Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński wirus - logi z FRST

Agnieszkamaz 14 Cze 2016 23:36 747 1
  • #1 14 Cze 2016 23:36
    Agnieszkamaz
    Poziom 1  

    Witam. Również mam ten problem. Proszę o pomoc, bo nie chciała bym usunąć plików systemowych. Błagam o pomoc i dokładną instrukcję :( Moje FRST

    Moderowany przez RADU23:

    Posty wydzieliłem jako nowy temat.
    Nie podpinaj się pod cudze wątki. Powoduje to bałagan na forum.

    0 1
  • #2 14 Cze 2016 23:54
    Kolobos
    Spec od komputerów

    Odinstaluj:
    hohosearch - Uninstall
    PDF Reader Packages
    Word Viewer Packages

    Uruchom system w trybie awaryjnym.
    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    CustomCLSID: HKU\S-1-5-21-157694594-3333364823-1719010826-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    Task: {041E46E7-C757-4A66-814E-98F8F7846F22} - \BitGuard -> Brak pliku <==== UWAGA
    Task: {5BC0FDA7-0A24-4870-93DA-80A38148513D} - System32\Tasks\Qiqerylugase Cloud => C:\Program Files (x86)\Qiqerylugase\QqrCloudtsk.exe <==== UWAGA
    Task: {6C63FEDF-DF45-4B16-881A-D590778CCB26} - System32\Tasks\MPC AdCleaner => C:\Program Files (x86)\MPC AdCleaner\AdCleaner.exe <==== UWAGA
    Task: {783D30A3-D113-4DC7-9CB6-522CB2C6A5E1} - System32\Tasks\{0E0C24A5-E0A2-4006-883B-6D0864FD7514} => pcalua.exe -a "C:\Program Files (x86)\Hostify\uninstaller.exe"
    Task: {7A9B101C-700C-4BD5-8A7B-E2AA76BC08C4} - System32\Tasks\tasklist => C:\Users\User\AppData\Roaming\UPUpdata\service72564.exe [2016-06-13] ()
    Task: {A006F048-8ADD-4E18-8DDB-25E5E9F81304} - \crxbroBrowserUpdateCore -> Brak pliku <==== UWAGA
    Task: {B05BFFEF-3697-479A-A4CE-FF3BF3EC46A7} - \crxbroBrowserUpdateUA -> Brak pliku <==== UWAGA
    Task: {B0D56AD6-CD1F-46CA-AD8E-62C21A36FD7F} - System32\Tasks\{71FFABCB-A1EE-7504-61B3-33834292B0EE} => C:\Users\User\AppData\Roaming\PRICEF~1\PRODUC~1.EXE <==== UWAGA
    Task: {B6E6D9CD-3762-421C-9067-87257D709738} - \bbjoin_crr_uninst Updater -> Brak pliku <==== UWAGA
    Task: {BFA2F644-82D2-4B5A-96A3-0E800CA190E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {D2F641B5-A48B-461B-93F3-506CF759B2FE} - \crxbroCheckTask -> Brak pliku <==== UWAGA
    Task: {D6D621EF-FF30-4BBE-982E-5DC970A54B90} - System32\Tasks\UserIgnitersPrudesV2 => Rundll32.exe FoyersInterferometries.dll,main 7 1 <==== UWAGA
    Task: {F95B75A5-0B6D-48E6-B529-E32E3837CDD3} - System32\Tasks\{2BCC19F8-364B-4E93-AB25-7DE608FD4AEB} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe" -d "C:\Program Files (x86)\mpck"
    Task: C:\WINDOWS\Tasks\{71FFABCB-A1EE-7504-61B3-33834292B0EE}.job =>
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA (yeabests)
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    2016-06-13 16:02 - 2016-06-13 16:02 - 00170496 _____ () C:\Users\User\AppData\Roaming\Ucajfutq\Ucajfutq.exe




    2016-06-13 17:00 - 2016-06-13 17:00 - 01945600 _____ () C:\Users\User\AppData\Roaming\UPUpdata\service72564.exe
    2016-06-13 16:02 - 2016-06-13 16:02 - 00112128 _____ () C:\Users\User\AppData\Roaming\Ucajfutq\Pagmejbeaa.exe
    2016-06-13 17:00 - 2016-06-13 17:00 - 01902080 _____ () C:\Users\User\AppData\Roaming\UPUpdata\msiql.exe
    2016-06-13 16:02 - 2016-06-13 16:02 - 00258560 _____ () C:\Users\User\AppData\Roaming\Ucajfutq\Pagmejbeaa.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\zlib.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-06-14 21:24 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xImage.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\GF.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libpng.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00083136 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00169152 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00337088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00264896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\Win10ToastNotification.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00251072 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\GF.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\xGraphic32.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\zlib.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libexpatw.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\tinyxml.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\arkGraphic.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgImage.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgIOStub.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libpng.dll
    2016-06-14 21:24 - 2016-06-14 21:24 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libjpegturbo.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    () C:\Users\User\AppData\Roaming\Ucajfutq\Ucajfutq.exe
    () C:\Users\User\AppData\Roaming\UPUpdata\service72564.exe
    () C:\Users\User\AppData\Roaming\Ucajfutq\Pagmejbeaa.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUsbGuard.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    () C:\Users\User\AppData\Roaming\UPUpdata\msiql.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-06-14] (Tencent)
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\...\Run: [QGuan10in1] => C:\Users\User\AppData\Roaming\UPUpdata\service72564.exe [1945600 2016-06-13] ()
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\...\Run: [msiql] => C:\Users\User\AppData\Roaming\UPUpdata\msiql.exe [1902080 2016-06-13] ()
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\...\Run: [apphide2] => C:\Program Files (x86)\badu\uc.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll [2016-06-14] (Tencent)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-157694594-3333364823-1719010826-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{3091b705-844b-41b7-a161-b646506eb0d6}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{62e5e4ae-3f1c-4055-b9b9-a08e03be3809}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{7a9a65da-7143-4336-9417-ac9199910bcd}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{82d80a70-0d4a-435d-a2bb-1fab857e0db0}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{a29251c1-efce-44c7-99d1-1f17f1c5d56a}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{af17c065-fa78-11e5-82a4-806e6f6e6963}: [NameServer] 104.197.191.4
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.hao123.com/?tn=90098758_hao_pg
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://pl.yhs4.search.yahoo.com/yhs/search?hs...vast&hsimp=yhs-001&type=odc414&p={searchTerms}
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://pl.search.yahoo.com/?&fr=hp-avast&type=odc414
    HKU\S-1-5-21-157694594-3333364823-1719010826-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.hao123.com/?tn=90098758_hao_pg
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
    SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://pl.yhs4.search.yahoo.com/yhs/search?hs...vast&hsimp=yhs-001&type=odc414&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-157694594-3333364823-1719010826-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
    SearchScopes: HKU\S-1-5-21-157694594-3333364823-1719010826-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-157694594-3333364823-1719010826-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-157694594-3333364823-1719010826-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://pl.yhs4.search.yahoo.com/yhs/search?hs...vast&hsimp=yhs-001&type=odc414&p={searchTerms}
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-06-14] (Tencent)
    BHO-x32: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-06-14] (Tencent Technology (Shenzhen) Company Limited)
    CHR StartupUrls: ChromeDefaultData2 -> "hxxp://do-search.com/?type=hp&ts=1431861671&z=b64549233714ed540b46699gezec5g6b0q7geqdmco&from=cor&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02815023500600005037","search.mpc.am"
    R2 Peopqavv; C:\Users\User\AppData\Roaming\Ucajfutq\Ucajfutq.exe [170496 2016-06-13] () [Brak podpisu cyfrowego]
    R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-06-14] (Tencent)
    U2 QQRepaircc7; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepaircc7 [147176 2016-06-14] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-14] ()
    S2 QQRepair22ef; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepair22ef" [X]
    S3 blNetFilter; C:\WINDOWS\system32\drivers\blNetFilter.sys [54664 2016-05-11] ()
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
    R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-06-14] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-06-14] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-14] ()
    R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-06-14] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-06-14] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-06-14] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-14] (Tencent)
    S1 TsDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-06-14] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-06-14] ()
    R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-06-14] (电脑管家)
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
    S0 FENBPDYVCY; System32\Drivers\askProtect64.sys [X]
    U3 idsvc; Brak ImagePath
    2016-06-14 23:07 - 2016-06-14 23:09 - 00000000 ____D C:\AdwCleaner
    2016-06-14 22:40 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\User\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-06-14 22:17 - 2016-06-14 22:19 - 00000000 _____ C:\Users\User\Rundll32.exe
    2016-06-14 22:17 - 2016-06-14 22:19 - 00000000 _____ C:\Users\User\DefaultScope
    2016-06-14 21:59 - 2015-09-01 05:26 - 01099376 _____ C:\Users\User\AppData\Roaming\inst_buychannel_01.exe
    2016-06-14 21:57 - 2016-06-14 23:23 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
    2016-06-14 21:24 - 2016-06-14 21:24 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2016-06-14 21:24 - 2016-06-14 21:24 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-06-14 21:23 - 2016-04-22 09:45 - 51987648 _____ C:\Users\User\AppData\Roaming\qqpcmgr_v11.5.17490.219_90061_Silence.exe
    2016-06-13 18:56 - 2016-06-14 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-06-13 18:16 - 2016-06-14 23:23 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-06-13 18:13 - 2016-06-13 18:13 - 00001315 _____ C:\WINDOWS\system32\Drivers\cherimoya.sys.lnk
    2016-06-13 17:58 - 2016-05-31 11:24 - 47941296 _____ (Maxthon International ltd.) C:\Users\User\AppData\Roaming\mx_4bz2016_en.exe
    2016-06-13 17:45 - 2016-06-13 17:45 - 00000000 ____D C:\Users\User\AppData\Roaming\MCorp
    2016-06-13 17:37 - 2016-06-13 17:37 - 00003310 _____ C:\WINDOWS\System32\Tasks\{2BCC19F8-364B-4E93-AB25-7DE608FD4AEB}
    2016-06-13 17:27 - 2016-06-13 17:27 - 00003424 _____ C:\WINDOWS\System32\Tasks\MPC AdCleaner
    2016-06-13 17:17 - 2016-06-13 17:17 - 00000000 ____D C:\WINDOWS\system32\car
    2016-06-13 17:10 - 2016-06-14 21:31 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98E45C91-0A36-45C6-AD14-86F0B3DB6C9C}
    2016-06-13 17:08 - 2016-06-13 17:08 - 00003250 _____ C:\WINDOWS\System32\Tasks\{0E0C24A5-E0A2-4006-883B-6D0864FD7514}
    2016-06-13 17:04 - 2016-06-14 21:24 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2016-06-13 17:03 - 2016-06-14 21:24 - 00097400 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2016-06-13 17:03 - 2016-06-14 21:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Tencent
    2016-06-13 17:03 - 2016-06-13 17:03 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-06-13 17:03 - 2016-04-25 20:55 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
    2016-06-13 17:02 - 2016-06-14 23:02 - 00000298 _____ C:\WINDOWS\Tasks\{71FFABCB-A1EE-7504-61B3-33834292B0EE}.job
    2016-06-13 17:02 - 2016-06-14 21:26 - 00000000 ____D C:\ProgramData\Tencent
    2016-06-13 17:02 - 2016-06-13 17:17 - 00000000 ____D C:\Users\User\AppData\Local\app
    2016-06-13 17:02 - 2016-06-13 17:02 - 00003520 _____ C:\WINDOWS\System32\Tasks\UserIgnitersPrudesV2
    2016-06-13 17:02 - 2016-06-13 17:02 - 00002838 _____ C:\WINDOWS\System32\Tasks\{71FFABCB-A1EE-7504-61B3-33834292B0EE}
    2016-06-13 17:01 - 2016-06-13 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Ucajfutq
    2016-06-13 17:01 - 2016-06-13 17:01 - 00000000 ____D C:\Users\User\AppData\LocalLow\Company
    2016-06-13 17:01 - 2016-06-13 17:01 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
    2016-06-13 17:01 - 2016-05-11 07:56 - 00054664 _____ () C:\WINDOWS\system32\Drivers\blNetFilter.sys
    2016-06-13 17:01 - 2016-04-22 12:39 - 51987648 _____ C:\Users\User\AppData\Roaming\qqpcmgr_v11.5.17490.219_72530_Silence.exe
    2016-06-13 17:00 - 2016-06-14 23:24 - 00000000 ____D C:\Users\User\AppData\Roaming\UPUpdata
    2016-06-13 17:00 - 2016-06-13 17:02 - 00000000 ____D C:\Users\User\AppData\Roaming\zd3pO
    2016-06-13 17:00 - 2016-06-13 17:01 - 00009056 _____ C:\WINDOWS\System32\Tasks\Qiqerylugase Cloud
    2016-06-13 17:00 - 2016-06-13 17:01 - 00000000 ____D C:\Program Files (x86)\Libasaraming
    2016-06-13 17:00 - 2016-06-13 17:00 - 00128512 _____ C:\Users\User\AppData\Roaming\Installer.dat
    2016-06-13 17:00 - 2016-06-13 17:00 - 00011568 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
    2016-06-13 17:00 - 2016-06-13 17:00 - 00003134 _____ C:\WINDOWS\System32\Tasks\tasklist
    2016-06-13 17:00 - 2016-06-13 17:00 - 00000000 ____D C:\Users\User\AppData\Local\tuto_monetize_120160613
    2016-06-13 16:59 - 2016-06-13 17:20 - 00000000 ____D C:\Program Files (x86)\mpck
    2016-06-13 16:59 - 2016-06-13 16:59 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
    2015-02-09 12:52 - 2015-02-09 12:52 - 6103040 _____ () C:\Program Files (x86)\GUT8F83.tmp
    2016-06-13 17:00 - 2016-06-13 17:00 - 0011568 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
    2016-06-13 17:00 - 2016-06-13 17:00 - 0128512 _____ () C:\Users\User\AppData\Roaming\Installer.dat
    2016-06-14 21:59 - 2015-09-01 05:26 - 1099376 _____ () C:\Users\User\AppData\Roaming\inst_buychannel_01.exe
    2016-06-13 17:58 - 2016-05-31 11:24 - 47941296 _____ (Maxthon International ltd.) C:\Users\User\AppData\Roaming\mx_4bz2016_en.exe
    2016-06-06 17:46 - 2016-06-06 17:46 - 0000112 _____ () C:\Users\User\AppData\Roaming\Preferencje wtyczki JP2K CS6
    2016-06-13 17:01 - 2016-04-22 12:39 - 51987648 _____ () C:\Users\User\AppData\Roaming\qqpcmgr_v11.5.17490.219_72530_Silence.exe
    2016-06-14 21:23 - 2016-04-22 09:45 - 51987648 _____ () C:\Users\User\AppData\Roaming\qqpcmgr_v11.5.17490.219_90061_Silence.exe
    2016-06-14 22:40 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\User\AppData\Roaming\ziptool_wc-9015_setup.exe
    2012-09-10 19:16 - 2014-01-02 18:39 - 0004608 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    C:\Users\User\BESTplayer.exe
    C:\Users\User\Rundll32.exe
    C:\Windows\Tasks\{71FFABCB-A1EE-7504-61B3-33834292B0EE}.job
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Uzyj RepairDNS (napraw zainfekowane pliki) i zamiesc log, ktory sie utworzy:
    https://www.elektroda.pl/rtvforum/download.php?id=731083
    Oraz zamiesc nowe logi z FRST, ze skanowania, utworzone PO uzyciu RepairDNS.

    0