
 
Otwórz notatnik systemowy i wklej:

Task: {28C8B3E6-5062-4BB8-97DF-1E02449E28C1} - \RunAtStartup -> Brak pliku <==== UWAGA
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-170733001-2298044035-3983527364-1000\...\MountPoints2: G - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
Tcpip\Parameters: [NameServer] 82.163.143.136 82.163.142.138
Tcpip\..\Interfaces\{D02570EF-CE82-443F-B73C-86D728684568}: [NameServer] 82.163.143.136 82.163.142.138
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Brak nazwy -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> Brak pliku
BHO-x32: KouShuiDang Class -> {25A1EDDD-CAD0-40EE-B868-905EA69DC803} -> C:\Users\xp\AppData\Local\tucao\module\TCHelper.dll [2017-07-17] (koushuidang.cn)
BHO-x32: IE 4.x-6.x BHO for Internet Download Accelerator -> {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -> E:\IDA\idaiehlp.dll [2017-05-15] (WestByte)
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\xp\AppData\Local\htyh\application\htwebHelper.dll [Brak pliku]
2017-08-16 09:37 - 2017-08-16 09:37 - 000000000 ____D C:\AdwCleaner
2017-07-21 16:43 - 2017-07-21 16:43 - 000000000 ____D C:\ProgramData\Microleaves
2017-07-21 16:42 - 2017-08-15 15:27 - 000000000 ____D C:\Program Files (x86)\MefarchIE
2017-07-21 16:42 - 2017-07-29 22:12 - 000000000 ____D C:\ProgramData\8fc9c670-0205-1
2017-07-21 16:42 - 2017-07-29 22:10 - 000000000 ____D C:\ProgramData\8fc9c670-2113-0
2017-07-21 16:42 - 2017-07-27 18:28 - 000000000 ____D C:\Program Files (x86)\MederchU
2017-07-21 16:42 - 2017-07-21 17:55 - 000000000 ____D C:\Program Files (x86)\MayarchUn
2017-07-21 16:42 - 2017-07-21 17:37 - 000000000 ____D C:\Program Files (x86)\MadarchU2
2017-07-21 16:41 - 2017-08-15 15:19 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-07-21 16:41 - 2017-08-11 12:35 - 000000000 ____D C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-07-21 16:41 - 2017-07-21 17:54 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-07-21 16:39 - 2017-07-21 18:09 - 000000000 ____D C:\Program Files (x86)\pccleanplus
2017-07-21 16:39 - 2017-07-21 16:39 - 000000000 ____D C:\Users\xp\AppData\Roaming\Microleaves
2017-07-21 16:38 - 2017-07-21 16:38 - 000000000 ____D C:\Users\xp\AppData\LocalLow\tucao
2017-07-21 16:38 - 2017-07-21 16:38 - 000000000 ____D C:\ProgramData\b055d893-52e3-0
2017-07-21 16:38 - 2017-07-21 16:38 - 000000000 ____D C:\ProgramData\b055d893-2ec3-1
2017-07-21 16:38 - 2017-07-18 17:25 - 002021376 ___SH (Micrasaft Carparation) C:\Windows\C_02iu57.dat
2017-07-21 16:37 - 2017-07-21 16:37 - 000000000 ____D C:\Users\xp\AppData\Roaming\thdr
2017-07-21 16:37 - 2017-07-21 16:37 - 000000000 ____D C:\Users\xp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-07-21 16:37 - 2017-07-21 16:37 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-07-21 16:37 - 2017-07-21 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Zapisując Fixlist kodowanie ustaw na UTF-8