Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chińskie programy/reklamy. Pomóżcie, jestem zdesperowany!

EastMoon 18 Kwi 2016 16:23 606 2
  • #1 18 Kwi 2016 16:23
    EastMoon
    Poziom 10  

    Witam.
    Przedwczoraj na komputerze zainstalowało mi się jakieś *****, którego nie idzie odinstalować, bo wraca, a to coś instaluje inne programy i w prawym rogu na 1/4 ekranu wyświetla jakieś reklamy. Mam już logi z FRST.

    FRST:
    http://www.wklej.org/id/2304875/

    Addition:
    http://www.wklej.org/id/2304887/

    Z góry dziękuję za wszelką pomoc!

    0 2
  • #2 18 Kwi 2016 18:20
    krzychupar
    Poziom 40  

    Odinstaluj:
    Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== UWAGA
    Update for PriceFountain (HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\{13FA7D03-20EC-A6C8-C709-220FB9D9C1DC}) (Version: - Update for PriceFountain) <==== UWAGA

    Otwórz notatnik i wklej:
    CloseProcess:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {0557B131-5EC9-4C6C-9F39-519970A85FF6} - System32\Tasks\PPTAssistantNotifyTask_KamQiX => C:\Users\KamQiX\AppData\Local\PPTAssist\notify.exe [2016-04-17] (珠海金山办公软件有限公司)
    Task: {352688A4-AD0F-47D5-8EE0-2D6DBCF906D1} - System32\Tasks\Uwewbiut => C:\PROGRA~1\Kajajugt\Eiomu.bat <==== UWAGA
    Task: {44ACCEEE-5D68-411B-B690-91AA535E776F} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\KamQiX\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-04-16] () <==== UWAGA
    Task: {5241BB68-C626-4E00-9044-99606BEF1322} - System32\Tasks\{C4D13A18-44A7-4767-99C2-2F5EA784F66D} => pcalua.exe -a L:\HndImgMapSetup.exe -d L:\
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/




    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    2016-04-17 20:26 - 2016-04-17 20:26 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\zlib.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00110064 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAntiInject.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00482800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tinyxml.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00040944 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-04-17 20:33 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00020464 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\oDayProtect.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00122352 _____ () c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmrtpcontroller.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xImage.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\arkGraphic.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GF.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xGraphic32.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libpng.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libjpegturbo.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libexpatw.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgImage.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgIOStub.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00077296 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\MemDefrag.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00163312 _____ () c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmhipslogpolicy.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00261616 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\DlForQd.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\GF.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\xGraphic32.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\zlib.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\libexpatw.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\tinyxml.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\arkGraphic.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\jgImage.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\jgIOStub.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\libpng.dll
    2016-04-17 20:26 - 2016-04-17 20:26 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\libjpegturbo.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    IE trusted site: HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\sharepoint.com -> hxxps://zsltklucznet.sharepoint.com
    Hosts:
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe
    () C:\Program Files (x86)\badu\uc.exe
    HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe
    HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-04-17] (Tencent)
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {c073bc56-a40d-11e5-826f-bcaec5783c3e} - "L:\Setup.exe"
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {dfad9edc-d240-11e5-8276-bcaec5783c3e} - "L:\autorun.exe"
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {f48ab226-31df-11e5-8254-bcaec5783c3e} - "L:\setup.exe"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll [2016-04-17] (Tencent)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    BootExecute: autocheck autochk *
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> {87F47002-5193-4E29-90FE-E25B4230A402} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    BHO: Kajajugt -> {1308CFBC-219D-42D4-84FC-E44F74703219} -> C:\Program Files\Kajajugt\Naajoj64.dll => Brak pliku
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat [2016-04-17] (Tencent)
    BHO-x32: Kajajugt -> {1308CFBC-219D-42D4-84FC-E44F74703219} -> C:\Program Files\Kajajugt\Naajoj.dll => Brak pliku
    BHO-x32: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    Handler: WSWSVCUchrome - Brak wartości CLSID

    FF NewTab: C:\ProgramData\Doubleings\ff.NT
    FF DefaultSearchEngine: hohosearch
    FF SelectedSearchEngine: hohosearch
    FF Homepage: C:\ProgramData\Doubleings\ff.HP
    FF Homepage: hxxp://www-searching.com/?site=shyosffdefault...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    FF NewTab: hxxp://www-searching.com/?site=shyosffdefault...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [2016-04-17] (Tencent Technology (Shenzhen) Company Limited)
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Hzamo...b-b2d3-c3f8a8f5358d,&vp=ch&prd=set_ch
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,&vp=ch&prd=set_ch"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\KamQiX\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-17] (DotC United Inc)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-04-17] (Tencent)
    U2 QQRepair1b08; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1b08 [136512 2016-04-18] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-18] ()
    S2 BugreportW; "C:\Program Files (x86)\hohobnd\ghabuk.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
    S2 Eruvwee; "C:\Users\KamQiX\AppData\Roaming\LaexuGegobog\Reloace.exe" -cms [X]
    R2 mivohorezbt; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\knss1252.tmpfs [X]
    S2 rijufoze; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\hnsd4561.tmp [X]
    S2 rocufyky; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\jnsc2B10.tmp [X]
    S2 SstrprSrv; "C:\Program Files (x86)\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    S3 VutjUbaweu; Brak ImagePath
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-17] (DotC United Inc)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [79096 2016-04-17] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-04-17] (电脑管家)
    S3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [43264 2016-04-17] ()
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [35064 2016-04-17] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-18] ()
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [132344 2016-04-17] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-04-17] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys [38520 2016-04-18] (Tencent)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-04-17] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-04-17] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-04-17] (电脑管家)
    U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    2016-04-18 16:07 - 2016-04-18 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-04-17 20:30 - 2016-04-18 16:07 - 00001753 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-04-17 20:26 - 2016-04-17 20:26 - 00001763 ____R C:\Users\KamQiX\Desktop\Yeabeats Browser.lnk
    2016-04-17 20:26 - 2016-04-17 20:26 - 00000000 ____D C:\Users\KamQiX\AppData\Roaming\LightGate
    2016-04-17 20:26 - 2016-04-17 20:26 - 00000000 ____D C:\Program Files\Common Files\Doobzo
    2016-04-17 20:24 - 2016-04-17 20:23 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-04-17 20:23 - 2016-04-18 16:08 - 00000000 ____D C:\ProgramData\kingsoft
    2016-04-17 20:23 - 2016-04-17 20:30 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-17 20:23 - 2016-04-17 20:23 - 00000000 ____D C:\uninst
    2016-04-17 20:22 - 2016-04-17 20:27 - 00000000 ____D C:\Program Files (x86)\badu
    2016-04-17 20:15 - 2016-04-17 20:15 - 06494208 _____ C:\Users\KamQiX\AppData\Roaming\agent.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 01626777 _____ C:\Users\KamQiX\AppData\Roaming\Villadex.tst
    2016-04-17 20:15 - 2016-04-17 20:15 - 01032192 _____ C:\Users\KamQiX\AppData\Roaming\Villadex.exe
    2016-04-17 20:15 - 2016-04-17 20:15 - 01032192 _____ C:\Users\KamQiX\AppData\Roaming\KeyPhase.exe
    2016-04-17 20:15 - 2016-04-17 20:15 - 00848437 _____ C:\Users\KamQiX\AppData\Roaming\Quotip.bin
    2016-04-17 20:15 - 2016-04-17 20:15 - 00127488 _____ C:\Users\KamQiX\AppData\Roaming\Installer.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00126464 _____ C:\Users\KamQiX\AppData\Roaming\noah.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00126464 _____ C:\Users\KamQiX\AppData\Roaming\lobby.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00090786 _____ C:\Users\KamQiX\AppData\Roaming\inst.lat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00072717 _____ C:\Users\KamQiX\AppData\Roaming\KeyPhase.tst
    2016-04-17 20:15 - 2016-04-17 20:15 - 00065568 _____ C:\Users\KamQiX\AppData\Roaming\Config.xml
    2016-04-17 20:15 - 2016-04-17 20:15 - 00054272 _____ C:\Users\KamQiX\AppData\Roaming\ApplicationHosting.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00018432 _____ C:\Users\KamQiX\AppData\Roaming\Main.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 00015936 _____ C:\Users\KamQiX\AppData\Roaming\InstallationConfiguration.xml
    2016-04-17 20:15 - 2016-04-17 20:15 - 00005568 _____ C:\Users\KamQiX\AppData\Roaming\md.xml
    2016-04-17 00:28 - 2016-04-17 00:28 - 00000266 __RSH C:\Users\KamQiX\ntuser.pol
    2016-04-16 22:16 - 2016-04-17 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-16 20:14 - 2016-04-18 16:07 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-16 20:14 - 2016-04-17 20:26 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
    2016-04-16 20:14 - 2016-04-16 20:14 - 00005120 _____ C:\Users\KamQiX\AppData\Roaming\GiftBag.db
    2016-04-16 20:14 - 2016-04-16 20:14 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-16 20:13 - 2016-04-17 20:26 - 00087800 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-04-16 20:13 - 2016-04-17 20:26 - 00000000 ____D C:\Users\KamQiX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-16 20:13 - 2016-04-17 20:13 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-16 20:13 - 2016-04-16 21:44 - 00000000 ____D C:\Users\KamQiX\AppData\Roaming\Tencent
    2016-04-16 20:13 - 2016-04-16 20:13 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-04-16 19:14 - 2016-04-16 19:14 - 00000000 ____D C:\Users\KamQiX\Downloads\已录制的视频
    2016-04-16 19:14 - 2016-04-16 19:14 - 00000000 ____D C:\Users\KamQiX\AppData\Local\UCBrowser
    2016-04-16 19:11 - 2016-04-16 19:11 - 00000660 __RSH C:\ProgramData\ntuser.pol
    C:\Windows\Tasks\{13FA7D03-20EC-A6C8-C709-220FB9D9C1DC}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu skryptu zamieść nowe logi zFRST.

    0
  • Pomocny post
    #3 18 Kwi 2016 18:39
    Acorus 20
    Spec od komputerów

    Uruchom z prawami administratora C:\Program Files (x86)\MPC Cleaner\Uninstall.exe i odinstaluj ten szkodliwy program. Odinstaluj Search module, Update for PriceFountain.
    Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-615194017-3979906348-3350257350-1001_Classes\CLSID\{034DF736-A378-4292-ACAE-A561088999F5}\InprocServer32 -> C:\Users\KamQiX\AppData\Local\PPTAssist\pptassist64.dll (珠海金山办公软件有限公司)
    CustomCLSID: HKU\S-1-5-21-615194017-3979906348-3350257350-1001_Classes\CLSID\{1077138E-896C-445E-BD31-CFCFFA4636C4}\InprocServer32 -> C:\Users\KamQiX\AppData\Local\PPTAssist\pptassist64.dll (珠海金山办公软件有限公司)
    Task: {0557B131-5EC9-4C6C-9F39-519970A85FF6} - System32\Tasks\PPTAssistantNotifyTask_KamQiX => C:\Users\KamQiX\AppData\Local\PPTAssist\notify.exe [2016-04-17] (珠海金山办公软件有限公司)
    Task: {0D97F65A-5D1B-4165-8A06-51129B7F5B94} - System32\Tasks\Sosition Reports => C:\Program Files (x86)\Sosition\SstrprTsk.exe
    Task: {352688A4-AD0F-47D5-8EE0-2D6DBCF906D1} - System32\Tasks\Uwewbiut => C:\PROGRA~1\Kajajugt\Eiomu.bat <==== UWAGA
    Task: {44ACCEEE-5D68-411B-B690-91AA535E776F} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\KamQiX\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-04-16] () <==== UWAGA
    Task: {BDA023E8-0B92-4C2E-A3C5-74DDC1AFD278} - System32\Tasks\SMW_UpdateTask_Time_313234343339373134332d5b5b4a346c4123452a5a556c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {F4283C2D-BD97-4170-8D49-24F37A3387E2} - System32\Tasks\{13FA7D03-20EC-A6C8-C709-220FB9D9C1DC} => C:\Users\KamQiX\AppData\Roaming\{13FA7~1\Sync.exe [2013-04-18] ()
    Task: C:\Windows\Tasks\{13FA7D03-20EC-A6C8-C709-220FB9D9C1DC}.job => C:\Users\KamQiX\AppData\Roaming\{13FA7~1\Sync.exe
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\Desktop\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    ShortcutWithArgument: C:\Users\KamQiX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKLM\...\Run: [cpuminer] => C:\Users\KamQiX\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
    HKLM\...\Run: [IDSCCOM0KT] => "C:\Program Files (x86)\Hostify\idsccom_0KT.exe"
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [298584 2016-04-17] ()
    HKLM-x32\...\Run: [mpck_en_005030301] => [X]
    HKLM-x32\...\Run: [conhost.exe -start] => C:\Users\KamQiX\AppData\Roaming\UPUpdata\conhost.exe -start
    HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe
    HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-04-17] (Tencent)
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {c073bc56-a40d-11e5-826f-bcaec5783c3e} - "L:\Setup.exe"
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {dfad9edc-d240-11e5-8276-bcaec5783c3e} - "L:\autorun.exe"
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\...\MountPoints2: {f48ab226-31df-11e5-8254-bcaec5783c3e} - "L:\setup.exe"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll [2016-04-17] (Tencent)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    BootExecute: autocheck autochk *
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    HKU\S-1-5-21-615194017-3979906348-3350257350-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> {87F47002-5193-4E29-90FE-E25B4230A402} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,
    SearchScopes: HKU\S-1-5-21-615194017-3979906348-3350257350-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TEF58i0ehI8zGaW_e40ZhobBdXhnR9F3YYS815&q={searchTerms}
    FF NewTab: C:\ProgramData\Doubleings\ff.NT
    FF DefaultSearchEngine: hohosearch
    FF SelectedSearchEngine: hohosearch
    FF Homepage: C:\ProgramData\Doubleings\ff.HP
    FF Homepage: hxxp://www-searching.com/?site=shyosffdefault...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    FF NewTab: hxxp://www-searching.com/?site=shyosffdefault...l7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,,
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [2016-04-17] (Tencent Technology (Shenzhen) Company Limited)
    FF Extension: Quick Searcher - C:\Users\KamQiX\AppData\Roaming\Mozilla\Firefox\Profiles\wq2uy2cp.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-16] [Brak podpisu cyfrowego]
    FF Extension: GsearchFinder - C:\Users\KamQiX\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-14]
    FF Extension: Quick Searcher - C:\Users\KamQiX\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-16] [Brak podpisu cyfrowego]
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Hzamo...b-b2d3-c3f8a8f5358d,&vp=ch&prd=set_ch
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,&vp=ch&prd=set_ch"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G4Hzamobl7428BK,76dc0ea0-16e2-4b0b-b2d3-c3f8a8f5358d,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    U2 QQRepair1b08; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1b08 [136512 2016-04-18] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-18] ()
    S2 BugreportW; "C:\Program Files (x86)\hohobnd\ghabuk.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
    S2 Eruvwee; "C:\Users\KamQiX\AppData\Roaming\LaexuGegobog\Reloace.exe" -cms [X]
    R2 mivohorezbt; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\knss1252.tmpfs [X]
    S2 rijufoze; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\hnsd4561.tmp [X]
    S2 rocufyky; C:\Program Files (x86)\1E002520-1460917234-4300-B1C3-BCAEC5783C3E\jnsc2B10.tmp [X]
    S2 SstrprSrv; "C:\Program Files (x86)\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    S3 VutjUbaweu; Brak ImagePath
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65856 2016-04-17] (Windows (R) Win 7 DDK provider)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [79096 2016-04-17] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-04-17] (电脑管家)
    S3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [43264 2016-04-17] ()
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [35064 2016-04-17] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-18] ()
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [132344 2016-04-17] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-04-17] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys [38520 2016-04-18] (Tencent)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-04-17] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-04-17] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-04-17] (电脑管家)
    2016-04-17 20:15 - 2016-04-17 20:15 - 6494208 _____ () C:\Users\KamQiX\AppData\Roaming\agent.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0054272 _____ () C:\Users\KamQiX\AppData\Roaming\ApplicationHosting.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0065568 _____ () C:\Users\KamQiX\AppData\Roaming\Config.xml
    2016-04-16 20:14 - 2016-04-16 20:14 - 0005120 _____ () C:\Users\KamQiX\AppData\Roaming\GiftBag.db
    2015-08-02 17:52 - 2015-08-02 17:52 - 0031766 _____ () C:\Users\KamQiX\AppData\Roaming\ICSW_1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtJ1V0O1E1P1C1T1V0I0C.txt
    2016-04-17 20:15 - 2016-04-17 20:15 - 0090786 _____ () C:\Users\KamQiX\AppData\Roaming\inst.lat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0015936 _____ () C:\Users\KamQiX\AppData\Roaming\InstallationConfiguration.xml
    2016-04-17 20:15 - 2016-04-17 20:15 - 0127488 _____ () C:\Users\KamQiX\AppData\Roaming\Installer.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 1032192 _____ () C:\Users\KamQiX\AppData\Roaming\KeyPhase.exe
    2016-04-17 20:15 - 2016-04-17 20:15 - 0072717 _____ () C:\Users\KamQiX\AppData\Roaming\KeyPhase.tst
    2016-04-17 20:15 - 2016-04-17 20:15 - 0126464 _____ () C:\Users\KamQiX\AppData\Roaming\lobby.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0018432 _____ () C:\Users\KamQiX\AppData\Roaming\Main.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0005568 _____ () C:\Users\KamQiX\AppData\Roaming\md.xml
    2016-04-17 20:15 - 2016-04-17 20:15 - 0126464 _____ () C:\Users\KamQiX\AppData\Roaming\noah.dat
    2016-04-17 20:15 - 2016-04-17 20:15 - 0848437 _____ () C:\Users\KamQiX\AppData\Roaming\Quotip.bin
    2016-04-17 20:24 - 2016-04-17 20:25 - 0000000 _____ () C:\Users\KamQiX\AppData\Roaming\svrupg.exe
    2016-04-17 20:15 - 2016-04-17 20:15 - 0032038 _____ () C:\Users\KamQiX\AppData\Roaming\uninstall_temp.ico
    2016-04-17 20:15 - 2016-04-17 20:15 - 1032192 _____ () C:\Users\KamQiX\AppData\Roaming\Villadex.exe
    2016-04-17 20:15 - 2016-04-17 20:15 - 1626777 _____ () C:\Users\KamQiX\AppData\Roaming\Villadex.tst
    C:\Windows\Tasks\{13FA7D03-20EC-A6C8-C709-220FB9D9C1DC}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0