Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [616963146] => C:\ProgramData\msfcoi.exe [172349 2010-11-20] ( (loplkjyhtg))
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\Run: [Regedit32] => C:\Windows\system32\regedit.exe
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\Run: [bdf5daf] => C:\Users\ppp\AppData\Roaming\79995423\bin.exe [45056 2015-01-29] (Erect#Cutlass)
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\Run: [bdf5daf3] => C:\bdf5daf3\bdf5daf3.exe [168448 2015-01-29] ()
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\RunOnce: [*df5daf] => C:\bdf5daf3\bdf5daf3.exe [168448 2015-01-29] ()
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\RunOnce: [*df5daf3] => C:\Users\ppp\AppData\Roaming\bdf5daf3.exe [168448 2015-01-29] ()
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdf5daf3.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-4289905035-2853285035-294384715-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4289905035-2853285035-294384715-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A24BE7E8-F8AB-4245-970F-DC55EB52E8B0}&mid=8b58bf423b5147d0a00cd5343dbe22ef-b8ca92b1bb687ddb4a5a3086e1f58d75346db526&lang=pl&ds=xn011&pr=sa&d=2012-09-23 09:43:38&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4289905035-2853285035-294384715-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4289905035-2853285035-294384715-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4289905035-2853285035-294384715-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={A24BE7E8-F8AB-4245-970F-DC55EB52E8B0}&mid=8b58bf423b5147d0a00cd5343dbe22ef-b8ca92b1bb687ddb4a5a3086e1f58d75346db526&lang=pl&ds=xn011&pr=sa&d=2012-09-23 09:43:38&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: No Name -> {11111111-1111-1111-1111-110611081104} ->No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -No File
Toolbar: HKU\S-1-5-21-4289905035-2853285035-294384715-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF SearchPlugin: C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\s3yghx51.default\searchplugins\bing-avast.xml
FF Extension: Radio Canyon - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\s3yghx51.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2014-11-21]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-29]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S2 Update ClearThink; "C:\Program Files\ClearThink\updateClearThink.exe" [X]
S2 Update EnterDigital; "C:\Program Files\EnterDigital\updateEnterDigital.exe" [X]
S2 Util ClearThink; "C:\Program Files\ClearThink\bin\utilClearThink.exe" [X]
R1 {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw; C:\Windows\System32\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw.sys [43152 2014-11-05] (StdLib)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [52368 2014-08-31] (StdLib)
R1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw; C:\Windows\System32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw.sys [43152 2014-11-09] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 a6mxnglb; No ImagePath
C:\ProgramData\USB Adapter Updater
C:\Users\ppp\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\ppp\AppData\HELP_DECRYPT.HTML
C:\Users\ppp\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\ppp\AppData\HELP_DECRYPT.TXT
C:\Users\ppp\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\ppp\AppData\HELP_DECRYPT.URL
C:\Users\ppp\AppData\Local\HELP_DECRYPT.HTML
C:\Users\ppp\AppData\Local\HELP_DECRYPT.TXT
C:\Users\ppp\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\Users\ppp\AppData\Roaming\bdf5daf3.exe
C:\bdf5daf3
C:\Users\ppp\AppData\Local\svcxdcl32.dat
C:\Users\ppp\AppData\Local\AVG Secure Search
C:\Users\ppp\AppData\Roaming\PStrip.bak
C:\Users\ppp\AppData\Roaming\PStrip.bk!
C:\Users\ppp\AppData\Roaming\PStrip.bko
C:\Users\ppp\AppData\Roaming\PStrip.ini
C:\ProgramData\Ament.ini
C:\ProgramData\msfcoi.exe
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
Task: {024B1614-B2B5-4B1F-9E3F-AED904F58F14} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-1 => C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe <==== ATTENTION
Task: {2B150F44-C9AF-419B-9113-6784911D6E49} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-7 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-7.exe <==== ATTENTION
Task: {33AEBE37-41B0-4A51-A2D5-946AA1BE030C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5086D42A-8424-49EB-917E-FBBAD8C21A39} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-4 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-4.exe <==== ATTENTION
Task: {51DB5CF7-8BD8-4040-9A6E-F44E0122FC90} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-11 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-11.exe <==== ATTENTION
Task: {5FFBE3F9-E413-4925-A75A-0DB17684FE22} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-2 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-2.exe <==== ATTENTION
Task: {60499DC0-5A28-4ACB-82D9-EEDBFD0EE6B9} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-5 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-5.exe <==== ATTENTION
Task: {7CF95A63-2EDB-44DB-8621-441E07D50C65} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-6 => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-6.exe <==== ATTENTION
Task: {7FF04E2A-4ADA-4E78-8051-14C38B739A27} - System32\Tasks\{147C5B5B-9B6A-4018-B996-E962740C960C} => D:\Farming Simulator 2013\FarmingSimulator2013.exe
Task: {82E9DF1B-C6A2-48B1-A4CD-0DE1B74E6497} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A77A496F-4202-4486-8540-1B040E4DBE4D} - System32\Tasks\{E7AA2672-8752-41F6-9F3D-20A508263E5B} => D:\Farming Simulator 2013\FarmingSimulator2013.exe
Task: {BCBDC898-0491-4A95-A50A-591586D27E49} - System32\Tasks\{0EAE639D-D949-47CC-93DF-65339F538DEE} => pcalua.exe -a C:\Users\ppp\Desktop\Win7.exe -d C:\Users\ppp\Desktop
Task: {DDAE25B4-839B-4201-9DD2-6441D063AD7B} - System32\Tasks\6aefd60d-33d5-4c1d-be84-1def778f9c38-5_user => C:\Program Files\Radio Canyon\6aefd60d-33d5-4c1d-be84-1def778f9c38-5.exe <==== ATTENTION
Task: {F2DCEE14-AAC4-4726-A25C-89E2061CC41A} - System32\Tasks\Alam => Rundll32.exe "C:\Windows\system32\racpldlg0.dll",Dlxr
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh advfirewall reset
Hosts:
EmptyTemp:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
W przeglądarce Firefox
Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.
[Aby zobaczyć linki, zarejestruj się tutaj]
Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
Pokaż raport z niego.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt,Shortcut.txt