Wirus sejheb.exe, soccartuwc.exe hemkajdoa.exe i inne

[ding37]

Witam ostatnio pobrałem grę z torrentów, a z nią milion dodatkowych programików.
Jak mogę się tego pozbyć? (w załącznikach skany)

[ordynat]

1) Otwórz Notatnik i wklej w nim:

Replace: C:\Windows\winsxs\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
RemoveDirectory: C:\Program Files (x86)\GreatMaker
RemoveDirectory: C:\Program Files (x86)\LuDaShi
RemoveDirectory: C:\Program Files (x86)\Quzother
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Geunfy
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Tincan
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\D-tech
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Roundtouch
RemoveDirectory: C:\Program Files (x86)\sbqh
RemoveDirectory: C:\Program Files (x86)\UCBrowser
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\CoupSeek
RemoveDirectory: C:\Program Files (x86)\Common Files\Ventoeco
RemoveDirectory: C:\Program Files (x86)\EasyHotspot
RemoveDirectory: C:\Program Files\Dentoholding
RemoveDirectory: C:\Windows\lineholdings
RemoveDirectory: C:\Users\Bartek-komputer\Donelectrics
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\istartsurf
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\GowvePitpagf
RemoveDirectory: C:\Windows\Stripcity
RemoveDirectory: C:\Users\Bartek-komputer\zotelectronics
RemoveDirectory: C:\Users\Bartek-komputer\Transflex
RemoveDirectory: C:\Users\Bartek-komputer\Ganja-lane
RemoveDirectory: C:\Program Files\Canesolozap
RemoveDirectory: C:\Windows\system32\puuu
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Local\Roundtaxon
RemoveDirectory: C:\ProgramData\zencare
RemoveDirectory: C:\ProgramData\Flexplex
RemoveDirectory: C:\ProgramData\Fasedexon
RemoveDirectory: C:\Program Files\Common Files\Technotouch
RemoveDirectory: C:\Program Files\Common Files\Joydexon
RemoveDirectory: C:\Program Files\Common Files\Geofase
RemoveDirectory: C:\Program Files\Common Files\Faxlane
RemoveDirectory: C:\Windows\system32\xov
RemoveDirectory: C:\ProgramData\Freshlex
RemoveDirectory: C:\Program Files\Common Files\Treehow
RemoveDirectory: C:\Program Files\Common Files\zath-trax
RemoveDirectory: C:\Users\Bartek-komputer\siliconbam
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Tempkix
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Local\Donice
RemoveDirectory: C:\Program Files\Common Files\Plextone
RemoveDirectory: C:\ProgramData\Daltflex
RemoveDirectory: C:\Users\Bartek-komputer\Viataxon
RemoveDirectory: C:\ProgramData\Biotouch
RemoveDirectory: C:\Windows\Zaamphase
RemoveDirectory: C:\Windows\Toughstreet
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Refind
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\Redtechnology
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Roaming\kongreen
RemoveDirectory: C:\Users\Bartek-komputer\AppData\Local\Kondexon
RemoveDirectory: C:\ProgramData\Medis
RemoveDirectory: C:\Program Files\howtrans
RemoveDirectory: C:\Windows\system32\rhno
RemoveDirectory: C:\ProgramData\Ranelectrics
RemoveDirectory: C:\ProgramData\Zaplane
RemoveDirectory: C:\ProgramData\Ganja-lane
C:\Users\Bartek-komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
HKLM-x32\...\Run: [mbot_pl_197] => [X]
HKLM-x32\...\Run: [gmsd_pl_97] => [X]
HKLM-x32\...\Run: [gmsd_pl_118] => [X]
HKLM-x32\...\Run: [app] => C:\Program Files (x86)\sbqh\uc.exe
HKLM-x32\...\Run: [win_en_77] => [X]
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v app /f
Reg: reg delete HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v CoupSeek /f
Reg: reg delete HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v svchost0 /f
ShortcutWithArgument: C:\Users\Bartek-komputer\Desktop\chrome — skrót.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Bartek-komputer\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Bartek-komputer\AppData\Local\cobckstizatainwotcult\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Bartek-komputer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Bartek-komputer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a4d7269b192d0c21\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=gholdomphatcoperdom
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
FirewallRules: [{090942C4-667A-4D74-B785-8A278156D6C8}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{6AEB1F07-9A84-4C8F-8345-7835F345FB77}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{2102272E-A49A-4F20-85EC-47D39E0CBAD5}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{F6611327-2584-4C1F-8BC5-70B443D5F0A1}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [CoupSeek] => C:\Users\Bartek-komputer\AppData\Roaming\CoupSeek\scpsk.exe
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
Tcpip\..\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{AC74C4EA-54FC-4B39-B2F4-1309246B9D72}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{AED59159-61E6-45A8-80E3-11B307D8F76F}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 104.197.191.4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouafJvKam94QvZYEi9VA_ikdtcs8c6WFS3aN2faC1TK5JfHq22DSGp-dRCf1qtmSue8FzGQdlLQHDgtJ5x9tM8-3hrYbqSzaIrniUmA9WYzzLPcK3epPpZmgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouafJvKam94QvZYEi9VA_ikdtcs8c6WFS3aN2faC1TK5JfHq22DSGp-dRCf1qtmSueO6MehIQSpaKwMYqjU2HfyFTgjbK8rmROu0v59NuSB2IAKABj6AeYTt3A7zt_oRfL3U4hXVIlyYeWdkynd-Zh81ZVzO
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=dspp&ts=1432642715&z=110abf7360b5af65248a704gczacfo9q7z7ocmfo5g&from=amt&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouafJvKam94QvZYEi9VA_ikdtcs8c6WFS3aN2faC1TK5JfHq22DSGp-dRCf1qtmSue8FzGQdlLQHDgtJ5x9tM8-3hrYbqSzaIrniUmA9WYzzLPcK3epPpZmgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouafJvKam94QvZYEi9VA_ikdtcs8c6WFS3aN2faC1TK5JfHq22DSGp-dRCf1qtmSue8FzGQdlLQHDgtJ5x9tM8-3hrYbqSzaIrniUmA9WYzzLPcK3epPpZmgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1432664108&z=1231e66792fa4ca28484320gfz9cfobq5q9z7gag2c&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&ts=1432664168&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&ts=1432664168&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&ts=1432664168&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&ts=1432664168&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1432642706&z=77ca9f0e3a8f1ddc7d5832cg6z1cco6qfzeo1m5g2o&from=amt&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5
CHR HomePage: gholdomphatcoperdom -> hxxp://google.pl/
CHR StartupUrls: gholdomphatcoperdom -> "search.mpc.am"
CHR Profile: C:\Users\Bartek-komputer\AppData\Local\Google\Chrome\User Data\gholdomphatcoperdom [2016-10-02] <==== UWAGA
R2 D-tech; C:\Users\Bartek-komputer\AppData\Roaming\D-tech\D-tech.exe [8192 2016-09-01] () [Brak podpisu cyfrowego]
R2 Noije; C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Geunfy.exe [170496 2016-08-11] () [Brak podpisu cyfrowego]
R2 Roundtouch; C:\Users\Bartek-komputer\AppData\Roaming\Roundtouch\Roundtouch.exe [8704 2016-09-01] () [Brak podpisu cyfrowego]
R2 Tincan; C:\Users\Bartek-komputer\AppData\Roaming\Tincan\Tincan.exe [17920 2016-09-01] () [Brak podpisu cyfrowego]
R2 Viokdojvaf; C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [Brak podpisu cyfrowego]
S2 Bokvunnu; "C:\Users\Bartek-komputer\AppData\Roaming\GowvePitpagf\Lurzem.exe" -cms [X]
S2 GhbMdlcln.exe; "C:\Program Files (x86)\Quzother\GhbMdlcln.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
NETSVCx32: HpSvc -> Brak ścieżki do pliku.
2016-09-01 07:59 - 2016-09-01 07:59 - 7118336 _____ () C:\Users\Bartek-komputer\AppData\Roaming\agent.dat
2016-09-01 07:59 - 2016-09-01 07:59 - 0054272 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ApplicationHosting.dat
2015-05-26 14:20 - 2015-05-26 14:20 - 2035200 _____ (Cinema PlusV16.03) C:\Users\Bartek-komputer\AppData\Roaming\BYAIAMUF.exe
2016-09-01 07:59 - 2016-09-01 07:59 - 0071232 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Config.xml
2016-09-01 08:00 - 2016-09-01 08:00 - 2279413 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Dento-Air.bin
2016-09-01 07:59 - 2016-09-01 07:57 - 0707072 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Flexcanlab.exe
2016-09-01 07:59 - 2016-09-01 07:59 - 0072817 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Flexcanlab.tst
2016-09-01 07:58 - 2016-09-01 07:58 - 0018336 _____ () C:\Users\Bartek-komputer\AppData\Roaming\InstallationConfiguration.xml
2016-09-01 07:58 - 2016-09-01 07:58 - 0138240 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Installer.dat
2016-09-01 07:59 - 2016-09-01 07:59 - 0126464 _____ () C:\Users\Bartek-komputer\AppData\Roaming\lobby.dat
2016-09-01 07:59 - 2016-09-01 07:59 - 0018432 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Main.dat
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Mb0XY8zQc.exe
2016-09-01 07:59 - 2016-09-01 07:59 - 0005568 _____ () C:\Users\Bartek-komputer\AppData\Roaming\md.xml
2016-09-01 07:59 - 2016-09-01 07:59 - 0126464 _____ () C:\Users\Bartek-komputer\AppData\Roaming\noah.dat
2016-09-01 07:58 - 2016-09-01 07:58 - 0848565 _____ () C:\Users\Bartek-komputer\AppData\Roaming\StanFining.bin
2016-09-01 07:59 - 2016-09-01 07:57 - 0707072 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ZotSaillab.exe
2016-09-01 07:59 - 2016-09-01 07:59 - 1901856 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ZotSaillab.tst
2015-05-26 20:16 - 2015-05-26 20:16 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nshE004.tmp
2015-05-26 15:03 - 2015-05-26 15:02 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nsiF46.tmp
2015-05-26 15:55 - 2015-05-26 15:55 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nskCDA2.tmp
Task: {3680AFC7-D0F9-4362-8BB6-C62900637D01} - System32\Tasks\{22323569-3259-4387-8F53-E1926E9B0B33} => pcalua.exe -a "C:\Program Files (x86)\EasyHotspot\uninstaller.exe"
Task: {45E94B56-CD60-405C-9025-10D09D8E5E73} - System32\Tasks\{6A4F924A-229C-44DC-831C-D04AAEC1716D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ventoeco\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ventoeco\uninstall.dat" -a uninstallme 7FAB3DAF-735D-478B-A8BD-430D56118197 DeviceId=8538d97e-5f2a-82f6-65fa-41fe264b7dda BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn
Task: {527CC4AF-C667-4225-BC6C-A2815562F376} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System Transaction Task => C:\Program Files\Dentoholding\Techiholding.exe [2016-07-26] ()
Task: {57F5407B-5116-46A1-A7D8-841C4F428FC3} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Windows\lineholdings\unolab.exe [2016-07-26] ()
Task: {5CF00236-9C25-4FAA-AEDB-BCFDAC5E2C97} - System32\Tasks\{0A0F3EA3-4B01-47EB-9DE4-D02CFA39520B} => pcalua.exe -a C:\Users\Bartek-komputer\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=squadm
Task: {B30076B0-A072-47BC-B44F-52772E5953F4} - System32\Tasks\Microsoft\Windows\Media Center\SecurityCenterUpdate => C:\Users\Bartek-komputer\Donelectrics\siliconbam.exe [2016-07-26] ()
Task: {DAB62ECF-6EF8-4D53-A05E-15C9FE88E26C} - System32\Tasks\Ghubodomtices Module => C:\Program Files (x86)\Quzother\GhbMdlzqs.exe
HOSTS:
EmptyTemp:

>>Menu Notatnika >> Plik >>
>>Zapisz jako >>
Nazwa pliku: fixlist
Zapisz jako typ: Dokumenty tekstowe
Kodowanie: Unicode
>>Zapisz
Plik umieść w folderze C:\Users\Bartek-komputer\Downloads\frst64
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) W Google Chrome jest ustawiony jako domyśny profil adware (nazwa na dysku gholdomphatcoperdom, ale w opcjach prawdopodobnie user0). Wymagana całkowita zmiana profilu.
Menu Ustawienia > karta Ustawienia > Osoby > Dodaj nową osobę i uruchom Chrome z poziomu tego profilu, a okno poprzedniego zamknij.
Następnie w ustawieniach skasuj poprzedni profil.

3) Zrób nowe logi FRST - już bez Shortcut.
.