Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć safe finder, sizzling hot i inne reklamy/programy?

JamajkaSmoker 24 Sty 2016 13:17 1071 7
  • Pomocny post
    #2 24 Sty 2016 14:55
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Setup
    Spybot - Search & Destroy

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {019855D4-447C-4BD0-A248-BA0FF057F2C2} - System32\Tasks\Tybejisp => C:\PROGRA~1\SHOPPE~1\Ybaosf.bat
    Task: {092A01C3-1854-4C25-AF08-6E7ACFCF4CDC} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAG
    Task: {2DC247F2-4B08-41DE-8A1D-D2F9090A584F} - System32\Tasks\Origin => C:\Users\Paweł\AppData\Roaming\Origin\update.vbe [2015-11-18] () <==== UWAGA
    Task: {3BB8B223-3D66-4CF8-A39D-D527060BA916} - System32\Tasks\{EECEB346-D30C-4BE0-89CF-AD47C7BD134F} => pcalua.exe -a "X:\Gry\The Sith Lords\agskttrn.exe" -d "X:\Gry\The Sith Lords"
    Task: {4DBF1B09-310D-49B3-A15B-3E5B00540AD3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
    Task: {64754D5C-64F6-42E0-BB33-D3D4840F2C64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {69E17C56-45AF-4D98-830E-46A0393399C7} - System32\Tasks\Price Fountain => C:\Users\PAWE~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {6A6E7FEA-3C6F-4A7F-BEA3-91DFA392E73C} - System32\Tasks\PawełSonantsPharmacopeiasV2 => Rundll32.exe ConsultsDualism.dll,main 7 1 <==== UWAGA
    Task: {A31FA474-496A-4E66-AE1E-11DB9127E881} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: {B0F0A159-07A7-4093-A0DF-D50BFE1E40CD} - System32\Tasks\Video Diner => Rundll32.exe "C:\Users\Paweł\AppData\Local\Video Diner\{440DD7C0-60B8-7742-5C15-76AF4BBAE9EA}\VideoDiner.dll",#1 <==== UWAGA
    Task: {B14B0691-3070-4C1A-9137-21241A1FDEA8} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== UWAGA
    Task: {B6E9A2E7-EC0B-47FC-B081-325F60DC0E2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {CCFB7AA6-9BD2-45EB-A3CD-F5C939B10FD5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {E3360FDD-E5A9-4123-9067-3D9D905195E3} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== UWAGA
    Task: {ED261507-A0D1-4278-A72F-9F5C4648EAE6} - System32\Tasks\Video Diner2 => Rundll32.exe "C:\Users\Paweł\AppData\Local\Video Diner\{440DD7C0-60B8-7742-5C15-76AF4BBAE9EA}\wjevimj.dll",#1 <==== UWAGA
    Task: {FA739530-3898-4E89-BF9E-AF18A233BC35} - \ShopperProJSUpd -> Brak pliku <==== UWAGA




    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\PAWE~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Hosts:
    HKLM-x32\...\Run: [mbot_pl_014010149] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\RunOnce: [PriceFountain] => [X]
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {0e247d37-decb-11e4-8259-806e6f6e6963} - "E:\DisneySplash.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {74925cd1-78b1-11e5-8286-fcaa1450f9a2} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {7e819c95-5b08-11e5-8260-fcaa1450f9a2} - "I:\Setup.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {91d85198-5b90-11e5-8262-fcaa1450f9a2} - "G:\setup.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {9d945472-63fb-11e5-826d-fcaa1450f9a2} - "L:\inlaws.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {bba303ea-8153-11e5-828b-fcaa1450f9a2} - "G:\autorun.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {c8a360e3-6040-11e5-8269-fcaa1450f9a2} - "H:\OriginInstaller.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\458188\taskmgr.exe" <==== UWAGA
    AppInit_DLLs: C:\ProgramData\Lightzap\Replus.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Betalex.dll => Brak pliku
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    BootExecute: autocheck autochk * sdnclean64.exe
    Tcpip\..\Interfaces\{6F4C0004-711A-4180-B257-18F19599C09B}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8166A8F1-7CD2-412E-8BC1-1B5830CDF617}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{D56F405F-B0B4-4EB2-AEBA-75383464C4A9}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DFB03351-5DC4-4687-A5BA-FCB70083E234}: [NameServer] 104.197.191.4
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F..._dShY6hSf3X1Ruc3-1NMicfSr-cbE0H4ap35dy8HJRvik
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sklep.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sklep.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1184782418-3662472706-2967047954-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1184782418-3662472706-2967047954-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    BHO-x32: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> Brak pliku
    FF NewTab: C:\\ProgramData\\Lightzap\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Lightzap\\ff.HP
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF user.js: detected! => C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\user.js [2016-01-23]
    FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\searchplugins\findit.xml [2016-01-24]
    FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\searchplugins\mysites123.xml [2016-01-23]
    FF Extension: FirefixTab - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\Extensions\deskCutv2@gmail.com [2016-01-23] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\extensions\deskCutv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => nie znaleziono
    CHR HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe -f "C:\ProgramData\\Lightzap\\Lightzap.dat" -l -a
    S1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-01-23] () [Brak podpisu cyfrowego]
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
    S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]
    2016-01-24 12:29 - 2016-01-24 12:44 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-24 12:29 - 2016-01-24 12:43 - 00000322 _____ C:\Windows\Tasks\Price Fountain.job
    2016-01-24 12:29 - 2016-01-24 12:29 - 00003448 _____ C:\Windows\System32\Tasks\PawełSonantsPharmacopeiasV2
    2016-01-24 12:29 - 2016-01-24 12:29 - 00002660 _____ C:\Windows\System32\Tasks\Price Fountain
    2016-01-24 12:29 - 2016-01-24 12:29 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\PriceFountain
    2016-01-24 03:55 - 2016-01-24 03:55 - 00003162 _____ C:\Windows\System32\Tasks\Video Diner
    2016-01-24 03:55 - 2016-01-24 03:55 - 00003156 _____ C:\Windows\System32\Tasks\Video Diner2
    2016-01-24 03:55 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
    2016-01-24 02:06 - 2016-01-24 02:06 - 00000000 ____D C:\Windows\system32\vib
    2016-01-23 17:07 - 2016-01-23 17:07 - 00003338 _____ C:\Windows\System32\Tasks\Tybejisp
    2016-01-23 17:07 - 2016-01-23 17:07 - 00000000 ____D C:\Users\Paweł\AppData\LocalLow\Company
    2016-01-23 17:07 - 2016-01-23 17:07 - 00000000 ____D C:\Users\Paweł\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-01-23 13:36 - 2016-01-23 17:07 - 00056728 _____ C:\Windows\system32\Drivers\cherimoya.sys
    2016-01-24 11:26 - 2015-11-18 00:24 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Systweak
    2015-11-18 23:56 - 2015-11-18 23:56 - 0000006 ____S () C:\ProgramData\368991627af376d95601de0a597d04c4c266eb17
    C:\Users\Paweł\AppData\Roaming\Origin\update.vbe
    EmptyTemp:

    W FRST wybierz Napraw.

    Uruchom FRST, wklej do okna program:
    dnsapi.dll

    Wyszukaj pliki, po zakonczeniu zamiesc log, ktory sie utworzy.

    0
  • Pomocny post
    #3 24 Sty 2016 15:12
    Acorus 20
    Spec od komputerów

    Odinstaluj Setup, Spybot - Search & Destroy. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {019855D4-447C-4BD0-A248-BA0FF057F2C2} - System32\Tasks\Tybejisp => C:\PROGRA~1\SHOPPE~1\Ybaosf.bat
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {092A01C3-1854-4C25-AF08-6E7ACFCF4CDC} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: {2DC247F2-4B08-41DE-8A1D-D2F9090A584F} - System32\Tasks\Origin => C:\Users\Paweł\AppData\Roaming\Origin\update.vbe [2015-11-18] () <==== UWAGA
    Task: {64754D5C-64F6-42E0-BB33-D3D4840F2C64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {69E17C56-45AF-4D98-830E-46A0393399C7} - System32\Tasks\Price Fountain => C:\Users\PAWE~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {6A6E7FEA-3C6F-4A7F-BEA3-91DFA392E73C} - System32\Tasks\PawełSonantsPharmacopeiasV2 => Rundll32.exe ConsultsDualism.dll,main 7 1 <==== UWAGA
    Task: {A31FA474-496A-4E66-AE1E-11DB9127E881} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: {B0F0A159-07A7-4093-A0DF-D50BFE1E40CD} - System32\Tasks\Video Diner => Rundll32.exe "C:\Users\Paweł\AppData\Local\Video Diner\{440DD7C0-60B8-7742-5C15-76AF4BBAE9EA}\VideoDiner.dll",#1 <==== UWAGA
    Task: {B14B0691-3070-4C1A-9137-21241A1FDEA8} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== UWAGA
    Task: {B6E9A2E7-EC0B-47FC-B081-325F60DC0E2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {CCFB7AA6-9BD2-45EB-A3CD-F5C939B10FD5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {E3360FDD-E5A9-4123-9067-3D9D905195E3} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== UWAGA
    Task: {FA739530-3898-4E89-BF9E-AF18A233BC35} - \ShopperProJSUpd -> Brak pliku <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\PAWE~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    HKLM-x32\...\Run: [mbot_pl_014010149] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\RunOnce: [PriceFountain] => [X]
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {0e247d37-decb-11e4-8259-806e6f6e6963} - "E:\DisneySplash.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {74925cd1-78b1-11e5-8286-fcaa1450f9a2} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {7e819c95-5b08-11e5-8260-fcaa1450f9a2} - "I:\Setup.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {91d85198-5b90-11e5-8262-fcaa1450f9a2} - "G:\setup.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {9d945472-63fb-11e5-826d-fcaa1450f9a2} - "L:\inlaws.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {bba303ea-8153-11e5-828b-fcaa1450f9a2} - "G:\autorun.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\MountPoints2: {c8a360e3-6040-11e5-8269-fcaa1450f9a2} - "H:\OriginInstaller.exe"
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\458188\taskmgr.exe" <==== UWAGA
    AppInit_DLLs: C:\ProgramData\Lightzap\Replus.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\Betalex.dll => Brak pliku
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    BootExecute: autocheck autochk * sdnclean64.exe
    Tcpip\..\Interfaces\{6F4C0004-711A-4180-B257-18F19599C09B}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8166A8F1-7CD2-412E-8BC1-1B5830CDF617}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{D56F405F-B0B4-4EB2-AEBA-75383464C4A9}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DFB03351-5DC4-4687-A5BA-FCB70083E234}: [NameServer] 104.197.191.4
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F..._dShY6hSf3X1Ruc3-1NMicfSr-cbE0H4ap35dy8HJRvik
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sklep.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sklep.ntt.pl
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1184782418-3662472706-2967047954-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1184782418-3662472706-2967047954-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2xvYwU2SNSWNNh-nyNIMc5gPUsZIhkjl4TUvxq&q={searchTerms}
    BHO-x32: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> Brak pliku
    FF NewTab: C:\\ProgramData\\Lightzap\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Lightzap\\ff.HP
    FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\searchplugins\findit.xml [2016-01-24]
    FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\searchplugins\mysites123.xml [2016-01-23]
    FF Extension: FirefixTab - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\Extensions\deskCutv2@gmail.com [2016-01-23] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lbv7eja6.default\extensions\deskCutv2@gmail.com
    CHR HKU\S-1-5-21-1184782418-3662472706-2967047954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe -f "C:\ProgramData\\Lightzap\\Lightzap.dat" -l -a
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
    S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]
    2016-01-24 12:29 - 2016-01-24 12:44 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-24 12:29 - 2016-01-24 12:43 - 00000322 _____ C:\Windows\Tasks\Price Fountain.job
    2016-01-24 12:29 - 2016-01-24 12:29 - 00002660 _____ C:\Windows\System32\Tasks\Price Fountain
    2016-01-24 12:29 - 2016-01-24 12:29 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\PriceFountain
    2016-01-24 03:55 - 2016-01-24 03:55 - 00003162 _____ C:\Windows\System32\Tasks\Video Diner
    2016-01-24 03:55 - 2016-01-24 03:55 - 00003156 _____ C:\Windows\System32\Tasks\Video Diner2
    2016-01-24 03:55 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
    2016-01-23 17:07 - 2016-01-23 17:07 - 00003338 _____ C:\Windows\System32\Tasks\Tybejisp
    2016-01-23 17:07 - 2016-01-23 17:07 - 00000000 ____D C:\Users\Paweł\AppData\LocalLow\Company
    2016-01-23 17:07 - 2016-01-23 17:07 - 00000000 ____D C:\Users\Paweł\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-01-23 13:36 - 2016-01-23 17:07 - 00056728 _____ C:\Windows\system32\Drivers\cherimoya.sys
    C:\Users\Paweł\AppData\Roaming\Origin\update.vbe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Odinstaluj globalupdate Helper.

    0
  • #5 24 Sty 2016 17:24
    Kolobos
    Spec od komputerów

    Dla wersji 64bitowej masz kopie dnsapi.dll, brakuje za to 32bitowej.

    Pobierz i uzyj RepairDNS powsaly log zamiesc w zalaczniku.

    Uruchom okno cmd z prawami administratora i tam uruchom: sfc /scannow

    0
  • #7 24 Sty 2016 20:58
    Kolobos
    Spec od komputerów

    Ok, program nie wykryl infekcji. Zamiesc jeszcze logi z FRST ze skanowania do kontroli. Chce sie upewnic, ze szkodliwe dnsy nie wrocily.

    Dla pewnosci mozesz sprawdzic pliki na jotti lub virustotal.
    C:\Windows\system32\dnsapi.dll
    C:\Windows\SysWOW64\dnsapi.dll

    Mozesz juz usunac katalog C:\FRST.

    0
  • #8 26 Sty 2016 18:20
    JamajkaSmoker
    Poziom 2  

    Już wszystko gra i buczy. Wielkie dzięki za pomoc.
    Jak usunąć safe finder, sizzling hot i inne reklamy/programy?

    0