Safefinder prośba o usunięcie

Red_jura · 22 Styczeń 2016 20:42

Witam. Mam problem z safefinderem.

Moje logi

http://www.wklej.org/id/1914878/ addition

Atis · 22 Styczeń 2016 20:51

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

AppInit_DLLs: C:\ProgramData\Lightzap\Freshis.dll = C:\ProgramData\Lightzap\Freshis.dll [805376 2016-01-19] ()
AppInit_DLLs-x32: C:\ProgramData\Lightzap\Flextam.dll = C:\ProgramData\Lightzap\Flextam.dll [257536 2016-01-19] ()
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKU\S-1-5-21-1754651520-860609133-2930834947-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpch5Fe3qw2V2uksnEFIKGfvCzhjI2is251nBAg538go1Vafsk58_TkvCXV6tTGJI5w5_iJokqpaLaCoQYII4hMA2SNAM7NB6rIUHMYxjHjAd2EYxHrldTbaX7uszKOX-JtAB-NIDIe3fwOBG5SmNSdUjidQajc,q={searchTerms}
HKU\S-1-5-21-1754651520-860609133-2930834947-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpch5Fe3qw2V2uksnEFIKGfvCzhjI2is251nBAg538go1Vafsk58_TkvCXV6tTGJI5w5_iJokqpaLaCoQYII4hMA2SNAM7NB6rIUHMYxjHjAd2EYxHrldTbaX7uszKOX-JtAB-NIDIe3fwOBG5SmNSdUjidQajc,q={searchTerms}
HKU\S-1-5-21-1754651520-860609133-2930834947-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpch5Fe3qw2V2uksnEFIKGfvCzhjI2is251nBAg538go1Vafsk58_TkvCXV6tTGJI5w5_iJokqpaLaCoQYII4hMA2SNAM7NB6rIUHMYxjHjAd2EYxHrldTbaX7uszKOX-JtAB-NIDIe3fwOBG5SmNSdUjidQajc,q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {ielnksrch} URL =
FF NewTab: C:\\ProgramData\\Lightzaps\\ff.NT
CHR HomePage: Default - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpch5Fe3qw2V2uksnEFIKGfvCzhjI2is251nBAg538go1Vafsk58_TkvCXV6tTGJI5wiX02SnAoQ4ub-bgw1Vhyafcvnn9-dsDybOZ4v2LV3ZYeDN7FNHIjB7BqVzBawgMhv9eoizTFJgJxK7Plls7XJyYhyHAQ,
CHR StartupUrls: Default - "hxxp://start.qone8.com/?type=hpts=1396984409from=smtuid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://websearch.searchsun.info/?pid=724r=2014/04/20hid=12416542219095693915lg=ENcc=PL","hxxp://www.search.ask.com/?tpid=ORJ-V7Co=APN11412pf=V7trgb=CRp2=%5EBBK%5EOSJ000%5EYY%5EPLgct=hpapn_ptnrs=BBKapn_dtid=%5EOSJ000%5EYY%5EPLapn_dbr=cr_34.0.1847.116apn_uid=F7F69367-6C74-4D79-BAF1-1BA7CDAB0947itbv=12.10.6.48doi=2014-04-27psv=","hxxp://websearch.eazytosearch.info/?pid=724r=2014/06/11hid=12416542219095693915lg=ENcc=PL","hxxp://www.delta-homes.com/?type=hpts=1402588791from=wpm0612uid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://www.only-search.com/?babsrc=HP_kmsaffID=129300tt=mntrid=8E479C2A7048BC7Atsp=5312","hxxp://www.gazeta.pl/0,0.html?p=156","hxxp://www.findamo.com?cid=3975ch=2","hxxp://isearch.omiga-plus.com/?type=hpts=1420651227from=coruid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://isearch.omiga-plus.com/?type=hpts=1421042691from=coruid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://isearch.\u003C!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"","hxxp://www.mystartsearch.com/?type=hpts=1421346031from=smtuid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://www.istartsurf.com/?type=hpts=1438196109z=82e479242562e97876a4b98g5z6c0b6getcqde5q8gfrom=coruid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://www.istartsurf.com/?type=hpppts=1438196160z=2ec93af0284dbc011d96b29gbz1c9b3g3t0qbgbg4ofrom=coruid=WDCXWD10JPVT-75A1YT0_WXB1E62DDF48E62DDF48","hxxp://www.mystartsearch.com/?type=hpts=1438879825z=1e4e79d1837c6a17265dd66gez5cbb5bam1tdm7wewfrom=wpcuid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2HF8KCTF8KCT","hxxp://www.delta-homes.com/?type=hpts=1444800370z=f68f1bedba8f0861271caedg9zazfzcbbe8e3cemccfrom=wpm07163uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2HF8KCTF8KCT","hxxp://www.google.pl/","hxxps://www.google.pl/?gws_rd=ssl"
CHR DefaultSearchURL: Default - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpch5Fe3qw2V2uksnEFIKGfvCzhjI2is251nBAg538go1Vafsk58_TkvCXV6tTGJI5wumDR8mVynuFc3TWowHpU3zXeaGucr5ZTzZMX7PTqQS37af3l7lYuU1vwC2x-DElGxngdGvW7MMK0aFOm_ZsMaEmf93uQ,q={searchTerms}
CHR DefaultSearchKeyword: Default - feed.sonic-search.com
CHR DefaultSuggestURL: Default - hxxps://search.yahoo.com/sugg/chrome?output=fxjsonappid=crmascommand={searchTerms}
OPR Extension: (Jungle Net) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgpjljifiicmbeheknnnooledmnjcld [2015-07-29]
S2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe -f "C:\ProgramData\\Lightzap\\Lightzap.dat" -l -a
2016-01-22 16:49 - 2016-01-22 16:49 - 00000000 _____ C:\autoexec.bat
2016-01-22 16:46 - 2016-01-22 16:46 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\sh-remover.exe
2016-01-19 21:54 - 2016-01-19 21:54 - 00000000 ____ D C:\ProgramData\Lavasoft
2016-01-19 21:54 - 2016-01-22 11:46 - 00003618 _____ C:\WINDOWS\System32\Tasks\Ad-Aware Update (Weekly)
2016-01-19 22:12 - 2016-01-19 22:12 - 00055384 _____ (Sunbelt Software) C:\WINDOWS\system32\Drivers\SBREDrv.sys
2016-01-19 21:19 - 2016-01-19 21:23 - 00000000 ____ D C:\AdwCleaner
2016-01-19 19:49 - 2016-01-22 18:11 - 00000000 ____ D C:\ProgramData\Lightzap
2016-01-19 19:49 - 2016-01-19 19:49 - 00000000 ____ D C:\ProgramData\Lightzaps
2016-01-19 19:47 - 2016-01-19 19:47 - 00956536 _____ ( ) C:\Users\User\Downloads\CCleaner-13061-dp.exe
2015-07-16 15:58 - 2015-07-16 15:58 - 6420480 _____ () C:\Program Files (x86)\GUTC006.tmp
Task: {09624E25-424A-4302-B8BE-09EF82E09CAB} - System32\Tasks\{A76501BA-D91C-4EA7-A618-23DB8EB45EE9} = pcalua.exe -a D:\start.exe -d D:\
Task: {5CD8DA95-1288-40B0-9E46-05550DA7B630} - System32\Tasks\{59197F34-4E3B-4F76-9AB5-8244F22EB171} = pcalua.exe -a D:\start.exe -d D:\
Task: {B5F8957B-1447-44FE-B629-0B315FA6FDFB} - System32\Tasks\{ACB3DE20-E093-495E-80D4-5A552BD67E20} = pcalua.exe -a D:\start.exe -d D:\
Task: {C45DC631-E2B0-4B98-9A8B-C494C755B56E} - System32\Tasks\UserWoundedTraumataV2 = Rundll32.exe MagesConveys.dll,main 7 1 ==== UWAGA
Task: {CEA45270-67A4-4673-AFE1-0DBA44D27C3F} - System32\Tasks\Ad-Aware Update (Weekly) = C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {EAA85313-084D-474A-B8D2-26901D16B856} - System32\Tasks\psv_KanKaykix = /c regedit.exe /s "C:\ProgramData\Lightzap\Tamremity.reg" amp; del "C:\ProgramData\Lightzap\Tamremity.reg" amp; SCHTASKS /Delete /TN "psv_KanKaykix" /F ==== UWAGA
C:\Users\User\AppData\Local\WoundedTraumata
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Red_jura · 22 Styczeń 2016 21:11

Zrobione, chrome zaczął poprawnie wyświetlać. Poniżej świeże logi.

Dziękuję za pomoc.

http://wklej.to/QyVpB

http://wklej.to/0jKnX

Atis · 22 Styczeń 2016 21:22

Nadal masz szkodliwą stronę startową.

Skasuj folder C:\FRST