Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

UCGuard/ADWCleaner - Zainfekowany komputer, ADWCleaner zawiesza się.

tekku 09 Gru 2016 16:05 615 9
  • #1 09 Gru 2016 16:05
    tekku
    Poziom 5  

    Witam.
    Po wizycie mojej siostry, i używaniu mojego komputera, w przeglądarce CHROME, pojawiło się mnóstwo reklam i zmiana domyślnej wyszukiwarki.
    Oczywiście długo nie myśląc, odpalam ADCLEANER'a. Po skanowaniu,(125 zagrożeń :o ) próbuję oczyścić z wszelakiego syfu. Nie udaje mi się to jednak, gdyż ADWCleaner po kilku sekundach pracy się zawiesza.
    Wygooglowałem, że Usługa UCGUARD wywołuje taką reakcję. Po drugim skanowaniu, widzę że mam UCGUARD na dysku i nie mam pojęcia jak to usunąć . Byłbym bardzo wdzięczny za pomoc.
    W Załączniku logi z FSRT oraz GMER.

    0 9
  • CControls
  • Pomocny post
    #2 09 Gru 2016 16:21
    Acorus 20
    Spec od komputerów

    Użyj AdwCleanera w trybie awaryjnym.http://support.eset.pl/kb2268/?viewlocale=pl_PL
    Pokaż nowe logi z FRST.

    0
  • CControls
  • Pomocny post
    #3 09 Gru 2016 16:43
    krzychupar
    Poziom 40  

    Odinstaluj:
    amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {1890E3A3-B36B-43C2-911B-72DE0C8F8989} - System32\Tasks\d064844f7814ad7c35be8f9196931919 => Rundll32.exe "C:\Program Files (x86)\DOSBox-0.72\gj5voc.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    Task: {4C71A57B-B49B-45F0-B4EF-C2542BF79DEF} - \PPI Update -> Brak pliku <==== UWAGA
    Task: {7B0BBAEE-C621-40DD-97C6-5CB6E32B678D} - System32\Tasks\{74EBE353-B331-4B57-9C11-C66E629F6925} => pcalua.exe -a L:\setup.exe -d L:\
    Task: {8484F60D-7F7C-452C-B9E3-C2BCD892DF7C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {E3D4FAA7-8CA5-4B2A-A5E8-414D0F76CDC7} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Shortcut: C:\Users\biartyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\biartyy\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\biartyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
    ShortcutWithArgument: C:\Users\biartyy\Desktop\Wurm Online.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.wurmonline.com/client/wurmclient.jnlp "C:\Users\biartyy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5fef8269-5fc80b7e"
    ShortcutWithArgument: C:\Users\biartyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wurm Online\Wurm Online.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.wurmonline.com/client/wurmclient.jnlp "C:\Users\biartyy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5fef8269-5fc80b7e"
    ShortcutWithArgument: C:\Users\biartyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Setmy\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\Users\biartyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5993945003975900\Google Chrome.lnk -> C:\Program Files (x86)\Setmy\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    HKU\S-1-5-21-1339383410-1821958394-229966200-1001\...\MountPoints2: {48d20848-8f05-11e5-825c-d8cb8aa35afd} - "I:\Setup.exe"




    HKU\S-1-5-21-1339383410-1821958394-229966200-1001\...\MountPoints2: {bbfe7f17-cb1a-11e5-826b-d8cb8aa35afd} - "L:\setup.exe"
    Startup: C:\Users\biartyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk [2016-10-27] <===== UWAGA
    ShortcutTarget: monhost.lnk -> C:\Users\biartyy\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    Tcpip\..\Interfaces\{91D01376-5186-4CEE-BF7E-44D1B499684F}: [DhcpNameServer] 7.254.254.254
    Tcpip\..\Interfaces\{EA0126D3-FD1E-4BB6-9796-76F06FB282D9}: [DhcpNameServer] 172.20.10.1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    HKU\S-1-5-21-1339383410-1821958394-229966200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    HKU\S-1-5-21-1339383410-1821958394-229966200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...e0812&uid=SanDiskXSDSSDA120G_153282404537
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1339383410-1821958394-229966200-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1339383410-1821958394-229966200-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...mp;uid=SanDiskXSDSSDA120G_153282404537&q={searchTerms}
    BHO: Brak nazwy -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Brak pliku
    BHO: Brak nazwy -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> Brak pliku
    BHO-x32: Brak nazwy -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Brak pliku
    S2 WISvc; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [X]
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== UWAGA
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160128.003\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160128.003\EX64.SYS [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    2016-12-09 10:06 - 2016-02-14 20:09 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 09 Gru 2016 17:28
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #6 09 Gru 2016 18:43
    Kolobos
    Spec od komputerów

    Odinstaluj:
    amuleC
    McAfee Security Scan Plus
    Youtube AdBlock

    Usun recznie te skroty:
    C:\Users\biartyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    C:\Users\biartyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    C:\Users\biartyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk

    Nowy Fixlist.txt dla FRST:
    Task: {2335B04B-8EC2-4B1D-9E7B-8EBF71DBD495} - System32\Tasks\Llerwardcdasy Verfier => C:\Program Files (x86)\Arigertain\qifother.exe [2016-10-27] (VideoLAN)
    HKU\S-1-5-18\...\Run: [] => 0
    HKLM\...\Providers\0m8pq2r2: C:\Windows\Temp\local64spl.dll
    HKLM\...\Providers\0vawwt4k: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data_\local64spl.dll
    HKLM\...\Providers\14gy6e6n: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\1wfwfee3: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\26wy071q: F:\SteamLibrary\\local64spl.dll
    HKLM\...\Providers\2ago5me6: F:\Mad Max_\local64spl.dll
    HKLM\...\Providers\2dnaq8ll: F:\SteamLibrary_\local64spl.dll
    HKLM\...\Providers\2jk5l0k6: C:\Windows\Temp\local64spl.dll
    HKLM\...\Providers\30mk6fdz: F:\WOW\\local64spl.dll
    HKLM\...\Providers\3e9yvzls: F:\NAMCO BANDAI Games\\local64spl.dll
    HKLM\...\Providers\4a7q3guf: F:\Dead Island_\local64spl.dll
    HKLM\...\Providers\4kymdsrv: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\57a8m6lx: F:\Dead Island_\local64spl.dll
    HKLM\...\Providers\5k8tusaq: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\5l4d3skp: C:\\local64spl.dll
    HKLM\...\Providers\5nhpb3oo: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\5puqs7ed: F:\Logs\\local64spl.dll
    HKLM\...\Providers\60anksyz: C:\Users\biartyy\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\67alwdrg: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\6v4sbnz0: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\76xjn0ok: C:\Windows\Temp_\local64spl.dll
    HKLM\...\Providers\7c2zliuj: F:\Dead Island\\local64spl.dll
    HKLM\...\Providers\7kv5a5ms: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\7m1bwdjy: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\7n217kn5: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data_\local64spl.dll
    HKLM\...\Providers\805ie8f1: F:\Patch dying\\local64spl.dll
    HKLM\...\Providers\8dhb06mf: C:\Windows\Temp_\local64spl.dll
    HKLM\...\Providers\8mjvp4js: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\8nvdtwsl: F:\SteamLibrary_\local64spl.dll
    HKLM\...\Providers\9390f63l: F:\WOW\\local64spl.dll
    HKLM\...\Providers\95cgcoww: C:\_\local64spl.dll
    HKLM\...\Providers\9a9qq6u6: F:\Dying Light_\local64spl.dll
    HKLM\...\Providers\9zpbjb5z: C:\Windows\Temp_\local64spl.dll
    HKLM\...\Providers\akvqim13: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\b0yt99xa: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\bbk4jcpi: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data\local64spl.dll
    HKLM\...\Providers\ben5um6l: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\boaigg9k: C:\Windows\Temp\local64spl.dll
    HKLM\...\Providers\bqff2o6b: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\bzih7dh1: F:\Logs_\local64spl.dll
    HKLM\...\Providers\chdgqzyp: C:\Users\biartyy\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\coyd7nur: F:\Patch dying\\local64spl.dll
    HKLM\...\Providers\cq65jh36: F:\Mad Max_\local64spl.dll
    HKLM\...\Providers\d0ueit4y: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\d5nj5bdd: F:\Games_\local64spl.dll
    HKLM\...\Providers\eak8hpgn: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\eei3034q: C:\Users\biartyy\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\ehg54dfs: C:\Users\biartyy\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\f9vej1wz: F:\NAMCO BANDAI Games\\local64spl.dll
    HKLM\...\Providers\ffm4lejl: F:\Dying Light_\local64spl.dll
    HKLM\...\Providers\frawwqpn: F:\SteamLibrary_\local64spl.dll
    HKLM\...\Providers\h7fakuez: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data\local64spl.dll
    HKLM\...\Providers\hol1lmxj: C:\\local64spl.dll
    HKLM\...\Providers\ivqm0xu5: C:\_\local64spl.dll
    HKLM\...\Providers\j65ad62q: F:\Mad Max_\local64spl.dll
    HKLM\...\Providers\js0yucgx: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\jvuun114: F:\Dying Light\\local64spl.dll
    HKLM\...\Providers\k1qxb4s0: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\k6t15b5f: F:\Games_\local64spl.dll
    HKLM\...\Providers\k9opgbze: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\kcazp193: C:\_\local64spl.dll
    HKLM\...\Providers\kxqzfb2s: C:\Users\biartyy\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\kyz0csdg: F:\Patch dying_\local64spl.dll
    HKLM\...\Providers\l2wgp7ao: F:\NAMCO BANDAI Games\\local64spl.dll
    HKLM\...\Providers\m34alvo4: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\mafpua2t: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\miizeonr: C:\\local64spl.dll
    HKLM\...\Providers\mllzfnsr: F:\SteamLibrary\\local64spl.dll
    HKLM\...\Providers\mtqvxxcl: F:\Dying Light_\local64spl.dll
    HKLM\...\Providers\n6mj6anv: F:\NAMCO BANDAI Games_\local64spl.dll
    HKLM\...\Providers\nc8649dk: F:\WOW\\local64spl.dll
    HKLM\...\Providers\nnbr5vaj: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\oixwdvxr: F:\Dying Light\\local64spl.dll
    HKLM\...\Providers\oto1evzl: F:\Logs\\local64spl.dll
    HKLM\...\Providers\ozbkvpnc: F:\Logs_\local64spl.dll
    HKLM\...\Providers\qc1cbio8: F:\Games\\local64spl.dll
    HKLM\...\Providers\qfkk50ef: F:\Patch dying\\local64spl.dll
    HKLM\...\Providers\r1taoeft: F:\SteamLibrary\\local64spl.dll
    HKLM\...\Providers\rh6ybfkh: F:\Mad Max\\local64spl.dll
    HKLM\...\Providers\ruau9af1: F:\Logs_\local64spl.dll
    HKLM\...\Providers\ry0rxw6p: C:\Users\biartyy\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\s2nrja4c: F:\WOW_\local64spl.dll
    HKLM\...\Providers\sco7qy4x: F:\Patch dying_\local64spl.dll
    HKLM\...\Providers\sf3ue8fo: F:\Dead Island\\local64spl.dll
    HKLM\...\Providers\spea62d3: F:\Games\\local64spl.dll
    HKLM\...\Providers\tay467uk: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\tijwxzb8: F:\Dying Light\\local64spl.dll
    HKLM\...\Providers\tmdhq4oc: C:\Windows\system32\config\systemprofile\AppData\Local\Temp_\local64spl.dll
    HKLM\...\Providers\twulk2w6: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\u0pm4tb9: F:\WOW_\local64spl.dll
    HKLM\...\Providers\uetri93c: F:\Patch dying_\local64spl.dll
    HKLM\...\Providers\uwh2s3ob: F:\WOW_\local64spl.dll
    HKLM\...\Providers\ux582yfj: C:\Users\biartyy\AppData\LocalLow\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\vi20rda3: F:\NAMCO BANDAI Games_\local64spl.dll
    HKLM\...\Providers\vks14uj0: F:\Games\\local64spl.dll
    HKLM\...\Providers\vy3vtzph: F:\Mad Max\\local64spl.dll
    HKLM\...\Providers\wjoehe24: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\wqnbhati: F:\Logs\\local64spl.dll
    HKLM\...\Providers\wvx2au00: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll
    HKLM\...\Providers\xxvre7zb: F:\Mad Max\\local64spl.dll
    HKLM\...\Providers\y1hspqol: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data\local64spl.dll
    HKLM\...\Providers\ycxcd5nn: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\yk1mxi9t: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\yq16gcvv: F:\Dead Island\\local64spl.dll
    HKLM\...\Providers\yq5gb46r: F:\Games_\local64spl.dll
    HKLM\...\Providers\z31fh3la: C:\Users\biartyy\AppData\Local\Google\Chrome\User Data_\local64spl.dll
    HKLM\...\Providers\zp5ouv2f: F:\Dead Island_\local64spl.dll
    HKLM\...\Providers\zppju0mq: F:\NAMCO BANDAI Games_\local64spl.dll
    S2 ed2kidle; C:\Program Files (x86)\amuleC\ed2k.exe [237568 2016-11-02] (hxxp://www.amule.org/) [Brak podpisu cyfrowego] <==== UWAGA
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
    S2 WISvc; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [X]
    2016-11-22 18:25 - 2016-11-24 14:25 - 00000002 _____ C:\END
    2016-11-23 12:46 - 2016-10-27 13:46 - 00000000 ____D C:\Program Files (x86)\Arigertain
    2016-11-23 08:02 - 2016-11-04 17:06 - 00000170 _____ C:\Users\Public\Documents\temp.dat
    2016-11-10 09:39 - 2016-10-27 13:47 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
    2016-11-09 10:36 - 2016-11-08 10:32 - 00000000 ____D C:\ProgramData\jdgjc
    2016-11-09 10:36 - 2016-11-01 21:29 - 00000000 ____D C:\ProgramData\ChelfNotify
    2016-11-09 10:34 - 2016-10-27 13:44 - 00000000 ____D C:\Program Files (x86)\Errophgrifogh
    2016-11-09 10:22 - 2015-12-04 16:21 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-11-09 10:16 - 2016-11-08 10:32 - 00000000 ____D C:\Users\biartyy\AppData\Roaming\cgjcg
    2016-11-09 10:16 - 2016-11-01 21:29 - 00000000 ____D C:\Program Files (x86)\InterHop



    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe


    Wklej do okna frst:
    local64spl.dll

    Nacisnij Wyszukaj pliki i zamiesc log, ktory sie utworzy.

    Nastepnie wykonaj ponownie skanowanie i zamiesc nowe logi z FRST.

    0
  • Pomocny post
    #8 09 Gru 2016 20:27
    Kolobos
    Spec od komputerów

    Dlaczego nadal nie odinstalowales podanych programow?

    Odinstaluj!
    amuleC
    McAfee Security Scan Plus
    Oba zostaly juz usuniete ale dalej widac wpisy na liscie.

    Zostal Ci tez jeden skrot do usuniecia:
    C:\Users\biartyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk

    Nowy Fixlist.txt dla FRST:
    CHR Extension: (Adblocker for Youtube™) - C:\Users\biartyy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkgcomhcmhlbdokplmbpkejkojkmjglg [2016-11-08]
    S2 WISvc; C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceCacher.dll [X]
    2016-12-09 18:05 - 2016-12-09 19:32 - 00000000 ____D C:\AdwCleaner

    0
  • Pomocny post
    #10 09 Gru 2016 21:59
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.
    UCGuard/ADWCleaner - Zainfekowany komputer, ADWCleaner zawiesza się.

    0