1) C:\NVIDIA
W tym folderze jest folder bez nazwy - spróbuj go usunąć ręcznie poprzez SHIFT+DEL
2) C:\Program Files
W tym folderze jest folder bez nazwy - spróbuj go usunąć ręcznie poprzez SHIFT+DEL
3) C:\
W tym folderze jest folder bez nazwy - spróbuj go usunąć ręcznie poprzez SHIFT+DEL
4) C:\f731b67a9cfa317f0e1f356097c5fc0b
W tym folderze jest folder bez nazwy - spróbuj go usunąć ręcznie poprzez SHIFT+DEL
a ja w tym czasie będę dalej przeglądał logi i przygotowywał skrypt usuwający.
Adw-Cleaner nie będzie prawidłowo działał, dopóki nie usuniemy tego chińskiego UC Browser.
5) Otwórz Notatnik i wklej w nim:
Task: {34F2F079-53C5-4FAB-9C2F-7CDD2147059D} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== UWAGA
Task: {432C415A-40E5-45F2-B0E2-430B7217001A} - System32\Tasks\4e6db555282ebe2612d98817c3f9a298 => Rundll32.exe "C:\Program Files (x86)\SlimDrivers\6wr1rs.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
Task: {55479758-CDA2-4887-826B-E5CD8EBDE77A} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== UWAGA
Task: {7AD88B67-7763-4771-B125-DA80F2C2C234} - System32\Tasks\Atalagelvoy Module => C:\Program Files (x86)\Aterkither\greory.exe
Task: {886FF864-0449-447A-B462-D0FE074B30EB} - \UCBrowserUpdater -> Brak pliku <==== UWAGA
Task: {9B8AF18F-B7E0-433F-9EF4-A1E370FEA01B} - \UCBrowserUpdaterCore -> Brak pliku <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\UCBrowser
RemoveDirectory: C:\ProgramData\ChelfNotify
RemoveDirectory: C:\Program Files (x86)\Aterkither
RemoveDirectory: C:\Program Files (x86)\Elex-tech
RemoveDirectory: c:\program files (x86)\winarcher
RemoveDirectory: c:\programdata\winsapsvc
RemoveDirectory: C:\Program Files (x86)\Setmy
RemoveDirectory: C:\Program Files (x86)\mpck
RemoveDirectory: C:\Program Files (x86)\badu
RemoveDirectory: C:\f731b67a9cfa317f0e1f356097c5fc0b_
RemoveDirectory: C:\f731b67a9cfa317f0e1f356097c5fc0b
RemoveDirectory: C:\Program Files_
RemoveDirectory: c:\program files (x86)\ludashi
RemoveDirectory: C:\ProgramData\Tencent
RemoveDirectory: C:\Program Files (x86)\interhpx_00000000
RemoveDirectory: C:\ProgramData\WinSAPSvc
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\Elex-tech
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\lockhomepage
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\Hemkajdoa
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\AzigcWig
RemoveDirectory: C:\Users\Błażej\AppData\Local\tuto_monetize_120161024
RemoveDirectory: C:\Users\Błażej\AppData\Local\Tempfolder
RemoveDirectory: C:\ProgramData\Avg
RemoveDirectory: C:\Users\Bᄈaej\AppData\Local\Ghpght
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\Chovle
RemoveDirectory: C:\Users\Błażej\AppData\Local\Ghpght
RemoveDirectory: C:\Program Files (x86)\00000000-1477320395-0000-0000-00241D9EDCD2
RemoveDirectory: C:\Users\Błażej\AppData\Roaming\Microleaves
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III\Warcraft III - CzytajTo.lnk
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [20324]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [360904]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1157922]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
FirewallRules: [{46FB482C-D291-4A30-80C4-BA5E3594F3F0}] => (Allow) C:\Users\Błażej\AppData\Local\Temp\inst_buychannel_45.exe
FirewallRules: [{D3B5E9C4-2C0B-4357-BBF8-7F630934B4CB}] => (Allow) C:\Users\Błażej\AppData\Local\Temp\inst_buychannel_45.exe
FirewallRules: [{F84631A3-A395-40D8-9543-4281EF09C057}] => (Allow) C:\Program Files (x86)\Setmy\Application\chrome.exe
HKLM\...\Run: [WINCOMLIC] => "C:\Program Files (x86)\mpck\wincom_LIC.exe"
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [221264 2016-10-24] ()
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\badu\Uninst.exe
HKU\S-1-5-21-306332911-837314955-241288414-1000\...\Run: [BingSvc] => C:\Users\Błażej\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-306332911-837314955-241288414-1000\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [221264 2016-10-24] ()
HKU\S-1-5-21-306332911-837314955-241288414-1000\...\Run: [svchost0] => C:\Program Files (x86)\badu\uc.exe [221264 2016-10-24] ()
HKU\S-1-5-18\...\Run: [] => 0
HKLM\...\Providers\2o1hy65r: C:\Program Files\\local64spl.dll
HKLM\...\Providers\7bva3705: C:\\local64spl.dll
HKLM\...\Providers\f0d5bqus: C:\Program Files_\local64spl.dll
HKLM\...\Providers\fnvq1r9i: C:\_\local64spl.dll
HKLM\...\Providers\g5x2unbb: C:\f731b67a9cfa317f0e1f356097c5fc0b_\local64spl.dll
HKLM\...\Providers\nf5m9ik1: C:\f731b67a9cfa317f0e1f356097c5fc0b\\local64spl.dll
HKLM\...\Providers\r44lxb5d: C:\NVIDIA_\local64spl.dll
HKLM\...\Providers\x1vaywdg: C:\NVIDIA\\local64spl.dll
C:\NVIDIA\\local64spl.dll
C:\NVIDIA_\local64spl.dll
C:\_\local64spl.dll
C:\f731b67a9cfa317f0e1f356097c5fc0b\\local64spl.dll
C:\f731b67a9cfa317f0e1f356097c5fc0b_\local64spl.dll
C:\Program Files_\local64spl.dll
C:\\local64spl.dll
C:\Program Files\\local64spl.dll
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
HKU\S-1-5-21-306332911-837314955-241288414-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
HKU\S-1-5-21-306332911-837314955-241288414-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
SearchScopes: HKU\S-1-5-21-306332911-837314955-241288414-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
SearchScopes: HKU\S-1-5-21-306332911-837314955-241288414-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478248892&z=5c7971a6c33fb7bdbacd4c6gbz0m3b7o1z6b9b2t5o&from=che0812&uid=SAMSUNGXHD103UJ_S13PJ1KS710415&q={searchTerms}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
CHR StartupUrls: Profile 1 -> "hxxp://www.nicesearches.com?type=hp&ts=1477991139&from=d1580002&uid=samsungxhd103uj_s13pj1ks710415&z=6ae209098d47d662148f989g6z3mam8tetdg9gbc8b"
CHR Session Restore: Profile 1 -> [funkcja włączona]
CHR Profile: C:\Users\Błażej\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-24] <==== UWAGA
C:\Users\Błażej\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [337920 2016-10-26] () [Brak podpisu cyfrowego]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil cenzura!ções Ltda)
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [219648 2016-11-04] () [Brak podpisu cyfrowego]
S2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [X] <==== UWAGA
S2 IlS; C:\ProgramData\Tencent\QQ\qmdr\dr.dll [X]
R1 bsdpf64; C:\Windows\system32\Drivers\bsdpf64.sys [27456 2016-10-24] ()
C:\Windows\system32\Drivers\bsdpf64.sys
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil cenzura!ções Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil cenzura!ções Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil cenzura!ções Ltda)
C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys
R1 ucdrv; C:\Windows\System32\drivers:ucdrv-x64.sys [20324 ] (UC Web Inc.) <==== UWAGA
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== UWAGA
C:\Windows\System32\DRIVERS\ucguard.sys
C:\Windows\System32\drivers:ucdrv-x64.sys
2016-11-04 16:55 - 2016-11-04 16:55 - 00000007 _____ C:\Windows\SysWOW64\7A6E.tmp
2016-11-04 16:55 - 2016-11-04 16:55 - 00000000 ____D C:\Users\Błażej\AppData\Local\Setmy
2016-10-26 13:13 - 2016-10-28 11:26 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-10-26 13:09 - 2016-10-26 13:09 - 00000000 ____D C:\Users\Błażej\AppData\Local\Nolarry
2016-10-26 13:07 - 2016-11-04 17:02 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-10-26 13:07 - 2016-11-04 16:52 - 00000003 _____ C:\Windows\SysWOW64\hoewmds
2016-10-25 19:50 - 2016-10-28 20:32 - 00000000 ___HD C:\_
2016-10-25 19:50 - 2016-10-28 17:11 - 00000000 ___HD C:\Program Files_
2016-10-25 19:50 - 2016-10-28 17:07 - 00000000 ___HD C:\NVIDIA_
2016-10-25 19:50 - 2016-10-28 17:04 - 00000000 ___HD C:\f731b67a9cfa317f0e1f356097c5fc0b_
2016-10-25 19:50 - 2016-10-25 19:50 - 00000020 ____H C:\Program Files\local64spl.dll.ini
2016-10-25 19:50 - 2016-10-25 19:50 - 00000020 ____H C:\local64spl.dll.ini
C:\TOSTACK
C:\Users\Błażej\Desktop\Skróty Pulpitu\GeForce Experience.lnk
C:\Users\Błażej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
HOSTS:
EmptyTemp:
>>Menu Notatnika >> Plik >>
>>Zapisz jako >>
Nazwa pliku:
fixlistZapisz jako typ:
Dokumenty tekstoweKodowanie:
Unicode>>Zapisz
Plik umieść w folderze C:\Users\Błażej\Desktop
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
6) Uruchom Google Chrome
> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >
> Sekcja: OSOBY
>zaznacz (wybierz):
user0kliknij znaczek
X znajdujący się po prawej stronie
7) Teraz możesz spróbować użyć Adw-Cleanera.
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"
Zrób nowe logi FRST.
Przed skanem zaznacz "Addition.txt" oraz "Shortcut.txt"
.