-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {43592f5e-b7a3-11e1-a43f-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {75b61290-3fc2-11e2-b764-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {f6040912-b71e-11e3-817e-c82aa846f213} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
    AppInit_DLLs: C:\ProgramData\Lightzap\Betalux.dll => C:\ProgramData\Lightzap\Betalux.dll [805376 2015-12-28] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Finfax.dll => C:\ProgramData\Lightzap\Finfax.dll [257536 2015-12-28] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...RVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...RVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...RVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...RVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> DefaultScope {FFCC9421-B36E-4CFC-BA9F-3902C0DD938F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> {FFCC9421-B36E-4CFC-BA9F-3902C0DD938F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...RVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    FF NetworkProxy: "autoconfig_url", "http://proxy.gtech.com/"
    FF NetworkProxy: "type", 2
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S1 {886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64; system32\drivers\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64.sys [X]
    S1 {c9dd49c1-5974-41ee-8826-de0b55e8da26}Gw64; system32\drivers\{c9dd49c1-5974-41ee-8826-de0b55e8da26}Gw64.sys [X]
    2015-12-29 11:36 - 2015-12-08 22:33 - 00000000 ____D C:\ProgramData\Lightzap
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #10 16 Sty 2016 22:01
    beut
    Poziom 2  

    Cos chyba nie tak: po kliknięciu w FIx pojawia się komunikat:
    Looks you don't know what do to. To prevent damage to the system the tool will exit.

    0
  • #11 16 Sty 2016 22:05
    krzychupar
    Poziom 40  

    Sprawdź w trybie awaryjnym.

    0
  • #12 25 Sty 2016 22:20
    beut
    Poziom 2  

    W trybie awaryjnym ten sam komunikat

    0
  • Pomocny post
    #13 25 Sty 2016 22:48
    Kolobos
    Spec od komputerów

    Zainstaluj: https://support.microsoft.com/pl-pl/kb/2545227

    Wykonaj fixlist.txt po kawalku, na poczatek:

    Code:

    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jsobkowiak\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    Task: {01E6330E-6737-4705-AD6A-3C583BAD857F} - System32\Tasks\psv_Tripple-Plus => /c regedit.exe /s "C:\ProgramData\Lightzap\VivaRemwarm.reg" &amp; del "C:\ProgramData\Lightzap\VivaRemwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Tripple-Plus" /F <==== ATTENTION
    Task: {1D1DAD83-4B6A-431D-AB1B-644ED4C74972} - System32\Tasks\psv_Treewarm => /c regedit.exe /s "C:\ProgramData\Lightzap\Sundondax.reg" &amp; del "C:\ProgramData\Lightzap\Sundondax.reg" &amp; SCHTASKS /Delete /TN "psv_Treewarm" /F <==== ATTENTION
    Task: {3CA7A61A-40A7-49AC-93D4-7ED36A948DB9} - System32\Tasks\psv_Qvoing => /c regedit.exe /s "C:\ProgramData\Lightzap\KanBam.reg" &amp; del "C:\ProgramData\Lightzap\KanBam.reg" &amp; SCHTASKS /Delete /TN "psv_Qvoing" /F <==== ATTENTION
    Task: {54AE3A95-2DC7-46D5-8865-5E477394DF21} - \WPD\SqmUpload_S-1-5-21-434718064-3954086748-1541840570-500 -> No File <==== ATTENTION
    Task: {58691806-0811-44CA-AFFE-B887214D6243} - System32\Tasks\psv_Quotedomcom => /c regedit.exe /s "C:\ProgramData\Lightzap\HoldPhase.reg" &amp; del "C:\ProgramData\Lightzap\HoldPhase.reg" &amp; SCHTASKS /Delete /TN "psv_Quotedomcom" /F <==== ATTENTION
    Task: {5BA7DFCD-C475-4C28-8543-3958D5B6B7F6} - System32\Tasks\psv_Unalamnix => /c regedit.exe /s "C:\ProgramData\Lightzap\Hotredtrax.reg" &amp; del "C:\ProgramData\Lightzap\Hotredtrax.reg" &amp; SCHTASKS /Delete /TN "psv_Unalamnix" /F <==== ATTENTION
    Task: {5CFF9EA0-21E1-49F8-9072-8186327F66D0} - System32\Tasks\psv_Runlight => /c regedit.exe /s "C:\ProgramData\Lightzap\Softity.reg" &amp; del "C:\ProgramData\Lightzap\Softity.reg" &amp; SCHTASKS /Delete /TN "psv_Runlight" /F <==== ATTENTION
    Task: {5FA67A42-A9DC-4AF2-950C-9536B66A1309} - System32\Tasks\psv_Uno-Phase => /c regedit.exe /s "C:\ProgramData\Lightzap\Alphaeco.reg" &amp; del "C:\ProgramData\Lightzap\Alphaeco.reg" &amp; SCHTASKS /Delete /TN "psv_Uno-Phase" /F <==== ATTENTION
    Task: {5FB47669-220B-4595-AA86-BC068E4ED6F4} - System32\Tasks\psv_Ising => /c regedit.exe /s "C:\ProgramData\Lightzap\Sollex.reg" &amp; del "C:\ProgramData\Lightzap\Sollex.reg" &amp; SCHTASKS /Delete /TN "psv_Ising" /F <==== ATTENTION
    Task: {61D5225F-3E81-4088-88B1-3F3713D60743} - System32\Tasks\psv_InZap => /c regedit.exe /s "C:\ProgramData\Lightzap\Ranklateco.reg" &amp; del "C:\ProgramData\Lightzap\Ranklateco.reg" &amp; SCHTASKS /Delete /TN "psv_InZap" /F <==== ATTENTION
    Task: {B5B47FD4-9BCF-4EE2-90E8-C44D58288723} - System32\Tasks\Opera scheduled Autoupdate 1451430270 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {BEEB0919-23AB-4923-8B67-E68D44672E04} - System32\Tasks\psv_Strongfind => /c regedit.exe /s "C:\ProgramData\Lightzap\Tamcore.reg" &amp; del "C:\ProgramData\Lightzap\Tamcore.reg" &amp; SCHTASKS /Delete /TN "psv_Strongfind" /F <==== ATTENTION
    Task: {E9593F3F-B463-41FB-9F75-4658813EA54A} - System32\Tasks\psv_Doubleit => /c regedit.exe /s "C:\ProgramData\Lightzap\Lexitax.reg" &amp; del "C:\ProgramData\Lightzap\Lexitax.reg" &amp; SCHTASKS /Delete /TN "psv_Doubleit" /F <==== ATTENTION
    Task: {FB7C9CCA-5690-4D28-AD79-09898D5758E7} - System32\Tasks\psv_ZumTouch => /c regedit.exe /s "C:\ProgramData\Lightzap\Saosailfix.reg" &amp; del "C:\ProgramData\Lightzap\Saosailfix.reg" &amp; SCHTASKS /Delete /TN "psv_ZumTouch" /F <==== ATTENTION
    Task: {FDD2193D-8F54-4AD7-B748-47FB70F06631} - System32\Tasks\psv_Tamit => /c regedit.exe /s "C:\ProgramData\Lightzap\Solotone.reg" &amp; del "C:\ProgramData\Lightzap\Solotone.reg" &amp; SCHTASKS /Delete /TN "psv_Tamit" /F <==== ATTENTION


    Jezeli sie wykona to:
    Code:

    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {16431582-a51a-11e2-8fad-005056c00008} - G:\iStudio.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {43592f44-b7a3-11e1-a43f-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {43592f5e-b7a3-11e1-a43f-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {75b61290-3fc2-11e2-b764-005056c00008} - F:\AutoRun.exe
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\...\MountPoints2: {f6040912-b71e-11e3-817e-c82aa846f213} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
    AppInit_DLLs: C:\ProgramData\Lightzap\Betalux.dll => C:\ProgramData\Lightzap\Betalux.dll [805376 2015-12-28] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Finfax.dll => C:\ProgramData\Lightzap\Finfax.dll [257536 2015-12-28] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    AutoConfigURL: [S-1-5-21-1801674531-2052111302-2146921017-731135] => hxxp://proxy.gtech.com/
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpd3_Upgegl66Gn-Y_W0r1qftdK5Nq2hndp2VbJT_dwhcqweMonW_xuzsMa9dMX6V_5tE_vjGBS0pZDNoTg0EzLHTVa_QNsRX9PPYg4W3JRVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.gtech.com
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpd3_Upgegl66Gn-Y_W0r1qftdK5Nq2hndp2VbJT_dwhcqweMonW_xuzsMa9dMX6V_5tE_vjGBS0pZDNoTg0EzLHTVa_QNsRX9PPYg4W3JRVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    HKU\S-1-5-21-1801674531-2052111302-2146921017-731135\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpd3_Upgegl66Gn-Y_W0r1qftdK5Nq2hndp2VbJT_dwhcqweMonW_xuzsMa9dMX6V_5tE_vjGBS0pZDNoTg0EzLHTVa_QNsRX9PPYg4W3JRVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpd3_Upgegl66Gn-Y_W0r1qftdK5Nq2hndp2VbJT_dwhcqweMonW_xuzsMa9dMX6V_5tE_vjGBS0pZDNoTg0EzLHTVa_QNsRX9PPYg4W3JRVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> DefaultScope {FFCC9421-B36E-4CFC-BA9F-3902C0DD938F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> {FFCC9421-B36E-4CFC-BA9F-3902C0DD938F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-1801674531-2052111302-2146921017-731135 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpd3_Upgegl66Gn-Y_W0r1qftdK5Nq2hndp2VbJT_dwhcqweMonW_xuzsMa9dMX6V_5tE_vjGBS0pZDNoTg0EzLHTVa_QNsRX9PPYg4W3JRVG20JpsxfVoIyIaq5bJIX72hGE0EVX0U6LA,,&q={searchTerms}
    FF NetworkProxy: "autoconfig_url", "http://proxy.gtech.com/"
    FF NetworkProxy: "type", 2
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S1 {886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64; system32\drivers\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64.sys [X]
    S1 {c9dd49c1-5974-41ee-8826-de0b55e8da26}Gw64; system32\drivers\{c9dd49c1-5974-41ee-8826-de0b55e8da26}Gw64.sys [X]
    2016-01-16 20:51 - 2016-01-16 20:51 - 00021019 _____ C:\Users\jsobkowiak\Downloads\ComboFix.txt
    2015-12-30 00:04 - 2015-12-30 00:04 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451430270
    2015-12-23 19:49 - 2015-12-23 19:52 - 247237112 _____ C:\Users\jsobkowiak\Downloads\ideaIC-15.0.2 (1).exe
    2015-12-23 10:45 - 2015-12-23 10:45 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
    2015-12-21 10:29 - 2015-12-21 10:29 - 01193696 _____ (Adobe Systems Incorporated) C:\Users\jsobkowiak\Downloads\readerdc_pl_ga_install (2).exe
    2015-12-29 11:36 - 2015-12-08 22:33 - 00000000 ____D C:\ProgramData\Lightzap
    EmptyTemp:

    1
  • #14 25 Sty 2016 23:24
    beut
    Poziom 2  

    Dział, dzięki!!
    PS. chciałem dać plusa, niechcący trafiłem w minusa :(

    1