Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

SafeFinder - raporty FRST

shao87 23 Sty 2016 10:26 480 3
  • CControls
  • #2 23 Sty 2016 10:42
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    AppInit_DLLs: C:\ProgramData\Lightzap\Faxtip.dll => C:\ProgramData\Lightzap\Faxtip.dll [805376 2016-01-22] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\ConToair.dll => C:\ProgramData\Lightzap\ConToair.dll [257536 2016-01-22] ()
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...qWBxV27xhcFxca4x5ULH8Ao-A0HIttV2c1OfUZG6IlUM,,
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-4145502738-3092139166-3655839163-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4145502738-3092139166-3655839163-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    FF Homepage: C:\ProgramData\Lightzaps\ff.HP
    FF NewTab: C:\ProgramData\Lightzaps\ff.NT
    FF SearchPlugin: C:\Users\MegaBit\AppData\Roaming\Mozilla\Firefox\Profiles\x7c2syvc.default\searchplugins\findit.xml [2016-01-22]
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=a548888e-01b4-45d8-bcc8-58152277d7df&affid=111583&searchtype=hp&babsrc=lnkry","hxxp://search.babylon.com/?affID=111813&tt=3112_2&babsrc=HP_ss&mntrId=a6c278c800000000000000262dae0d85","hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={D255CAAA-FCD0-11E1-97B8-00262DAE0D85}","hxxp://www.claro-search.com/?affID=116198&tt=4512_8&babsrc=HP_ss&mntrId=a838c0ad0000000000006c626d120347","hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXG1A20Y3940Y3940&ts=1379675106","hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXG1A20Y3940Y3940&ts=1379676807","\r\nhxxp://www.idg.pl/start\r\n","hxxp://www.sweet-page.com/?type=hp&ts=1396630489&from=cor&uid=ST9320325AS_6VD9YXLZXXXX6VD9YXLZ","hxxp://www.sweet-page.com/?type=hppp&ts=1396630962&from=cor&uid=ST9320325AS_6VD9YXLZXXXX6VD9YXLZ","hxxps://mysearch.avg.com?cid={4BA202FD-2683-4228-8403-2FBC82F141CE}&mid=257fa2ccedf647d2b12d69e529924554-62dc3a6f1a0d631706c1dda9ee524ceab17f1d86&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-04-04 19:06:41&v=18.1.9.786&pid=safeguard&sg=&sap=hp"
    CHR Extension: (Always on Top) - C:\Users\MegaBit\AppData\Local\Google\Chrome\User Data\Default\Extensions\amclpcgcmdkdaichklckjepcjjdcmcii [2016-01-23]
    CHR Extension: (Always on top App) - C:\Users\MegaBit\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppldakpkfhiglmfehedjgideggjhcle [2016-01-23]
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [540160 2016-01-22] () [Brak podpisu cyfrowego]
    2016-01-22 16:52 - 2016-01-23 09:30 - 00000000 ____D C:\ProgramData\Lightzap
    2016-01-22 16:52 - 2016-01-22 16:52 - 00002393 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-22 16:52 - 2016-01-22 16:52 - 00000000 ____D C:\ProgramData\Lightzaps
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl

    1
  • CControls
  • #3 23 Sty 2016 10:42
    Kolobos
    Spec od komputerów

    Odinstaluj o ile mozesz: SafeFinder

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    AppInit_DLLs: C:\ProgramData\Lightzap\Faxtip.dll => C:\ProgramData\Lightzap\Faxtip.dll [805376 2016-01-22] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\ConToair.dll => C:\ProgramData\Lightzap\ConToair.dll [257536 2016-01-22] ()
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...qWBxV27xhcFxca4x5ULH8Ao-A0HIttV2c1OfUZG6IlUM,,
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    HKU\S-1-5-21-4145502738-3092139166-3655839163-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4145502738-3092139166-3655839163-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4145502738-3092139166-3655839163-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...O7p4ekmXJ2gCZg7PwK5pwcPDrUnnGu1_bSrIzC838,&q={searchTerms}
    FF Homepage: C:\ProgramData\Lightzaps\ff.HP
    FF NewTab: C:\ProgramData\Lightzaps\ff.NT
    FF SearchPlugin: C:\Users\MegaBit\AppData\Roaming\Mozilla\Firefox\Profiles\x7c2syvc.default\searchplugins\findit.xml [2016-01-22]
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=a548888e-01b4-45d8-bcc8-58152277d7df&affid=111583&searchtype=hp&babsrc=lnkry","hxxp://search.babylon.com/?affID=111813&tt=3112_2&babsrc=HP_ss&mntrId=a6c278c800000000000000262dae0d85","hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={D255CAAA-FCD0-11E1-97B8-00262DAE0D85}","hxxp://www.claro-search.com/?affID=116198&tt=4512_8&babsrc=HP_ss&mntrId=a838c0ad0000000000006c626d120347","hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXG1A20Y3940Y3940&ts=1379675106","hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXG1A20Y3940Y3940&ts=1379676807","\r\nhxxp://www.idg.pl/start\r\n","hxxp://www.sweet-page.com/?type=hp&ts=1396630489&from=cor&uid=ST9320325AS_6VD9YXLZXXXX6VD9YXLZ","hxxp://www.sweet-page.com/?type=hppp&ts=1396630962&from=cor&uid=ST9320325AS_6VD9YXLZXXXX6VD9YXLZ","hxxps://mysearch.avg.com?cid={4BA202FD-2683-4228-8403-2FBC82F141CE}&mid=257fa2ccedf647d2b12d69e529924554-62dc3a6f1a0d631706c1dda9ee524ceab17f1d86&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=2014-04-04 19:06:41&v=18.1.9.786&pid=safeguard&sg=&sap=hp"
    CHR Extension: (Always on top App) - C:\Users\MegaBit\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppldakpkfhiglmfehedjgideggjhcle [2016-01-23]
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [540160 2016-01-22] () [Brak podpisu cyfrowego]
    2016-01-22 16:52 - 2016-01-23 09:30 - 00000000 ____D C:\ProgramData\Lightzap
    2016-01-22 16:52 - 2016-01-22 16:52 - 00002393 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-22 16:52 - 2016-01-22 16:52 - 00000000 ____D C:\ProgramData\Lightzaps
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #4 23 Sty 2016 12:48
    shao87
    Poziom 8  

    Pomogło, dzieki za pomoc!

    0