Jak usunąć chińskie programy qqpctray i mpc cleaner? Logi FRST w załączniku

Question

witam, proszę o pomoc w usunięciu tych programów (qqpctray, mpc clener) poniżej logi z góry dziękuje

krzychupar · Accepted Answer

Odinstaluj:
anote (v1.37) (HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\{B0C39E48-15DA-4A0D-901E-BC8FE5A80763}) (Version: - ) <==== UWAGA
Body Text Feathering (HKLM\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== UWAGA
groover (HKLM\...\{EDD18E67-0B80-46C2-b1B4-87FE8C05161D}) (Version: 2.0.0.478 - groover) <==== UWAGA
PPT美化大师 (HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\PPTAssist) (Version: 2.0.0.0172 - 珠海金山办公软件有限公司)
SafeFinder (HKLM\...\{EE971670-CB0A-47E3-8983-14F2827C3BF3}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
UC浏览器 (HKLM\...\UCBrowser) (Version: 5.6.12150.8 - 广州市动景计算机科技有限公司) <==== UWAGA
电脑管家11.5 (HKLM\...\QQPCMgr) (Version: 11.5.17490.219 - 腾讯科技(深圳)有限公司) <==== UWAGA

Otwórz notatnik i wklej:
CloseProcess:AV:
AV: 电脑管家系统防护 (Enabled - Up to date) {9AAC524A-BF34-49b0-91D2-71838CBB8110}
CustomCLSID: HKU\S-1-5-21-861567501-2111687655-1644491937-1003_Classes\CLSID\{034DF736-A378-4292-ACAE-A561088999F5}\InprocServer32 -> C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\pptassist.dll (珠海金山办公软件有限公司)
CustomCLSID: HKU\S-1-5-21-861567501-2111687655-1644491937-1003_Classes\CLSID\{1077138E-896C-445E-BD31-CFCFFA4636C4}\InprocServer32 -> C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\pptassist.dll (珠海金山办公软件有限公司)
CustomCLSID: HKU\S-1-5-21-861567501-2111687655-1644491937-1003_Classes\CLSID\{C4917602-2AC8-4ECE-8E5D-390C3871ABB3}\InprocServer32 -> C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\tabassist.dll (珠海金山办公软件有限公司)
CustomCLSID: HKU\S-1-5-21-861567501-2111687655-1644491937-1003_Classes\CLSID\{E00310B2-F036-4771-9347-C131257D990F}\InprocServer32 -> C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\tabassist.dll (珠海金山办公软件有限公司)
CustomCLSID: HKU\S-1-5-21-861567501-2111687655-1644491937-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Documents and Settings\atp\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll => Brak pliku
Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exehxxp:/www.express-files.com <==== UWAGA
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exehxxp:/www.goforfiles.com <==== UWAGA
Task: C:\WINDOWS\Tasks\PPTAssistantNotifyTask_atp.job => C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\notify.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\PPTAssistantUpdateTask_atp.job => C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist\assistupdate.exe <==== UWAGA
ShortcutWithArgument: C:\Documents and Settings\atp\Pulpit\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\atp\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\atp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\atp\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
2016-06-08 12:12 - 2016-06-08 12:12 - 00115904 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00088416 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\zlib.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00488640 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00100704 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00025280 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQFileFlt.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00046784 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00070848 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00036544 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00128192 _____ () c:\program files\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00169152 _____ () c:\program files\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00137568 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 02156896 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\GF.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00092512 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00342368 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00045408 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00158048 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\libpng.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00285024 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00014176 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00194912 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\xImage.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00083136 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00337088 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00379232 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00251072 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00088416 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\zlib.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00137568 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libexpatw.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00100704 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\tinyxml.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 02156896 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\GF.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00092512 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\xGraphic32.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00342368 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\arkGraphic.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00045408 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgImage.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00158048 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libpng.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00285024 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libjpegturbo.dll
2016-06-08 12:12 - 2016-06-08 12:12 - 00014176 _____ () C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgIOStub.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
Hosts:
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUsbGuard.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exeHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
(Tencent) C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe
HKLM\...\Run: [Eps_Reg.exe] => C:\DOCUME~1\atp\USTAWI~1\temp\Eps_Reg.exe /L /NSmartCard2000 <===== UWAGA
HKLM\...\Run: [apphide] => C:\Program Files\badu\uc.exe
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [ASRockIES] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [] => [X]
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Brak pliku [ ]
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Brak pliku [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt.dll [2016-06-08] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll Brak pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X86\KZipShell.dll [2016-06-08] ()
BootExecute: autocheck autochk * aswBoot.exe /M:44036b66b740 /dir:C:\Program
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hao123.com/?tn=90820167_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LftxgKPwj1U22xf56H_L-MMVXzrWA1cJHFIVz_PlVePYmam4ldisgp_h9Zd_0d1Uo_8cHDgVwq2IO3I31vkHT1Pp8gtT
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LftxgKPwj1U22xf56H_L-MMVXzrWA1cJHFIVz_PlVePYmam4ldisgp_h9Zd_0d1Uo_8cHDgVwq2IO3I31vkHT1Pp8gtT
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_search_url = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hao123.com/?tn=90820167_hao_pg
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
SearchScopes: HKU\S-1-5-21-861567501-2111687655-1644491937-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
SearchScopes: HKU\S-1-5-21-861567501-2111687655-1644491937-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmor_X2tfGA6hiKNOJMcDzzUXX-gJ-fbtGtctVYpdnullaMO9KiYYuHNi6TSxZJWZ1LfcNKDvdv4Rm9ZO--m5f0S0lNm_UeSEOp5NYybOUVPIVo5RHAqhDGVase-rRmPZ4a9Q4dd0s9H99h8M-ZWgXUegY0d76&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383215709&from=cor&uid=ST3500413AS_6VMTYJY7XXXX6VMTYJY7
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHAqBn4nB0..&v=20160607&uid=79E28AC19A19C9C4E564A1811E22B456&ptid=clc&mode=loadm
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine,S:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine: hohosearch
FF SelectedSearchEngine,S:
FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHAqBn4nB0..&v=20160607&uid=79E28AC19A19C9C4E564A1811E22B456&ptid=clc&mode=loadm
FF Keyword.URL:
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Brak pliku]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Brak pliku]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Brak pliku]
FF SearchPlugin: C:\Documents and Settings\atp\Dane aplikacji\Profiles\xak2wntw.default\searchplugins\dv543xib.xml [2016-06-08]
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHAqBn4nB0..&v=20160607&uid=79E28AC19A19C9C4E564A1811E22B456&ptid=clc&mode=loadm"
CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ <nie znaleziono>
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-08] (DotC United Inc)
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-06-08] (Tencent)
S2 dowidoly; C:\Program Files\Win32_ComputerSystemProduct-1465286847---\jnsvB5.tmp [X]
S2 QifiryplohelebuilderSrv; Brak ImagePath
S2 rijufoze; C:\Program Files\Win32_ComputerSystemProduct-1465286847---\hnsuB8.tmp [X]
S2 zigipyro; C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\03000200-1465374327-0500-0006-000700080009\qnsr67.tmp [X]
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMIEProtect.sys [60024 2016-06-08] ()
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUdisk.sys [104440 2016-06-08] (Tencent)
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQSysMon.sys [120952 2016-06-08] (电脑管家)
R1 softaal; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\softaal.sys [45816 2016-06-08] (Tencent)
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator.sys [126008 2016-06-08] (Tencent)
R1 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [159608 2016-06-08] (电脑管家)
R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2016-06-08] (Tencent)
R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [137816 2016-06-08] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSKsp.sys [220984 2016-06-08] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSSysKit.sys [111736 2016-06-08] (电脑管家)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 blNetFilter; \??\C:\WINDOWS\system32\drivers\blNetFilter.sys [X]
S3 catchme; \??\C:\DOCUME~1\atp\USTAWI~1\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S4 IntelIde; Brak ImagePath
S3 ntportio; \??\F:\GSM\div\div8.2hack\ntportio.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
2016-06-08 12:21 - 2016-06-08 12:21 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\MPC
2016-06-08 12:14 - 2016-06-08 12:12 - 00126008 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator.sys
2016-06-08 12:14 - 2016-06-08 12:12 - 00110200 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelXP.sys
2016-06-08 12:14 - 2016-06-08 12:12 - 00014008 _____ (Tencent) C:\WINDOWS\system32\Drivers\TSDefenseBt.sys
2016-06-08 12:12 - 2016-06-08 12:12 - 00159608 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFlt.sys
2016-06-08 12:12 - 2016-06-08 12:12 - 00137816 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TsFltMgr.sys
2016-06-08 12:12 - 2016-06-08 12:12 - 00000839 _____ C:\Documents and Settings\All Users\Menu Start\强力卸载电脑上的软件 .lnk
2016-06-08 10:42 - 2016-06-08 10:42 - 00000067 _____ C:\WINDOWS\QMNetworkMgr.ini
2016-06-08 10:41 - 2016-06-08 10:43 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-06-08 10:38 - 2016-06-08 12:21 - 00001476 _____ C:\Documents and Settings\All Users\Pulpit\MPC Cleaner.lnk
2016-06-08 10:24 - 2016-05-11 07:31 - 00200072 _____ C:\WINDOWS\system32\Drivers\askProtect.sys
2016-06-08 10:20 - 2016-06-08 10:45 - 00000000 ____D C:\Program Files\żěŃą
2016-06-08 10:20 - 2016-06-08 10:20 - 00000661 _____ C:\Documents and Settings\atp\Pulpit\żěŃą.lnk
2016-06-08 10:14 - 2016-06-08 10:14 - 00001390 _____ C:\MPC Cleaner.lnk
2016-06-08 09:52 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-06-08 09:52 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-06-08 09:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-06-08 09:52 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-06-08 09:51 - 2016-06-08 10:11 - 00000000 ___SD C:\ComboFix
2016-06-08 09:51 - 2016-06-08 09:51 - 00000000 ____D C:\Qoobox
2016-06-08 09:50 - 2016-06-08 09:50 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\PPT美化大师
2016-06-08 09:49 - 2016-06-08 09:51 - 00000000 ___SD C:\32788R22FWJFW
2016-06-08 09:49 - 2016-06-08 09:49 - 00000000 ____D C:\Program Files\anote
2016-06-08 09:49 - 2016-06-08 09:49 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\¶ŕ˛Ę±ăÇ©
2016-06-08 09:43 - 2016-06-08 09:43 - 00001092 _____ C:\Documents and Settings\atp\Menu Start\Programy\UC浏览器.lnk
2016-06-08 09:43 - 2016-06-08 09:43 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\UC浏览器
2016-06-08 09:02 - 2016-06-08 10:20 - 00000661 _____ C:\Documents and Settings\atp\Menu Start\żěŃą.lnk
2016-06-08 09:01 - 2016-02-18 03:56 - 07318464 _____ C:\Documents and Settings\atp\Dane aplikacji\KuaiZip_Setup_1875570831_jiuzhuan_001.exe
2016-06-08 08:58 - 2016-06-08 08:58 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
2016-06-08 08:57 - 2016-06-08 12:12 - 00083576 _____ (电脑管家) C:\WINDOWS\system32\TSSK.sys
2016-06-08 08:57 - 2016-06-08 12:12 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\腾讯软件
2016-06-08 08:57 - 2016-06-08 11:30 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Tencent
2016-06-08 08:46 - 2016-06-08 08:46 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\kingsoft
2016-06-08 08:33 - 2016-06-08 09:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\Tencent
2016-06-08 08:33 - 2016-06-08 08:33 - 00000000 ____D C:\Program Files\Tencent
2016-06-08 08:30 - 2016-06-08 08:28 - 00053992 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-06-08 08:30 - 2016-06-08 08:28 - 00029032 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys
2016-06-08 08:29 - 2016-06-08 12:24 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lamzap
2016-06-08 08:29 - 2016-06-08 08:29 - 06867968 _____ C:\Documents and Settings\atp\Dane aplikacji\agent.dat
2016-06-08 08:29 - 2016-06-08 08:29 - 01759232 _____ C:\Documents and Settings\atp\Dane aplikacji\Dalt-Phase.tst
2016-06-08 08:29 - 2016-06-08 08:29 - 00126464 _____ C:\Documents and Settings\atp\Dane aplikacji\noah.dat
2016-06-08 08:29 - 2016-06-08 08:29 - 00069072 _____ C:\Documents and Settings\atp\Dane aplikacji\Config.xml
2016-06-08 08:29 - 2016-06-08 08:29 - 00018432 _____ C:\Documents and Settings\atp\Dane aplikacji\Main.dat
2016-06-08 08:29 - 2016-06-08 08:29 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\CloudPrinter
2016-06-08 08:25 - 2016-06-08 08:25 - 00000000 ____D C:\Program Files\CleanBrowser
2016-06-08 08:25 - 2016-06-08 08:25 - 00000000 _____ C:\Documents and Settings\atp\Number of results
2016-06-08 12:16 - 2013-08-30 08:36 - 00000000 ____D C:\AdwCleaner
C:\Documents and Settings\atp\kauik.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
Uruchom FRST i kliknij w Fix/Napraw.

Promuję tematy:
02.03.2019 Błąd z aplikacją Epic Game Launcher, nie może się włączyć do końca. Nie działa.

Kolobos · Accepted Answer

Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

Kolobos · Accepted Answer

Odinstaluj: Qtrax Player

Uruchom system w trybie awaryjnym.

Wykonaj nowy Fixlist.txt dla FRST:
CloseProcesses:
Task: C:\WINDOWS\Tasks\DandelionStarter.job => C:\Documents and Settings\atp\Dane aplikacji\alitm\Dandelion.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA (yeabests)
2016-06-08 10:24 - 2016-05-11 07:56 - 00129144 _____ () C:\Program Files\ADSKIP\ADSkipSvc.exe
2016-06-08 08:31 - 2016-05-15 18:04 - 02089472 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler\set.exe
2016-06-08 10:20 - 2016-06-08 10:20 - 00219072 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
2016-06-08 08:29 - 2016-06-08 08:25 - 00800256 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Lamzap\Lamzap.exe
2016-06-07 13:42 - 2016-06-07 13:42 - 00152064 _____ () C:\Program Files\Win32_ComputerSystemProduct-1465286847---\knsu1FC.tmp
2016-06-08 10:20 - 2016-06-08 10:20 - 00242624 _____ () C:\Program Files\żěŃą\X86\KZipShell.dll
2016-06-08 08:25 - 2016-06-08 08:25 - 01936896 _____ () C:\Documents and Settings\atp\Dane aplikacji\UPUpdata\service72564.exe
2016-06-08 13:04 - 2016-06-08 13:04 - 02008032 _____ () C:\Documents and Settings\atp\Dane aplikacji\alitm\Dandelion.exe
() C:\Program Files\ADSKIP\ADSkipSvc.exe
() C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler\set.exe
() C:\Documents and Settings\All Users\Dane aplikacji\Lamzap\Lamzap.exe
() C:\Program Files\Win32_ComputerSystemProduct-1465286847---\knsu1FC.tmp
() C:\Documents and Settings\atp\Dane aplikacji\UPUpdata\service72564.exe
() C:\Documents and Settings\atp\Dane aplikacji\alitm\Dandelion.exe
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [Hoolapp Android] => "C:\DOCUME~1\atp\DANEAP~1\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [QGuan90132] => C:\Documents and Settings\atp\Dane aplikacji\UPUpdata\service90132.exe /autorun
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [msiql] => C:\Documents and Settings\atp\Dane aplikacji\UPUpdata\msiql.exe /RUNNING
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [osmsg] => C:\Documents and Settings\All Users\Dane aplikacji\WindowsMsg\osmsg.exe /AUTORUN
HKU\S-1-5-21-861567501-2111687655-1644491937-1003\...\Run: [apphide2] => C:\Program Files\badu\uc.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll Brak pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X86\KZipShell.dll [2016-06-08] ()
BootExecute: autocheck autochk * aswBoot.exe /M:44036b66b740 /dir:C:\Program
FF DefaultSearchEngine,S:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine,S:
FF Keyword.URL:
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHAqBn4nB0..&v=20160607&uid=79E28AC19A19C9C4E564A1811E22B456&ptid=clc&mode=loadm"
R2 ADSkipSvc; C:\Program Files\ADSKIP\ADSkipSvc.exe [129144 2016-05-11] ()
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219072 2016-06-08] ()
R0 AHFFAXAOSO; C:\WINDOWS\System32\Drivers\askProtect.sys [200072 2016-05-11] ()
R3 TSSK; C:\WINDOWS\System32\tssk.sys [83576 2016-06-08] (电脑管家)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 blNetFilter; \??\C:\WINDOWS\system32\drivers\blNetFilter.sys [X]
S3 catchme; \??\C:\DOCUME~1\atp\USTAWI~1\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 ntportio; \??\F:\GSM\div\div8.2hack\ntportio.sys [X]
R1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUdisk.sys [X]
R1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\softaal.sys [X]
R4 TAOKernelDriver; \??\C:\WINDOWS\system32\Drivers\TAOKernelXP.sys [X]
R4 TsFltMgr; system32\drivers\TsFltMgr.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
2016-06-08 13:16 - 2016-04-22 12:35 - 51987648 _____ C:\Documents and Settings\atp\Dane aplikacji\qqpcmgr_v11.5.17490.219_72564_Silence.exe
2016-06-08 13:15 - 2016-05-04 10:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\Documents and Settings\atp\Dane aplikacji\OfficeAssist.0172.80.1384.exe
2016-06-08 13:04 - 2016-06-08 13:40 - 00000342 _____ C:\WINDOWS\Tasks\DandelionStarter.job
2016-06-08 13:04 - 2016-06-08 13:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\MiniUpgrade
2016-06-08 13:04 - 2016-06-08 13:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\ktpcntr
2016-06-08 13:04 - 2016-06-08 13:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\dandelion
2016-06-08 13:04 - 2016-06-08 13:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\Assistant
2016-06-08 13:04 - 2016-06-08 13:04 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\alitm
2016-06-08 11:30 - 2016-06-08 11:30 - 00001500 _____ C:\WINDOWS\system32\Drivers\blNetFilter.sys.lnk
2016-06-08 11:25 - 2016-06-07 20:07 - 10599032 _____ () C:\Documents and Settings\atp\Dane aplikacji\ADSkip.v1.0.523.2105_Silent.exe
2016-06-08 11:20 - 2016-04-22 12:39 - 51987648 _____ C:\Documents and Settings\atp\Dane aplikacji\qqpcmgr_v11.5.17490.219_72530_Silence.exe
2016-06-08 10:43 - 2016-06-08 10:44 - 00002484 _____ C:\Documents and Settings\atp\Dane aplikacji\RandomDelJiheReg.exe.lnk
2016-06-08 10:42 - 2016-06-08 10:42 - 00000067 _____ C:\WINDOWS\QMNetworkMgr.ini
2016-06-08 10:41 - 2016-06-08 10:43 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-06-08 10:24 - 2016-05-11 07:31 - 00200072 _____ C:\WINDOWS\system32\Drivers\askProtect.sys
2016-06-08 10:20 - 2016-06-08 10:45 - 00000000 ____D C:\Program Files\żěŃą
2016-06-08 10:14 - 2016-06-08 10:14 - 00001390 _____ C:\MPC Cleaner.lnk
2016-06-08 09:43 - 2016-06-08 09:43 - 00001092 _____ C:\Documents and Settings\atp\Menu Start\Programy\UC浏览器.lnk
2016-06-08 09:43 - 2016-06-08 09:43 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\UC浏览器
2016-06-08 09:02 - 2016-06-08 10:20 - 00000661 _____ C:\Documents and Settings\atp\Menu Start\żěŃą.lnk
2016-06-08 09:02 - 2016-06-08 09:02 - 00068168 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2016-06-08 09:02 - 2016-06-08 09:02 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\Softlink
2016-06-08 08:58 - 2016-06-08 08:58 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
2016-06-08 08:57 - 2016-06-08 13:15 - 00000000 ____D C:\Documents and Settings\atp\Menu Start\Programy\腾讯软件
2016-06-08 08:57 - 2016-06-08 12:12 - 00083576 _____ (电脑管家) C:\WINDOWS\system32\TSSK.sys
2016-06-08 08:57 - 2016-06-08 11:30 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Tencent
2016-06-08 08:46 - 2016-06-08 13:02 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\kingsoft
2016-06-08 08:39 - 2016-06-08 14:00 - 00000000 ____D C:\Program Files\ADSKIP
2016-06-08 08:39 - 2016-06-07 20:07 - 10599032 _____ () C:\Documents and Settings\atp\Dane aplikacji\ADSkip.v1.0.523.2103_Silent.exe
2016-06-08 08:39 - 2016-03-03 03:14 - 00656952 _____ (Beijing Hongda wanfang technology Co.,Ltd.) C:\Documents and Settings\atp\Dane aplikacji\setup_31019.exe
2016-06-08 08:38 - 2016-06-08 09:48 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\Kuaizip
2016-06-08 08:37 - 2016-06-08 13:55 - 00000000 ____D C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\PPTAssist
2016-06-08 08:36 - 2016-06-08 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\kingsoft
2016-06-08 08:33 - 2016-06-08 12:48 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\Tencent
2016-06-08 08:33 - 2016-06-08 08:33 - 00000000 ____D C:\Program Files\Tencent
2016-06-08 08:33 - 2016-02-18 10:10 - 05267952 _____ () C:\Documents and Settings\atp\Dane aplikacji\ziptool_wc-9015_setup.exe
2016-06-08 08:32 - 2016-06-08 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Tencent
2016-06-08 08:32 - 2016-06-08 13:04 - 00000000 ____D C:\Program Files\UCBrowser
2016-06-08 08:30 - 2016-06-08 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Logic Handler
2016-06-08 08:29 - 2016-06-08 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lamzap
2016-06-08 08:29 - 2016-06-08 08:29 - 06867968 _____ C:\Documents and Settings\atp\Dane aplikacji\agent.dat
2016-06-08 08:29 - 2016-06-08 08:29 - 00018432 _____ C:\Documents and Settings\atp\Dane aplikacji\Main.dat
2016-06-08 08:29 - 2016-06-08 08:25 - 00800256 _____ C:\Documents and Settings\atp\Dane aplikacji\Dalt-Phase.exe
2016-06-08 08:28 - 2016-06-08 13:59 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-06-08 08:28 - 2016-06-08 13:59 - 00000000 ____D C:\Program Files\Caster
2016-06-08 08:28 - 2016-06-08 11:27 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WindowsMsg
2016-06-08 08:28 - 2016-06-08 08:38 - 00000000 ____D C:\Program Files\ttwifi
2016-06-08 08:28 - 2016-06-08 08:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ttwifi
2016-06-08 08:28 - 2016-06-08 08:25 - 00800256 _____ C:\Documents and Settings\atp\Dane aplikacji\Nimflex.exe
2016-06-08 08:25 - 2016-06-08 13:59 - 00000000 ____D C:\Documents and Settings\atp\Dane aplikacji\UPUpdata
2016-06-08 08:25 - 2016-06-08 09:06 - 00000000 ____D C:\Program Files\badu
2016-06-08 08:25 - 2016-06-08 09:00 - 00000000 ____D C:\Documents and Settings\atp\AppData\Local\Apps\2.0
2016-06-08 08:25 - 2016-06-08 08:25 - 00128512 _____ C:\Documents and Settings\atp\Dane aplikacji\Installer.dat
2016-06-08 08:25 - 2016-06-08 08:25 - 00000000 _____ C:\Documents and Settings\atp\Number of results
2016-06-07 10:08 - 2016-06-07 10:02 - 00000924 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-07 10:07 - 2016-06-08 13:59 - 00000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1465286847---
2016-06-08 08:39 - 2016-06-07 20:07 - 10599032 _____ () C:\Documents and Settings\atp\Dane aplikacji\ADSkip.v1.0.523.2103_Silent.exe
2016-06-08 11:25 - 2016-06-07 20:07 - 10599032 _____ () C:\Documents and Settings\atp\Dane aplikacji\ADSkip.v1.0.523.2105_Silent.exe
2016-06-08 08:29 - 2016-06-08 08:29 - 6867968 _____ () C:\Documents and Settings\atp\Dane aplikacji\agent.dat
2016-06-08 08:29 - 2016-06-08 08:25 - 0800256 _____ () C:\Documents and Settings\atp\Dane aplikacji\Dalt-Phase.exe
2016-06-08 08:25 - 2016-06-08 08:25 - 0128512 _____ () C:\Documents and Settings\atp\Dane aplikacji\Installer.dat
2016-06-08 08:29 - 2016-06-08 08:29 - 0018432 _____ () C:\Documents and Settings\atp\Dane aplikacji\Main.dat
2016-06-08 08:28 - 2016-06-08 08:25 - 0800256 _____ () C:\Documents and Settings\atp\Dane aplikacji\Nimflex.exe
2016-06-08 13:15 - 2016-05-04 10:44 - 4232400 _____ (Kingsoft Corp. Ltd.) C:\Documents and Settings\atp\Dane aplikacji\OfficeAssist.0172.80.1384.exe
2016-06-08 11:20 - 2016-04-22 12:39 - 51987648 _____ () C:\Documents and Settings\atp\Dane aplikacji\qqpcmgr_v11.5.17490.219_72530_Silence.exe
2016-06-08 13:16 - 2016-04-22 12:35 - 51987648 _____ () C:\Documents and Settings\atp\Dane aplikacji\qqpcmgr_v11.5.17490.219_72564_Silence.exe
2016-06-08 10:43 - 2016-06-08 10:44 - 0002484 _____ () C:\Documents and Settings\atp\Dane aplikacji\RandomDelJiheReg.exe.lnk
2013-10-21 12:03 - 2016-04-29 12:05 - 0001155 _____ () C:\Documents and Settings\atp\Dane aplikacji\Rim.Desktop.Exception.log
2013-10-21 12:01 - 2013-10-21 12:01 - 0001105 _____ () C:\Documents and Settings\atp\Dane aplikacji\Rim.Desktop.HttpServerSetup.log
2013-10-21 12:03 - 2016-04-29 12:05 - 0001540 _____ () C:\Documents and Settings\atp\Dane aplikacji\Rim.DesktopHelper.Exception.log
2016-06-08 08:39 - 2016-03-03 03:14 - 0656952 _____ (Beijing Hongda wanfang technology Co.,Ltd.) C:\Documents and Settings\atp\Dane aplikacji\setup_31019.exe
2016-06-08 08:33 - 2016-02-18 10:10 - 5267952 _____ () C:\Documents and Settings\atp\Dane aplikacji\ziptool_wc-9015_setup.exe
2013-05-20 09:34 - 2016-04-07 13:41 - 0061952 _____ () C:\Documents and Settings\atp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-05 16:38 - 2013-11-05 16:38 - 0005046 ____C () C:\Documents and Settings\All Users\Dane aplikacji\kpiqtfjp.tfv
2014-01-27 16:34 - 2014-01-27 16:34 - 0000086 ____C () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft.SqlServer.Compact.400.32.bc
C:\Documents and Settings\atp\kauik.exe

Jezeli sie nie usunie, a zapewne tak wlasnie bedzie to uruchom FRST z poziomu WinRe:
http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/ i tam wykonaj podany Fixlist.txt

Po wykonaniu zamiesc nowe logi z FRST.

Kolobos · Accepted Answer

Wykonaj Fixlist.txt z poziomu WinRe, tak jak podalem wczesniej.

Fixlist.txt:
ShortcutWithArgument: C:\Documents and Settings\atp\Pulpit\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\atp\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
S2 ADSkipSvc; C:\Program Files\ADSKIP\ADSkipSvc.exe [X]
R0 AHFFAXAOSO; C:\WINDOWS\System32\Drivers\askProtect.sys [200072 2016-06-08] ()
S2 KuaiZipDrive; \??\C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [X]
S0 xcixbviv; System32\drivers\munakk.sys [X]
2016-06-08 10:24 - 2016-06-08 15:05 - 00200072 _____ C:\WINDOWS\system32\Drivers\askProtect.sys

cyss_cs · Answer

o to logi po naprawie

cyss_cs · Answer

nowe logi po naprawie

Jak usunąć chińskie programy qqpctray i mpc cleaner? Logi FRST w załączniku

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Podsumowanie tematu