Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Problem z zawieszającym się AdwCleanerem - UCGuard itp.

#1
Problem z zawieszającym się AdwCleanerem - UCGuard itp.
Dzień dobry.
Próbowałem usunąć niechciane wyskakujące reklamy AdwCleanerem (v 6.021), ale po przeskanowaniu (było ok. 500 ostrzeżeń) i wciśnięciu "clean" komputer się zawieszał. Poczytałem trochę - trafiłem na to forum, gdzie podobne przypadki były opisywane, ale nie jestem sam w stanie sobie z tym poradzić.

Po uruchomieniu FRST - logi (rzeczywiście - jest m.in. UCGuard):
http://www.wklej.org/id/2890648/ - Shortcut.txt
http://www.wklej.org/id/2890651/ - Addition.txt
http://www.wklej.org/id/2890671/ - FRST.txt

Proszę o pomoc... Z góry dziękuję :-)

PS. Jak mógłbym sam sobie z tym poradzić? (chodzi o to, jak samemu wymyślić, co mam wpisać do pliku fixlist.txt)
 System operacyjny: windows_ten Przeglądarka: chrome
#2
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
1) Otwórz Notatnik i wklej w nim:
Cytat:FirewallRules: [{A4BA64D2-A524-44FE-9A39-2896653FDA73}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{6F0D677F-7CFC-47DD-80C4-970C7F85A77D}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{BDCAED55-20E4-4ADE-B453-9D64488AF1B0}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{B4D5DCD5-9803-4A15-B55A-FC29458A6C54}] => (Allow) C:\Users\g\AppData\Local\Temp\is-6FM28.tmp\download\MiniThunderPlatform.exe
RemoveDirectory: C:\Program Files (x86)\UCBrowser
RemoveDirectory: C:\ProgramData\Nimfind
RemoveDirectory: c:\program files (x86)\sunshine
RemoveDirectory: c:\program files (x86)\kuaizip
RemoveDirectory: c:\program files (x86)\rcoplgury
RemoveDirectory: D:\Program Files\UDPdp
RemoveDirectory: C:\Program Files (x86)\TCPnp*
RemoveDirectory: C:\ProgramData\NetworkPacketManitor
RemoveDirectory: C:\ProgramData\Logic Handler
RemoveDirectory: C:\ProgramData\Lightzap
RemoveDirectory: C:\ProgramData\AppecivreSpA
RemoveDirectory: C:\Users\Piotrek\AppData\Roaming\PRICEF~2
RemoveDirectory: C:\Program Files (x86)\ttwifi
RemoveDirectory: C:\Program Files (x86)\WinTaske
RemoveDirectory: C:\Users\Piotrek\AppData\Roaming\Gameo
RemoveDirectory: C:\Program Files (x86)\34444335-1474827180-5832-4C47-A02BB84F4D02
RemoveDirectory: C:\ProgramData\Thunder Network
RemoveDirectory: C:\Users\g\AppData\Local\Tempfolder
RemoveDirectory: C:\Users\g\AppData\Roaming\Hemkajdoa
RemoveDirectory: C:\Users\Public\Thunder Network
RemoveDirectory: C:\Users\g\AppData\Roaming\KuaiZip
RemoveDirectory: C:\Users\g\AppData\Roaming\Softlink
RemoveDirectory: C:\Users\g\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
RemoveDirectory: C:\Program Files\Caster
RemoveDirectory: C:\Users\g\AppData\Local\Stesaied
RemoveDirectory: C:\Program Files\SpaceSoundPro
RemoveDirectory: C:\ProgramData\AVAST Software
RemoveDirectory: C:\ProgramData\Avg
RemoveDirectory: C:\ProgramData\Avira
RemoveDirectory: C:\Program Files (x86)\23xp17n1
RemoveDirectory: C:\Program Files (x86)\8gn3ulro
RemoveDirectory: C:\WINDOWS\system32\gira
RemoveDirectory: C:\Users\Piotrek\AppData\Roaming\KuaiZip
RemoveDirectory: C:\Users\hania_1l9ucre\AppData\Roaming\KuaiZip
RemoveDirectory: C:\Users\krzysiek\AppData\Roaming\KuaiZip
RemoveDirectory: C:\ProgramData\cosun
RemoveDirectory: C:\Users\Piotrek\AppData\Roaming\Sunshine
RemoveDirectory: C:\Program Files\pclient
RemoveDirectory: C:\ProgramData\Nimfinds
RemoveDirectory: C:\Program Files (x86)\sbqh
ShortcutWithArgument: C:\Users\g\Desktop\firefox.exe — skrót.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info
ShortcutWithArgument: C:\Users\g\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\g\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://navsmart.info
ShortcutWithArgument: C:\Users\g\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navsmart.info
C:\Users\g\Desktop\Uninstall PROТанки MultiPack.lnk
C:\Users\g\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Users\g\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Task: C:\WINDOWS\Tasks\PriceFountainUpdateVer.job => C:\Users\Piotrek\AppData\Roaming\PRICEF~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\{7EA2AF02-DF0D-7F42-EA7A-6151CBD87D01}.job => C:\Users\Piotrek\AppData\Roaming\PRICEF~2\UPDATE~1.EXE <==== ATTENTION
Task: {032C57E1-141C-478F-B908-FF4E3EE854B0} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\Download\4753D1C588E3312279CA7CEE5071614E\Update\BrowserUpdate.exe [2016-03-17] (Tencent) <==== ATTENTION
Task: {03B9465C-7A91-4636-A502-D5607A8286CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0523A45F-5F1C-4DF2-ACAB-5242658602C6} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1006 -> No File <==== ATTENTION
Task: {1A23E587-4B87-4EE3-AC94-3208A51A38CE} - System32\Tasks\psv_ZathLam => /c regedit.exe /s "C:\ProgramData\Lightzap\Lexitouch.reg" &amp; del "C:\ProgramData\Lightzap\Lexitouch.reg" &amp; SCHTASKS /Delete /TN "psv_ZathLam" /F <==== ATTENTION
Task: {1C02D821-6A59-4A44-A70E-D3333F2EA790} - System32\Tasks\psv_SonLamis => /c regedit.exe /s "C:\ProgramData\Lightzap\Tree-Tech.reg" &amp; del "C:\ProgramData\Lightzap\Tree-Tech.reg" &amp; SCHTASKS /Delete /TN "psv_SonLamis" /F <==== ATTENTION
Task: {1E510DFA-A0F9-4B19-AE38-D01240492F29} - System32\Tasks\psv_IsTech => /c regedit.exe /s "C:\ProgramData\Lightzap\Airfind.reg" &amp; del "C:\ProgramData\Lightzap\Airfind.reg" &amp; SCHTASKS /Delete /TN "psv_IsTech" /F <==== ATTENTION
Task: {223C953B-7676-4F33-BD0D-CCEF2CB54461} - System32\Tasks\gLeaguersDemilitarizingV2 => Rundll32.exe BilobedGigaton.dll,main 7 1 <==== ATTENTION
Task: {34E9BC5A-574F-4A38-9329-C50270EDD559} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {353C37F0-67E1-4D48-B92D-228311FCCCD3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3B4012B2-7D1E-4B82-BAD5-401D428BD266} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {45E32209-4E47-48C8-860E-E97DD0A80B97} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION
Task: {536C8FFE-8D4B-48D0-9469-664F01613EB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {573A94E1-7C4E-4CD1-9868-9CDAC42A8899} - System32\Tasks\PiotrekCurettedHickV2 => Rundll32.exe CornCabbalas.dll,main 7 1 <==== ATTENTION
Task: {59920E01-DAD2-419D-9DAB-8F80860E1F27} - System32\Tasks\psv_Lab-Is => /c regedit.exe /s "C:\ProgramData\Lightzap\ScotTamtop.reg" &amp; del "C:\ProgramData\Lightzap\ScotTamtop.reg" &amp; SCHTASKS /Delete /TN "psv_Lab-Is" /F <==== ATTENTION
Task: {5BBC02A8-B887-4C09-A9ED-69C83FD4EBDF} - System32\Tasks\psv_Cofhome => /c regedit.exe /s "C:\ProgramData\Lightzap\DingJaycom.reg" &amp; del "C:\ProgramData\Lightzap\DingJaycom.reg" &amp; SCHTASKS /Delete /TN "psv_Cofhome" /F <==== ATTENTION
Task: {621FCE39-DDB5-4983-8FB6-3EF07119F317} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {62B2B453-B940-4D7D-84EF-06D86532D3A2} - System32\Tasks\PriceFountainUpdateVer => C:\Users\Piotrek\AppData\Roaming\PRICEF~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {67673E5B-1139-4ED7-B66E-56A9F718E723} - System32\Tasks\Rotockclajent Core => C:\Program Files (x86)\Rcoplgury\gubepy.exe [2016-09-25] (Glarysoft Ltd)
Task: {707E564E-E93A-4FE5-83F6-AC56F52731A1} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {734C4B09-0EDF-4D69-8E82-053C8C679C9C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {77D0A38C-C940-425E-9195-2A9BBA857EEC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7E913708-8FDB-42F2-B281-D60388688EA4} - System32\Tasks\psv_Trustbam => /c regedit.exe /s "C:\ProgramData\Lightzap\K-tip.reg" &amp; del "C:\ProgramData\Lightzap\K-tip.reg" &amp; SCHTASKS /Delete /TN "psv_Trustbam" /F <==== ATTENTION
Task: {7FC01F5C-1EBA-40EC-AFD1-2519E06C0377} - System32\Tasks\psv_Santough => /c regedit.exe /s "C:\ProgramData\Lightzap\NewDomwarm.reg" &amp; del "C:\ProgramData\Lightzap\NewDomwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Santough" /F <==== ATTENTION
Task: {86822562-810F-475B-AAEA-091F924E0A4A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {87C29A7B-2985-4331-A266-2D7F18358B74} - System32\Tasks\psv_Stanbam => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\Zencom.reg" &amp; del "C:\ProgramData\AppecivreSpA\Zencom.reg" &amp; SCHTASKS /Delete /TN "psv_Stanbam" /F <==== ATTENTION
Task: {8C8E3622-5B02-416A-92FB-B692BA96E0DD} - System32\Tasks\psv_Zumlab => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\SuperEco.reg" &amp; del "C:\ProgramData\AppecivreSpA\SuperEco.reg" &amp; SCHTASKS /Delete /TN "psv_Zumlab" /F <==== ATTENTION
Task: {9671A146-A1D0-41DE-8E7F-3348DCFD74D7} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1001 -> No File <==== ATTENTION
Task: {9AA29927-46DD-4AD0-8F34-A3FB66A4D7D3} - System32\Tasks\psv_Soloair => /c regedit.exe /s "C:\ProgramData\Lightzap\NewTip.reg" &amp; del "C:\ProgramData\Lightzap\NewTip.reg" &amp; SCHTASKS /Delete /TN "psv_Soloair" /F <==== ATTENTION
Task: {9BE9125A-A3E0-4747-B2E6-458C59282EC4} - System32\Tasks\psv_Medhottom => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\Xxx-Fresh.reg" &amp; del "C:\ProgramData\AppecivreSpA\Xxx-Fresh.reg" &amp; SCHTASKS /Delete /TN "psv_Medhottom" /F <==== ATTENTION
Task: {9DE2CF86-06CE-415B-92EF-2A57B4E431BE} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1005 -> No File <==== ATTENTION
Task: {A44B7A57-93E1-4448-8234-52CC1C883D4B} - System32\Tasks\psv_Candax => /c regedit.exe /s "C:\ProgramData\Lightzap\Canstring.reg" &amp; del "C:\ProgramData\Lightzap\Canstring.reg" &amp; SCHTASKS /Delete /TN "psv_Candax" /F <==== ATTENTION
Task: {A4A9E665-2F15-43F7-87CD-CFABCDB1988D} - System32\Tasks\psv_Lajob => /c regedit.exe /s "C:\ProgramData\Lightzap\ZathDax.reg" &amp; del "C:\ProgramData\Lightzap\ZathDax.reg" &amp; SCHTASKS /Delete /TN "psv_Lajob" /F <==== ATTENTION
Task: {A71EA49F-64A6-47A4-BDDC-B1667B934361} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A87E3AD2-728B-4833-9786-1AE55C20BC4D} - System32\Tasks\psv_K--Com => /c regedit.exe /s "C:\ProgramData\Lightzap\Sonlotstring.reg" &amp; del "C:\ProgramData\Lightzap\Sonlotstring.reg" &amp; SCHTASKS /Delete /TN "psv_K--Com" /F <==== ATTENTION
Task: {AC5E5F2F-405E-474A-9DD4-008813E898BB} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe <==== ATTENTION
Task: {AC749943-E50F-408F-A827-04F05D4C1E54} - System32\Tasks\{7EA2AF02-DF0D-7F42-EA7A-6151CBD87D01} => C:\Users\Piotrek\AppData\Roaming\PRICEF~2\UPDATE~1.EXE <==== ATTENTION
Task: {AD5A3F3D-239A-4579-A5D3-48946518D818} - System32\Tasks\snp => C:\ProgramData\Nimfind\Nimfind.exe [2016-09-30] () <==== ATTENTION
Task: {B1A90EDD-604D-41E7-A3BE-C2F6067DC6C8} - System32\Tasks\psv_Roundla => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\ZamEco.reg" &amp; del "C:\ProgramData\AppecivreSpA\ZamEco.reg" &amp; SCHTASKS /Delete /TN "psv_Roundla" /F <==== ATTENTION
Task: {B6C63E1B-8F73-41DF-96D6-FA3DCDD57627} - System32\Tasks\psv_Lamcore => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\Freshfind.reg" &amp; del "C:\ProgramData\AppecivreSpA\Freshfind.reg" &amp; SCHTASKS /Delete /TN "psv_Lamcore" /F <==== ATTENTION
Task: {BCD232EB-E2D5-402F-9598-4C7312B6FF33} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== ATTENTION
Task: {BE47AADC-EC48-4FEC-B189-01EF2AE2398A} - System32\Tasks\{0C3007D1-FF21-4DCC-AE9C-7087897BAB16} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Stan-Com\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Stan-Com\uninstall.dat" -a uninstallme BE0A940A-B9C3-4A38-B62A-727CD5EE98FF DeviceId=637b8a40-437c-a144-fc87-19cfe26fa77f BarcodeId=50127003 ChannelId=3 DistributerName=APSFImali
Task: {BF90771D-0A24-411A-8640-60823925DEDC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C3EF354C-BE1C-437B-969E-3111950071A8} - System32\Tasks\psv_Tiplam => /c regedit.exe /s "C:\ProgramData\Lightzap\Zummatam.reg" &amp; del "C:\ProgramData\Lightzap\Zummatam.reg" &amp; SCHTASKS /Delete /TN "psv_Tiplam" /F <==== ATTENTION
Task: {C6C8ECD5-447E-4D91-81CA-807EAFB5C5C4} - System32\Tasks\{60C8F2F3-E575-4DAE-A886-CF786283095D} => pcalua.exe -a C:\Users\Piotrek\AppData\Roaming\Gameo\uninstall.exe
Task: {CD09EB0A-E8FE-4CD4-843A-52C6B7823B9C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D480CD61-93E0-4816-B391-BE8B91AF4701} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1008 -> No File <==== ATTENTION
Task: {D9155D59-539F-4DB6-8325-23EF295D0064} - System32\Tasks\PiotrekDaybookCalibratesV2 => Rundll32.exe AscotSuperannuity.dll,main 7 1 <==== ATTENTION
Task: {DA55F35D-E6BE-40F5-902E-5BCF2A4ECCB2} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1007 -> No File <==== ATTENTION
Task: {DDD46D85-2CA3-4D4D-AFB1-D5EEF727FC6D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {DEEBFBD1-521E-4D8F-9243-C1147DB43658} - System32\Tasks\psv_SuperEco => /c regedit.exe /s "C:\ProgramData\Lightzap\Roundla.reg" &amp; del "C:\ProgramData\Lightzap\Roundla.reg" &amp; SCHTASKS /Delete /TN "psv_SuperEco" /F <==== ATTENTION
Task: {DF07E7B9-DDC3-402E-979F-FA06D7C7497C} - System32\Tasks\psv_ZamEco => /c regedit.exe /s "C:\ProgramData\Lightzap\Dongtamcore.reg" &amp; del "C:\ProgramData\Lightzap\Dongtamcore.reg" &amp; SCHTASKS /Delete /TN "psv_ZamEco" /F <==== ATTENTION
Task: {DF0FF767-C90F-47B9-B341-9871976318C2} - \WPD\SqmUpload_S-1-5-21-2812224853-2447451174-1762123943-1004 -> No File <==== ATTENTION
Task: {E1004706-1E8D-4811-A8F6-9B001B855F00} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EA234F37-B1F4-4096-9533-BAB5789C860C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED5CC0E6-279C-4B2C-823E-5C531FC85B5F} - System32\Tasks\psv_Lamit => /c regedit.exe /s "C:\ProgramData\AppecivreSpA\DanQvoron.reg" &amp; del "C:\ProgramData\AppecivreSpA\DanQvoron.reg" &amp; SCHTASKS /Delete /TN "psv_Lamit" /F <==== ATTENTION
Task: {F007471A-2CD1-4A9A-B162-F7265B2376DD} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F29C5EAF-E393-490A-B6BE-AE6BC9A55984} - System32\Tasks\psv_DanQvoron => /c regedit.exe /s "C:\ProgramData\Lightzap\Voltron.reg" &amp; del "C:\ProgramData\Lightzap\Voltron.reg" &amp; SCHTASKS /Delete /TN "psv_DanQvoron" /F <==== ATTENTION
Task: {FDAB3B6D-0BE8-4371-9111-3D20945B7DC0} - System32\Tasks\snf => C:\ProgramData\Nimfind\Nimfind.exe [2016-09-30] () <==== ATTENTION
C:\WINDOWS\SysWOW64\findit.xml
C:\WINDOWS\system32\Drivers\ucguard.sys
C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\KuaiZip.lnk
C:\WINDOWS\system32\Drivers\KuaiZipDrive2.sys
C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
R2 KuaiZipDrive2; C:\WINDOWS\system32\drivers\KuaiZipDrive2.sys [93072 2016-09-25] (WinMount International Inc) <==== ATTENTION
R2 TCPnP3; C:\Program Files (x86)\TCPnp3\TCPnP3.exe [189444 2016-09-25] () [File not signed]
R2 TCPnP4; C:\Program Files (x86)\TCPnp4\TCPnP4.exe [189444 2016-09-25] () [File not signed]
R2 TCPnP5; C:\Program Files (x86)\TCPnp5\TCPnP5.exe [189444 2016-09-25] () [File not signed]
R2 TCPnP6; C:\Program Files (x86)\TCPnp6\TCPnP6.exe [189444 2016-09-25] () [File not signed]
R2 UDPnP33; D:\Program Files\UDPdp\UDPnp3\UDPdp33.exe [189444 2016-09-25] () [File not signed]
R2 UDPnP44; D:\Program Files\UDPdp\UDPnp4\UDPdp44.exe [189444 2016-09-25] () [File not signed]
R2 UDPnP55; D:\Program Files\UDPdp\UDPnp5\UDPdp55.exe [189444 2016-09-25] () [File not signed]
R2 UDPnP66; D:\Program Files\UDPdp\UDPnp6\UDPdp66.exe [189444 2016-09-25] () [File not signed]
R2 Sunshinesvc; C:\Program Files (x86)\Sunshine\sunshinesvc.dll [343800 2016-09-27] ()
S2 pclient; C:\Program Files\pclient\pclient.exe [312320 2016-09-30] () [File not signed]
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [57856 2016-09-28] () [File not signed]
R2 Nimfind; C:\ProgramData\\Nimfind\\Nimfind.exe [693760 2016-09-30] () [File not signed]
R2 Kuaizip Update Checker; C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll [216704 2016-09-25] ()
S2 AppecivreSpA; C:\ProgramData\\AppecivreSpA\\AppecivreSpA.exe [392704 2016-08-15] () [File not signed]
R2 Aracity; C:\Program Files (x86)\Rcoplgury\RepacooleiedCch.dll [275968 2016-09-25] () [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2016-09-25] () [File not signed]
CHR Extension: (Browser Hunt) - C:\Users\g\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2016-10-02]
CHR Profile: C:\Users\g\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-09] <==== ATTENTION
C:\Users\g\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
FF SearchPlugin: C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\04uind58.default\searchplugins\findit.xml [2016-04-05]
FF SearchPlugin: C:\Users\g\AppData\Roaming\Mozilla\Firefox\Profiles\04uind58.default\searchplugins\vhd4tsie.xml [2016-09-25]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\04uind58.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\04uind58.default -> C:\ProgramData\Nimfinds\ff.HP
FF NewTab: Mozilla\Firefox\Profiles\04uind58.default -> C:\ProgramData\Nimfinds\ff.NT
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\04uind58.default -> trotux
SearchScopes: HKLM -> {D143C58B-95CC-42D2-B081-E3CB985959E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCXv01MhCKi_Kv-UfVxL0YC3J50NOMYmtVjpz-Xqa9niVAH8jrSIgiG0IMIx5yhPfhI1M1C2Bu3BDEVTDNr5A51DD55SAo3kPi_ucdmprsfN9n-3SQIzYzYnskPraXWvk-zOuO1uVC4cl0FwUG8VgwpBT5yCWo,&q={searchTerms}
SearchScopes: HKLM-x32 -> {D143C58B-95CC-42D2-B081-E3CB985959E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2812224853-2447451174-1762123943-1005 -> {D143C58B-95CC-42D2-B081-E3CB985959E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2812224853-2447451174-1762123943-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2812224853-2447451174-1762123943-1005 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCXv01MhCKi_Kv-UfVxL0YC3J50NOMYmtVjpz-Xqa9niVAH8jrSIgiG0IMIx5yhPfhI1M1C2Bu3BDEVTDNr5A51DD55SAo3kPi_ucdmprsfN9n-3SQIzYzYnskPraXWvk-zOuO1uVC4cl0FwUG8VgwpBT5yCWo,&q={searchTerms}
HKU\S-1-5-21-2812224853-2447451174-1762123943-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2812224853-2447451174-1762123943-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCXv01MhCKi_Kv-UfVxL0YC3J50NOMYmtVjpz-Xqa9niVAH8jrSIgiG0IMIx5yhPfhI1M1C2Bu3BDEVTDNr5A51DD55SAo3kPi_ucdmprsfN9n-3SQIzYzYnskPraXWvk-zOuO1uVC4cl0FwUG8VgwpBT5yCWo,&q={searchTerms}
HKU\S-1-5-21-2812224853-2447451174-1762123943-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCXv01MhCKi_Kv-UfVxL0YC3J50NOMYmtVjpz-Xqa9niVAH8jrSIgiG0IMIx5yhPfhI1M1C2Bu3BDEVTDNr5A51DD55SAo3kPi_ucdmprsfN9n-3SQIzYzYnskPraXWvk-zOuO1uVC4cl0FwUG8VgwpBT5yCWo,&q={searchTerms}
HKU\S-1-5-21-2812224853-2447451174-1762123943-1005\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O6ALVpuKMYLBCXv01MhCKi_Kv-UfVxL0YC3J50NOMYmtVjpz-Xqa9niVAH8jrSIgiG0IMIx5yhPfhI1M1C2Bu3BDEVTDNr5A51DD55SAo3kPi_ucdmprsfN9n-3SQIzYzYnskPraXWvk-zOuO1uVC4cl0FwUG8VgwpBT5yCWo,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
Tcpip\..\Interfaces\{196cbd15-66cd-4947-80e6-808c0002d0d2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2e791731-aa8d-4903-a276-2c1bea7c8703}: [NameServer] 188.120.239.115,8.8.8.8
Tcpip\..\Interfaces\{50985ca9-9634-41c5-90b3-6fef53a15b62}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{aa8e5012-0c49-11e6-aa23-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{bb980f11-9f05-4166-9bef-b8e12a0814da}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{d7639991-4b8d-11e6-aa29-806e6f6e6963}: [NameServer] 104.197.191.4
HKU\S-1-5-21-2812224853-2447451174-1762123943-1005\...\Run: [BingSvc] => C:\Users\g\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-05] (© 2015 Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Nimfind\Redex.dll => C:\ProgramData\Nimfind\Redex.dll [358912 2016-09-30] ()
AppInit_DLLs-x32: C:\ProgramData\Nimfind\GeoTam.dll => C:\ProgramData\Nimfind\GeoTam.dll [248320 2016-09-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => C:\Program Files (x86)\KuaiZip\X64\KZipShell.dll [2016-09-25] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Piotrek\AppData\Local\MEGAsync\ShellExtX32.dll No File
HKLM-x32\...\Run: [app] => C:\Program Files (x86)\sbqh\uc.exe
HKLM-x32\...\Run: [win_en_77] => [X]
ShortcutWithArgument: C:\Users\Hania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Hania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\hania_1l9ucre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Kasia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\krzysiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\krzysiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Users\Piotrek\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Users\Piotrek\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
HOSTS:
EmptyTemp:
>>Menu Notatnika >> Plik >>
>>Zapisz jako >>
Nazwa pliku: fixlist
Zapisz jako typ: Dokumenty tekstowe
Kodowanie: UTF -8
>>Zapisz
Plik umieść w folderze C:\Users\g\Downloads
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) Zrób nowe logi FRST - już bez Shortcut.
.
 System operacyjny: windows_seven Przeglądarka: seamonkey
#3
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
Po uruchomieniu FRST z zadanym plikiem fixlist.txt oto nowe logi:

http://www.wklej.org/id/2893522/ - FRST.txt
http://www.wklej.org/id/2893543/ - Addition.txt

I co dalej?

Dzięki za pomoc i pozdrawiam
 System operacyjny: windows_ten Przeglądarka: ie
#4
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
1)
Cytat:CHR DefaultProfile: ChromeDefaultData
Uruchom Google Chrome
> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >
> Sekcja: OSOBY
>zaznacz (wybierz): user0
kliknij z znaczek X znajdujący się po prawej stronie

2) 
Cytat:2016-09-30 10:54 - 2016-01-01 22:35 - 00000000 ____D C:\Users\g\AppData\Local\Apps\2.0
2016-09-25 20:21 - 2016-09-25 20:32 - 00000000 ____D C:\Users\g\AppData\Local\app
Nie wiem, co to jest.
Sprawdzę przy pomocy FRST, co jest w środku:
Otwórz Notatnik i wklej w nim:
Cytat:Folder: C:\Users\g\AppData\Local\app
Folder: C:\Users\g\AppData\Local\Apps\2.0
2016-09-25 20:45 - 2016-09-25 20:45 - 00000000 ___HD C:\Program Files (x86)\TCPnp6
2016-09-25 20:45 - 2016-09-25 20:45 - 00000000 ___HD C:\Program Files (x86)\TCPnp5
2016-09-25 20:45 - 2016-09-25 20:45 - 00000000 ___HD C:\Program Files (x86)\TCPnp4
2016-09-25 20:45 - 2016-09-25 20:45 - 00000000 ___HD C:\Program Files (x86)\TCPnp3
ProfilePath: C:\Users\g\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\04uind58.default\Profiles\04uind58.default [not found]
FF Homepage: Mozilla\Firefox\Profiles\04uind58.default -> C:\ProgramData\Nimfinds\ff.HP
C:\ProgramData\Nimfinds
RemoveDirectory: C:\ProgramData\AppecivreSpAs
2016-09-25 20:17 - 2016-09-25 20:17 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
2016-09-25 20:17 - 2016-09-25 20:17 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
2016-09-25 20:13 - 2016-09-25 20:13 - 00000000 _____ C:\TOSTACK
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowy log FRST - już bez Addition.
.
 System operacyjny: windows_seven Przeglądarka: seamonkey
#5
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
ad 1) - zrobione;

ad 2) - zrobione:
www.wklej.org/id/2893805/ - Fixlog.txt

ad 3 - zrobione:
www.wklej.org/id/2893823/ - FRST.txt

Dzięki raz jeszcze!
 System operacyjny: windows_ten Przeglądarka: ie
#6
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
Myślę, że możemy kończyć:
Otwórz Notatnik i wklej w nim:
Cytat:DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.


W Adw-Cleaner kliknij na PLIK, potem na ODINSTALUJ.
.
 System operacyjny: windows_seven Przeglądarka: seamonkey
#7
RE: Problem z zawieszającym się AdwCleanerem - UCGuard itp.
Wygląda, że już wszystko dobrze. 
Wielkie dzięki za pomoc!
Super, że są tacy, jak Ty.
 System operacyjny: windows_ten Przeglądarka: ie
Programy: Polecane / Nowe / Inne




Podobne wątki (Problem z zawieszającym się AdwCleanerem - UCGuard itp.)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  UCGuard - problem z usunięciem lovely.tysiek 9 1593 28.02.2017, 17:50
Ostatni post: morderca
  UCGuard nie daje się usunąć przez adwcleaner. oskar5531 16 2542 19.02.2017, 20:09
Ostatni post: oskar5531
  UCGuard - problem z usunięciem johnpham1 1 1263 18.02.2017, 11:38
Ostatni post: morderca

Skocz do: