Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Przeglądarka (i nie tylko) szwankuje

pizmak289 08 Sie 2016 17:41 756 1
  • #2 08 Sie 2016 18:22
    Kolobos
    Spec od komputerów

    Uzyj https://sourceforge.net/projects/adobeflashupdater/files/McAfee%20Security%20Scan%20Remover/ do usuniecia smieci od Mcafee i intela.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {05C96555-28A6-4BD5-890A-6007C776C3EB} - System32\Tasks\{851068BF-21F5-4D80-84DC-A510CE342487} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zunphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zunphase\uninstall.dat" -a uninstallme 81B305B5-BF00-47BE-BB94-DD36D82524CA DeviceId=60d79611-2eea-3fe9-2cb5-f81344fd8b18 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {12318F72-68A6-4410-BCAD-6272BBEF75C6} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== UWAGA
    Task: {187ADB33-5274-4AA7-835D-F32BC2505B01} - System32\Tasks\Fopaing Builder => C:\Program Files (x86)\Shecersyphapaent\FopaingBuilderanh.exe
    Task: {612BDF6D-9856-404A-9CCD-C5E5C835F13D} - System32\Tasks\{C051DA87-3C99-4EE0-B541-F5B9FCCE0D2C} => pcalua.exe -a "C:\Program Files (x86)\sunnyday\uninstaller.exe"
    Task: {646F6612-729C-461C-A2CF-4A9691752BE6} - System32\Tasks\{EC5A1AFC-FF6C-4414-BA35-8B3FCD4026F1} => pcalua.exe -a "C:\Program Files\YueweijieNetTrans\Uninstall.exe"
    Task: {85BED02E-571B-47AA-BC51-5B24C34A4977} - System32\Tasks\{A14DC258-A3FA-43EF-B6A5-F7F8C17DE0D9} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...amp;amp;ver=7.0.0.102&amp;LastError=12002
    Task: {927C3A87-0125-4127-B6AF-E077F2EA0FAE} - System32\Tasks\{6731D727-05CE-4166-8318-530CBF7FBA48} => pcalua.exe -a "C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe"
    Task: {A2399E97-3136-407A-AA59-D0F40E4F76A0} - System32\Tasks\{9520132D-B2BF-4338-A4E9-563909E4E6E6} => pcalua.exe -a "C:\Program Files (x86)\EasyHotspot\uninstaller.exe"
    Task: {A77A5C90-A430-49D3-9CC1-23DD64EBAE02} - System32\Tasks\{9A955774-4F39-4FB6-926D-7BBF0B870388} => pcalua.exe -a C:\Users\witold\AppData\Roaming\YSPackage\Uninstall.exe
    Task: {C1DBDEA5-9592-40E7-B9E7-B8CD0FF5695D} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== UWAGA
    Task: {D8FCE795-0E66-438D-82BF-D4241DA5D708} - System32\Tasks\{99BE2CD5-E9F0-49B9-8E16-C7772374A702} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
    Task: {F605C640-C00A-4B13-B4DE-8403291F0469} - System32\Tasks\b2929b72a96a471893ecaa9c51368bae => C:\Program Files (x86)\vj98143\8nb81B0.bat [2016-08-03] ()
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\witold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc




    ShortcutWithArgument: C:\Users\witold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\witold\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\witold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\witold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\witold\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\witold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\witold\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\witold\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    2016-05-19 16:41 - 2016-05-19 16:41 - 00134656 _____ () C:\Users\witold\AppData\Local\Apps\2.0\abril.exe
    () C:\Users\witold\AppData\Local\Apps\2.0\abril.exe
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [EYAN] => C:\Users\witold\AppData\Roaming\THREADAPP.exe [9216000 2016-07-05] (eee)
    HKLM-x32\...\Run: [sun21] => [X]
    HKU\S-1-5-21-424150862-409665566-849937251-1002\...\MountPoints2: {26b68d18-88ad-11e5-82c9-f8a963a2d0af} - "E:\autorun.exe"
    HKU\S-1-5-21-424150862-409665566-849937251-1002\...\MountPoints2: {60808506-1dca-11e5-82be-f8a963a2d0af} - "E:\Startme.exe"
    HKU\S-1-5-21-424150862-409665566-849937251-1002\...\MountPoints2: {d564b725-c017-11e4-82b7-f8a963a2d0af} - "E:\Startme.exe"
    HKU\S-1-5-21-424150862-409665566-849937251-1002\...\MountPoints2: {f1ba55a2-fc40-11e3-8257-806e6f6e6963} - "D:\LoaderPrawkoS.exe"
    AppInit_DLLs: C:\ProgramData\Quoteex\Keyfind.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Physphase.dll => Brak pliku
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{6F40479E-CBEF-4EB9-95F0-BDCDAEDD9A0C}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{7C4E68AE-33AC-4716-9FAF-BA9F1AAD04E8}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{BCDA5DBD-E252-4019-835E-4504EDA2E744}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{EA3D9C94-C94B-43DA-B2C7-2D8C73205026}: [NameServer] 104.197.191.4
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-424150862-409665566-849937251-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...0PtaJQc8c0u6puCN7DGfHd5YW9_pHtPWXjwG51yMHRg,,,,
    HKU\S-1-5-21-424150862-409665566-849937251-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    HKU\S-1-5-21-424150862-409665566-849937251-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    HKU\S-1-5-21-424150862-409665566-849937251-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    HKU\S-1-5-21-424150862-409665566-849937251-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    HKU\S-1-5-21-424150862-409665566-849937251-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...0PtaJQc8c0u6puCN7DGfHd5YW9_pHtPWXjwG51yMHRg,,,,
    HKU\S-1-5-21-424150862-409665566-849937251-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    HKU\S-1-5-21-424150862-409665566-849937251-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    URLSearchHook: [S-1-5-21-424150862-409665566-849937251-1001] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-424150862-409665566-849937251-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-424150862-409665566-849937251-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-424150862-409665566-849937251-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-424150862-409665566-849937251-1002 -> {7441C106-2EDC-4C48-82D0-2F903C14F411} URL =
    SearchScopes: HKU\S-1-5-21-424150862-409665566-849937251-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ddqi9CioGP6SVGSKYztnvIbzG3sfigj8AqOg,,&q={searchTerms}
    FF NewTab: hxxp://www.youndoo.com/?z=b0f8ac7f87e9736b766...JPVX-22JC3T0_WD-WX21A540301503015&type=hp
    FF DefaultSearchEngine: youndoo
    FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=youndoo
    FF SelectedSearchEngine: youndoo
    FF Keyword.URL: hxxp://www.youndoo.com/search/?z=b0f8ac7f87e9...JC3T0_WD-WX21A540301503015&type=sp&q=
    FF user.js: detected! => C:\Users\witold\AppData\Roaming\Profiles\1fndw489.default\user.js [2016-08-03]
    FF Extension: Adblock Plus - C:\Users\witold\AppData\Roaming\Mozilla\Firefox\Profiles\8rbz4tmh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF Extension: Adblock Plus - C:\Users\witold\AppData\Roaming\Profiles\1fndw489.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [681984 2016-08-03] () [Brak podpisu cyfrowego]
    R2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [168728 2016-07-20] (McAfee, Inc.)
    R4 InstallerWrapperService; C:\Program Files\TrueKey\InstallerWrapperService.exe [47688 2016-07-20] (McAfee, Inc.)
    R2 ProntSpooler; C:\Users\witold\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [Brak podpisu cyfrowego]
    R2 ValenciaEngineHlp; C:\Windows\SysWOW64\coxyzsummary.dll [414448 2015-01-28] ()
    S2 FopaingBuilderanp.exe; "C:\Program Files (x86)\Shecersyphapaent\FopaingBuilderanp.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
    S2 MaohaWifiSvr; C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe [X]
    R2 msvesscript; C:\Windows\system32\drivers\filesysdatapkg.sys [140400 2015-01-28] ()
    R1 viavkrext; C:\Windows\system32\drivers\viavkrext.sys [545384 2016-05-07] () [Brak podpisu cyfrowego]
    R1 vonetframe; C:\Windows\system32\drivers\vonetframe.sys [923240 2016-08-07] () [Brak podpisu cyfrowego]
    S1 MaohaWifiNetPro; \??\C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    2016-08-08 15:20 - 2016-08-08 15:29 - 00000000 ____D C:\Program Files\TrueKey
    2016-08-07 15:48 - 2016-08-07 15:48 - 00000000 ____D C:\Users\witold\AppData\Roaming\Baidu
    2016-08-07 15:37 - 2016-08-07 15:37 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
    2016-08-04 12:36 - 2016-06-23 14:47 - 08300392 _____ (重庆悦微捷科技有限公司) C:\Users\witold\AppData\Roaming\Setup.exe
    2016-08-03 21:38 - 2016-08-03 02:38 - 01611776 _____ C:\Users\witold\AppData\Roaming\ucdlr.exe
    2016-08-03 21:37 - 2016-08-01 06:51 - 01616896 _____ C:\Users\witold\AppData\Roaming\kpzip.exe
    2016-08-03 21:35 - 2016-07-05 07:58 - 09216000 _____ (eee) C:\Users\witold\AppData\Roaming\THREADAPP.exe
    2016-08-03 19:52 - 2016-08-03 06:23 - 00344576 _____ C:\Users\witold\AppData\Roaming\RandomDelJiheReg.exe
    2016-08-03 17:47 - 2016-08-03 17:47 - 00003094 _____ C:\Windows\System32\Tasks\{99BE2CD5-E9F0-49B9-8E16-C7772374A702}
    2016-08-03 17:32 - 2016-08-03 17:32 - 00003102 _____ C:\Windows\System32\Tasks\{C051DA87-3C99-4EE0-B541-F5B9FCCE0D2C}
    2016-08-03 17:27 - 2016-08-03 17:27 - 00003108 _____ C:\Windows\System32\Tasks\{9520132D-B2BF-4338-A4E9-563909E4E6E6}
    2016-08-03 17:01 - 2016-08-03 17:01 - 00000000 ____D C:\Users\witold\AppData\LocalLow000000AE66705D88
    2016-08-03 17:01 - 2016-08-03 17:01 - 00000000 ____D C:\Users\witold\AppData\LocalLow000000AE66705A48
    2016-08-03 16:57 - 2016-08-03 16:57 - 00003118 _____ C:\Windows\System32\Tasks\{6731D727-05CE-4166-8318-530CBF7FBA48}
    2016-08-03 16:55 - 2016-08-03 16:55 - 00000000 ____D C:\Users\witold\AppData\Roaming\MCorp
    2016-08-03 16:53 - 2016-08-03 16:53 - 00003104 _____ C:\Windows\System32\Tasks\{EC5A1AFC-FF6C-4414-BA35-8B3FCD4026F1}
    2016-08-03 16:50 - 2016-08-03 16:50 - 00000000 ____D C:\Users\witold\AppData\LocalLow00000004986A6288
    2016-08-03 16:50 - 2016-08-03 16:50 - 00000000 ____D C:\Users\witold\AppData\LocalLow00000004986A60E8
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\Roaming\Uonifmii
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\Roaming\AveajGhnof
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\LocalLow00000038ADD26018
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\LocalLow00000038ADD25DA8
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\LocalLow\Company
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-08-03 16:15 - 2016-08-03 16:15 - 00000000 ____D C:\Users\witold\AppData\Local\Tempfolder
    2016-08-03 16:14 - 2016-08-03 16:14 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-08-03 15:56 - 2016-08-03 15:56 - 00000000 ____D C:\Users\witold\AppData\Local\ElevatedDiagnostics
    2016-08-03 15:54 - 2016-08-03 15:54 - 00003114 _____ C:\Windows\System32\Tasks\{9A955774-4F39-4FB6-926D-7BBF0B870388}
    2016-08-03 15:53 - 2016-08-03 15:53 - 00003582 _____ C:\Windows\System32\Tasks\{851068BF-21F5-4D80-84DC-A510CE342487}
    2016-08-03 15:48 - 2016-08-06 13:04 - 00000000 ____D C:\Users\witold\AppData\Roaming\Kuaizip
    2016-08-03 15:48 - 2016-08-03 15:48 - 00092872 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2016-08-03 15:48 - 2016-08-03 15:48 - 00000000 ____D C:\Users\witold\AppData\Roaming\Softlink
    2016-08-03 15:48 - 2016-07-01 11:19 - 08284704 _____ (深圳市伟创科技软件有限公司) C:\Users\witold\AppData\Roaming\MaoHaWiFiSetup_262.exe
    2016-08-03 15:47 - 2016-08-08 12:46 - 07616340 _____ C:\Users\witold\AppData\Roaming\setup.apk
    2016-08-03 15:47 - 2016-08-08 12:46 - 00732869 _____ C:\Users\witold\AppData\Roaming\xdo.zip
    2016-08-03 15:46 - 2016-08-03 15:46 - 00000000 ____D C:\Users\witold\AppData\Local\tuto_monetize_120160803
    2016-08-03 15:46 - 2016-08-03 15:46 - 00000000 ____D C:\Users\witold\AppData\Local\csdi_monetize_120160803
    2016-08-03 15:46 - 2016-06-30 09:59 - 05267952 _____ () C:\Users\witold\AppData\Roaming\ziptool_wc-9025_setup.exe
    2016-08-03 15:46 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\witold\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-03 15:45 - 2016-08-04 17:30 - 00000000 ____D C:\Users\witold\AppData\Roaming\UPUpdata
    2016-08-03 15:45 - 2016-08-03 15:45 - 00000000 ____D C:\Users\witold\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2016-08-03 15:42 - 2016-08-03 15:42 - 00008958 _____ C:\Windows\System32\Tasks\Fopaing Builder
    2016-08-03 15:42 - 2016-08-03 15:42 - 00003344 _____ C:\Windows\System32\Tasks\b2929b72a96a471893ecaa9c51368bae
    2016-08-03 15:42 - 2016-08-03 15:42 - 00000000 ___HD C:\Program Files (x86)\vj98143
    2016-08-03 15:40 - 2016-08-03 17:33 - 00000000 ____D C:\Users\witold\AppData\Local\app
    2016-08-03 15:40 - 2016-08-03 15:42 - 00000000 ____D C:\Users\witold\AppData\Local\reerwertyroritainanoves
    2016-08-03 15:40 - 2016-08-03 15:40 - 00000000 ____D C:\Users\witold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
    2016-08-03 15:40 - 2016-08-03 15:38 - 00000372 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-08-03 15:39 - 2016-08-03 15:39 - 00003658 _____ C:\Windows\System32\Tasks\snp
    2016-08-03 15:39 - 2016-08-03 15:39 - 00003246 _____ C:\Windows\System32\Tasks\snf
    2016-08-03 15:38 - 2016-08-07 15:20 - 00000000 ____D C:\ProgramData\Logic Handler
    2016-08-03 15:38 - 2016-08-03 15:39 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-08-03 15:38 - 2016-08-03 15:38 - 02279413 _____ C:\Users\witold\AppData\Roaming\DonQuotop.bin
    2016-08-03 15:38 - 2016-08-03 15:38 - 00126464 _____ C:\Users\witold\AppData\Roaming\noah.dat
    2016-08-03 15:38 - 2016-08-03 15:38 - 00070752 _____ C:\Users\witold\AppData\Roaming\Config.xml
    2016-08-03 15:38 - 2016-08-03 15:38 - 00018432 _____ C:\Users\witold\AppData\Roaming\Main.dat
    2016-08-03 15:38 - 2016-08-03 15:38 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-08-03 15:37 - 2016-08-03 15:38 - 07129600 _____ C:\Users\witold\AppData\Roaming\agent.dat
    2016-08-03 15:37 - 2016-08-03 15:38 - 00005568 _____ C:\Users\witold\AppData\Roaming\md.xml
    2016-08-03 15:37 - 2016-08-03 15:37 - 01905419 _____ C:\Users\witold\AppData\Roaming\Zamstring.tst
    2016-08-03 15:37 - 2016-08-03 15:37 - 00848437 _____ C:\Users\witold\AppData\Roaming\CofDondom.bin
    2016-08-03 15:37 - 2016-08-03 15:37 - 00681984 _____ C:\Users\witold\AppData\Roaming\Zamstring.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 00681984 _____ C:\Users\witold\AppData\Roaming\TechJoydox.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 00129024 _____ C:\Users\witold\AppData\Roaming\Installer.dat
    2016-08-03 15:37 - 2016-08-03 15:37 - 00126464 _____ C:\Users\witold\AppData\Roaming\lobby.dat
    2016-08-03 15:37 - 2016-08-03 15:37 - 00072818 _____ C:\Users\witold\AppData\Roaming\TechJoydox.tst
    2016-08-03 15:37 - 2016-08-03 15:37 - 00054272 _____ C:\Users\witold\AppData\Roaming\ApplicationHosting.dat
    2016-08-03 15:37 - 2016-08-03 15:37 - 00018384 _____ C:\Users\witold\AppData\Roaming\InstallationConfiguration.xml
    2016-08-03 15:37 - 2016-08-03 15:37 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-08-08 17:30 - 2016-05-11 20:30 - 00001045 _____ C:\Users\witold\AppData\Local\5DE9302D0D38
    2016-08-07 15:50 - 2015-01-15 20:08 - 00000000 ____D C:\ProgramData\Baidu Security
    2016-08-07 15:48 - 2015-01-15 20:08 - 00000000 ____D C:\ProgramData\baidu
    2016-08-07 15:27 - 2016-05-22 08:35 - 00799848 _____ C:\Windows\vonetframeHelp.dll
    2016-08-07 15:27 - 2016-05-04 15:40 - 00494696 _____ C:\Windows\viavkrextHelp.dll
    2016-08-07 12:35 - 2016-05-22 08:35 - 00923240 _____ C:\Windows\system32\Drivers\vonetframe.sys
    2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 ____N () C:\Users\witold\AppData\Roaming\a.bat
    2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 ____N () C:\Users\witold\AppData\Roaming\adb.exe
    2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\witold\AppData\Roaming\AdbWinApi.dll
    2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\witold\AppData\Roaming\AdbWinUsbApi.dll
    2016-08-03 15:37 - 2016-08-03 15:38 - 7129600 _____ () C:\Users\witold\AppData\Roaming\agent.dat
    2016-08-03 15:37 - 2016-08-03 15:37 - 0054272 _____ () C:\Users\witold\AppData\Roaming\ApplicationHosting.dat
    2016-08-03 15:37 - 2016-08-03 15:37 - 0848437 _____ () C:\Users\witold\AppData\Roaming\CofDondom.bin
    2016-08-03 15:38 - 2016-08-03 15:38 - 0070752 _____ () C:\Users\witold\AppData\Roaming\Config.xml
    2016-08-03 15:38 - 2016-08-03 15:38 - 2279413 _____ () C:\Users\witold\AppData\Roaming\DonQuotop.bin
    2016-06-28 03:12 - 2016-06-28 03:12 - 0314434 ____N () C:\Users\witold\AppData\Roaming\EYapp.apk
    2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 ____N () C:\Users\witold\AppData\Roaming\fastboot.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 0018384 _____ () C:\Users\witold\AppData\Roaming\InstallationConfiguration.xml
    2016-08-03 15:37 - 2016-08-03 15:37 - 0129024 _____ () C:\Users\witold\AppData\Roaming\Installer.dat
    2016-08-03 21:37 - 2016-08-01 06:51 - 1616896 _____ () C:\Users\witold\AppData\Roaming\kpzip.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 0126464 _____ () C:\Users\witold\AppData\Roaming\lobby.dat
    2016-08-03 15:38 - 2016-08-03 15:38 - 0018432 _____ () C:\Users\witold\AppData\Roaming\Main.dat
    2016-08-03 15:48 - 2016-07-01 11:19 - 8284704 _____ (深圳市伟创科技软件有限公司) C:\Users\witold\AppData\Roaming\MaoHaWiFiSetup_262.exe
    2016-08-03 15:37 - 2016-08-03 15:38 - 0005568 _____ () C:\Users\witold\AppData\Roaming\md.xml
    2016-08-03 15:38 - 2016-08-03 15:38 - 0126464 _____ () C:\Users\witold\AppData\Roaming\noah.dat
    2016-08-03 19:52 - 2016-08-03 06:23 - 0344576 _____ () C:\Users\witold\AppData\Roaming\RandomDelJiheReg.exe
    2016-08-03 15:47 - 2016-08-08 12:46 - 7616340 _____ () C:\Users\witold\AppData\Roaming\setup.apk
    2016-08-04 12:36 - 2016-06-23 14:47 - 8300392 _____ (重庆悦微捷科技有限公司) C:\Users\witold\AppData\Roaming\Setup.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 0681984 _____ () C:\Users\witold\AppData\Roaming\TechJoydox.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 0072818 _____ () C:\Users\witold\AppData\Roaming\TechJoydox.tst
    2016-08-03 21:35 - 2016-07-05 07:58 - 9216000 _____ (eee) C:\Users\witold\AppData\Roaming\THREADAPP.exe
    2016-08-03 21:38 - 2016-08-03 02:38 - 1611776 _____ () C:\Users\witold\AppData\Roaming\ucdlr.exe
    2016-08-03 15:38 - 2016-08-03 15:38 - 0032038 _____ () C:\Users\witold\AppData\Roaming\uninstall_temp.ico
    2016-08-03 15:47 - 2016-08-08 12:46 - 0732869 _____ () C:\Users\witold\AppData\Roaming\xdo.zip
    2016-08-03 15:37 - 2016-08-03 15:37 - 0681984 _____ () C:\Users\witold\AppData\Roaming\Zamstring.exe
    2016-08-03 15:37 - 2016-08-03 15:37 - 1905419 _____ () C:\Users\witold\AppData\Roaming\Zamstring.tst
    2016-08-03 15:46 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\witold\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-03 15:46 - 2016-06-30 09:59 - 5267952 _____ () C:\Users\witold\AppData\Roaming\ziptool_wc-9025_setup.exe
    2016-05-11 20:30 - 2016-08-08 17:30 - 0001045 _____ () C:\Users\witold\AppData\Local\5DE9302D0D38
    2015-05-31 12:09 - 2015-05-15 05:09 - 0272368 _____ () C:\ProgramData\RecallDown.exe
    C:\ProgramData\RecallDown.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    0