1. Otwórz notatnik i wklej:
CloseProcesses:
S3 avchv; system32\DRIVERS\avchv.sys [X]
U3 DfSdkS; No ImagePath
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
C:\Users\Janusz\AppData\Local\CRE\mgmlmilcijjjdfkpcflebfjiggchohji.crx
CHR HKLM\...\Chrome\Extension: [mgmlmilcijjjdfkpcflebfjiggchohji] - C:\Users\Janusz\AppData\Local\CRE\mgmlmilcijjjdfkpcflebfjiggchohji.crx [2014-02-18]
CHR HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mgmlmilcijjjdfkpcflebfjiggchohji] - C:\Users\Janusz\AppData\Local\CRE\mgmlmilcijjjdfkpcflebfjiggchohji.crx [2014-02-18]
C:\Users\Janusz\AppData\Local\CRE\mgmlmilcijjjdfkpcflebfjiggchohji.crx
FF Extension: Freemake Youtube Download Button - E:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-07-25]
FF Extension: No Name - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\u6r1ebi9.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\u6r1ebi9.default\extensions\faststartff@gmail.com [Not Found]
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\CambridgeApplicationInstaller.exe
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\...\MountPoints2: {8c8b1bed-2624-11e4-9dfe-00196662e0a9} - H:\LGAutoRun.exe
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3013653136-3469707925-1407267543-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
2015-02-18 15:52 - 2015-02-18 15:58 - 00000000 ____D () E:\Program Files\WinThruster
2015-02-18 15:52 - 2015-02-18 15:58 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\Solvusoft
2015-02-18 15:52 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-01-12 16:47 - 2015-01-12 16:47 - 0000024 ___SH () C:\Users\Janusz\AppData\Roaming\1D959CA221C7573.sys
2013-11-12 18:15 - 2013-11-12 18:15 - 0000268 ___RH () C:\Users\Janusz\AppData\Roaming\Console
2013-11-12 18:15 - 2013-11-12 18:15 - 0000268 ___RH () C:\Users\Janusz\AppData\Roaming\Contents
2014-01-03 10:18 - 2014-01-03 10:18 - 0159200 _____ () C:\Users\Janusz\AppData\Roaming\CrashRpt1402.dll
2014-02-05 09:48 - 2014-03-30 12:36 - 0087608 _____ () C:\Users\Janusz\AppData\Roaming\inst.exe
2015-01-05 12:54 - 2015-01-05 12:54 - 1357348 _____ () C:\Users\Janusz\AppData\Roaming\MatroskaSplitter.exe
2014-02-05 09:48 - 2014-03-30 12:36 - 0007887 _____ () C:\Users\Janusz\AppData\Roaming\pcouffin.cat
2014-02-05 09:48 - 2014-03-30 12:36 - 0001144 _____ () C:\Users\Janusz\AppData\Roaming\pcouffin.inf
2014-02-05 09:48 - 2014-03-30 12:36 - 0000055 _____ () C:\Users\Janusz\AppData\Roaming\pcouffin.log
2014-02-05 09:48 - 2014-03-30 12:36 - 0047360 _____ (VSO Software) C:\Users\Janusz\AppData\Roaming\pcouffin.sys
2015-01-05 12:54 - 2015-01-05 12:54 - 7760687 _____ (Boraxsoft) C:\Users\Janusz\AppData\Roaming\SetupGFD.exe
2015-01-12 16:47 - 2015-01-12 16:47 - 0000024 ___SH () C:\Users\Janusz\AppData\Roaming\System5908ConfigCollection.dat
2015-01-05 12:54 - 2015-01-05 12:54 - 0117723 _____ () C:\Users\Janusz\AppData\Roaming\yuvcodecs-1.3.exe
2014-05-21 09:35 - 2014-05-21 09:35 - 0000090 _____ () C:\Users\Janusz\AppData\Local\config.ini
2013-11-05 18:34 - 2013-11-05 18:34 - 0001102 _____ () C:\Users\Janusz\AppData\Local\recently-used.xbel
2014-10-05 11:38 - 2014-10-05 11:38 - 0000008 __RSH () C:\ProgramData\3213D85744.sys
2013-11-12 18:15 - 2013-11-12 18:15 - 0000268 ___RH () C:\ProgramData\CustomDataViews
2014-03-10 13:48 - 2014-03-10 13:48 - 0004948 _____ () C:\ProgramData\cyzlxojr.ycm
2013-11-12 18:15 - 2013-11-12 18:15 - 0000268 ___RH () C:\ProgramData\Dance
2014-10-05 11:38 - 2014-10-05 16:20 - 0003766 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-01-12 13:38 - 2015-01-12 13:38 - 0005033 _____ () C:\ProgramData\mzemgkrx.fuc
2013-11-12 18:11 - 2013-11-12 19:06 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2013-11-12 18:15 - 2013-11-12 18:15 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{AF02484C-A0A9-4669-9051-058AB12B9195}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3013653136-3469707925-1407267543-1001_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> No File Path
Task: {4B39656E-1F18-4208-98F6-995BFB08DF0C} - \{D2719BA8-7242-4FCA-8BEC-8CE3CDD97CEC} No Task File <==== ATTENTION
Task: {5BC94A81-ACBA-4D40-93E3-9831350D87F9} - \{8ADC4711-70B0-4128-8C95-DEA8C833E820} No Task File <==== ATTENTION
Task: {8E184C97-2A86-48D2-AE61-9CD3634EDD5E} - \{BAC6CEA4-2AC9-4496-96D3-EB6F4767DC7E} No Task File <==== ATTENTION
Task: {9C373F0B-9834-4C8A-8B8F-80622E1CD16A} - \{E1F4FE2F-3103-4E87-8AD7-0ED0759E9F47} No Task File <==== ATTENTION
Task: {A36424AB-EB03-48AB-9D6B-BFC440A4FF1A} - \{4594AC19-9750-4BBC-9FCF-6525AF959419} No Task File <==== ATTENTION
Task: {A48EE8A9-6EDB-436D-935E-8A81FC95A8F1} - System32\Tasks\GoogleUpdateTaskMachineUA => E:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {A6A27E5E-B4BB-4AA7-A983-5111F268512D} - \{9CF9CF15-030E-47CC-8839-0EE89593932A} No Task File <==== ATTENTION
Task: {A6F44605-F368-4EFC-B863-73BC367964D2} - System32\Tasks\AnVir Task Manager => E:\Program Files\AnVir Task Manager Free\anvir.exe [2013-07-16] (AnVir Software)
Task: {B8F2AE64-0D4A-4D19-94BE-4DCE8E50E68D} - System32\Tasks\JetCleanLoginCheckUpdate => E:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {C0C22BFD-5FD7-469E-92A8-79AF5E8C35A8} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {C112568C-C16B-4757-A888-ECA1AF6F9A61} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {C4784CC9-14B0-43A1-BB7A-8D3AF5E33AF5} - \{A0C1041B-60E3-4978-9ABD-6B588E356471} No Task File <==== ATTENTION
Task: {C6C68649-B7A0-464B-B09E-230EEBAFBA92} - \{1D8B10B6-9075-4747-B0A7-C1F814293126} No Task File <==== ATTENTION
Task: {C7595DB4-1C50-4459-A890-13B595900405} - System32\Tasks\GoogleUpdateTaskMachineCore => E:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {CB20C04E-A0B3-4858-BC02-7A39DBFBC307} - \{69E4A9F5-B8FF-427D-A95C-4B865108FD23} No Task File <==== ATTENTION
Task: {E708C285-32CD-4656-852E-1CF4509FFF7C} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7
AlternateDataStreams: C:\Users\Janusz\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e
C:\Users\Janusz\AppData\Local\desktop.ini
Emptytemp:
Plik zapisz pod nazwą
fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w
Fix.
2. Użyj >
Dostępne tylko dla zarejestrowanych użytkowników najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt
3. Uruchom
Dostępne tylko dla zarejestrowanych użytkowników. Wciśnij dowolny klawisz i czekaj, aż skończy się operacja. (
UWAGA: podczas pobierania, programy mogą wskazywać, że to jest zagrożenie, proszę to zignorować). Pokaż raport.
4. Wykonaj i wklej nowe logi z FRST. Dołącz raport z TDSSKiller:
Dostępne tylko dla zarejestrowanych użytkowników
