Problem z sale charger

Dla specjalistów Bezpieczeństwo
#1

Witam od paru dni mam prolem z tym oprogramowaniem :confused:

pliki z FArbara

 

 

FRST

 

http://wklej.org/id/1785664/

 

Addition

 

http://wklej.org/id/1785665/

 

Shortcut

 

http://wklej.org/id/1785666/

 

Prosze o pomoc

#2

W panelu sterowania odinstaluj McAfee Security Scan Plus i SpyHunter4.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

Winlogon\Notify\sizdzuv: C:\Users\Cukiereczek\AppData\Local\sizdzuv.dll [2015-08-21] ()
HKU\S-1-5-21-3728697078-2981532903-1326858875-1000\...\Run: [sizdzuv] => rundll32 "C:\Users\Cukiereczek\AppData\Local\sizdzuv.dll",sizdzuv <===== UWAGA
GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-is __alt__ ddc_dsssyc_bd_com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3728697078-2981532903-1326858875-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-is __alt__ ddc_dsssyc_bd_com
URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is __alt__ ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is __alt__ ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3728697078-2981532903-1326858875-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is __alt__ ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3728697078-2981532903-1326858875-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is __alt__ ddc_dss_bd_com&p={searchTerms}
CHR Extension: (Sale Charger) - C:\Users\Cukiereczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjodaojofnncamkhhbnonejbjliohhk [2015-08-08]
OPR Extension: (Sale Charger) - C:\Users\Cukiereczek\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbjodaojofnncamkhhbnonejbjliohhk [2015-08-08]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
2015-08-29 00:22 - 2015-08-29 00:27 - 00000000 ____ D C:\AdwCleaner
2015-08-21 22:45 - 2015-08-21 22:45 - 00014336 _____ C:\Users\Cukiereczek\AppData\Local\sizdzuv.dll
2015-08-10 00:16 - 2015-08-10 00:16 - 00000000 ____ D C:\Program Files\McAfee Security Scan
2015-08-10 00:16 - 2015-08-10 00:16 - 00000000 ____ D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-10 00:16 - 2015-02-27 01:05 - 00000000 ____ D C:\ProgramData\McAfee Security Scan
Task: {122590FC-D269-422D-830B-0D0143EAD74C} - System32\Tasks\{7826CD4A-E0DA-4747-AC4D-5B6536A58F94} => pcalua.exe -a G:\hpus_n5335711644a0.exe -d G:\
Task: {1F0840C9-3BC4-429F-A712-700B957AE19E} - System32\Tasks\{3BBB2489-62A0-4419-9883-15FF8437D794} => pcalua.exe -a G:\hpus_n6ab0600381dc.exe -d G:\
Task: {290C33B2-A3EB-427C-95FC-BBC69D750633} - System32\Tasks\{AC0B9534-9BEE-4766-AABA-71D7D3B38370} => pcalua.exe -a C:\Users\Cukiereczek\AppData\Roaming\do-search\UninstallManager.exe -c -ptid=cor
Task: {8E624E04-1565-45E0-83EE-0827310433AF} - System32\Tasks\{D8518389-45EF-4EB0-8249-14109592B13A} => D:\lol\lol.launcher.exe [2014-04-17] ()
Task: {A4F94166-43EE-4FC1-9D23-4BB1343DAFCF} - System32\Tasks\{F2673259-17F8-4FE7-B975-335AB9BC32E1} => pcalua.exe -a H:\.\Setup.exe -d H:\ -c AUTORUN=1
Task: {B8165832-12DF-41D4-A70D-AC4EFF28DD90} - System32\Tasks\{3D8DD1DB-6BD6-4470-AD8F-B7351EC261F9} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {C687E140-57B7-4453-AE7C-B93987F1C865} - System32\Tasks\avastBCLRestartS-1-5-21-3728697078-2981532903-1326858875-1000 => Chrome.exe 
Task: {DF784CE3-65FD-4C6B-B22D-5607A218C92E} - System32\Tasks\{1F2094CF-CCAA-4505-A8D4-1F86C9155E96} => pcalua.exe -a "C:\Users\Cukiereczek\Downloads\0mch07ww (1).exe" -d C:\Users\Cukiereczek\Downloads
Task: {F8B0C536-A823-458A-8B0A-73BEFC1DAFE4} - System32\Tasks\{A265E0CF-A7BB-461C-BE4B-1179C4B0D99E} => pcalua.exe -a C:\Users\Cukiereczek\Downloads\0mwl08ww.exe -d C:\Users\Cukiereczek\Downloads
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.