
Otwórz notatnik systemowy i wklej:

Task: {0926178B-B501-4D4A-A04E-F4A4CE23E183} - System32\Tasks\TagEgy Video Converter => Rundll32.exe "C:\Program Files\TagEgy Video Converter\TagEgy Video Converter.dll",gLyzEAxVZYP
Task: {7A9E1410-4D2E-494F-B237-E6CFFE1E92CA} - System32\Tasks\SMW_UpdateTask_Time_313538353432343736332d55783745342a2d3432325b57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
Task: {BD45D55B-7920-4673-ACAE-97BB4C91E1FA} - System32\Tasks\Optimals VSTi => Rundll32.exe "C:\Program Files\Optimals VSTi\Optimals VSTi.dll",NWVTQb
Task: {C68CBE40-9BC7-42AA-ABBB-D2C064BF67A7} - System32\Tasks\{3B4476AD-5F2C-40BF-A381-3B171EC92D17} => pcalua.exe -a "F:\Program Files\Pure\Pure.exe" -d "F:\Program Files\Pure"
Task: {FB75EB37-CC80-4479-924C-C2C51040CC58} - System32\Tasks\{CB91148A-6CCB-4622-BBF6-D03B6B537BC8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM
Task: C:\Windows\Tasks\EXORF.job => C:\Users\ďż˝ukasz\AppData\Roaming\EXORF.exe <==== UWAGA
Task: C:\Windows\Tasks\TTIJA.job => C:\Users\ďż˝ukasz\AppData\Roaming\TTIJA.exe <==== UWAGA
WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "Uhzjmedia"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "1Q08FGORMC88QJL"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "UQ3381KM61EIG2I"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "LCGIV8FPQL8878S"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "3ic4hklikng"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "DA22P3Z1D3L4N1K"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "2dohxrsca1v"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "4zwx5voaclz"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "RG7G3GVGU5LPITC"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "PT9G3FO2GVHLQL8"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "csmqvwvnmug"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "S8PD301MVWGPONR"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "kfm4jo2fdvn"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "9L0XU9TSAR9MF03"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "v1indtoeibd"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\StartupApproved\Run: => "3vnx4l3jcif"
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [xryriktfeie] => C:\Users\Łukasz\AppData\Roaming\k05ahrytrea\xphrs3x1egs.exe [7168 2017-06-11] ()
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [siz3y5vayww] => C:\Users\Łukasz\AppData\Roaming\ji4lvgj3q4d\ohcjgveqs0h.exe [7168 2017-06-11] ()
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [GVCJG3SYNI5WPH4] => C:\Program Files\AKUGR1S5A0\AKUGR1S5A.exe [1039872 2017-06-11] (GBE)
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [OKU972TSIWI9FL4] => C:\Program Files\MAYN3H4M6Z\MAYN3H4M6.exe [1039872 2017-06-11] (GBE)
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {0ed6daca-07fd-11e6-82b6-303a64c43e1a} - "E:\Startme.exe" 
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {32f6afd4-489f-11e7-8308-303a64c43e1a} - "E:\autorun.exe" 
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {5861860f-a60b-11e6-82dc-303a64c43e1a} - "E:\autorun.exe" 
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {58618626-a60b-11e6-82dc-303a64c43e1a} - "E:\autorun.exe" 
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\MountPoints2: {d7be286a-dd13-11e6-82e8-303a64c43e1a} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll [2016-12-27] (深圳市猫哈网络科技发展有限公司)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-21]
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-21]
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-21]
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-21]
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-21]
CHR Extension: (Brak nazwy) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-21]
S2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [X]
S2 MaohaWifiSvr; C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe [X] <==== UWAGA
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-06-11 12:10 - 2017-06-11 12:10 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\k05ahrytrea
2017-06-11 12:10 - 2017-06-11 12:10 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\ji4lvgj3q4d
2017-06-11 12:10 - 2017-06-11 12:10 - 00000000 ____D C:\Program Files\MAYN3H4M6Z
2017-06-11 12:10 - 2017-06-11 12:10 - 00000000 ____D C:\Program Files\AKUGR1S5A0
2017-06-10 13:13 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Local\Uhzjmedia
2017-06-10 13:12 - 2017-06-11 11:13 - 00000000 ____D C:\Program Files (x86)\YtubeABlckIE
2017-06-10 13:12 - 2017-06-10 13:12 - 00016750 _____ C:\Windows\System32\Tasks\TagEgy Video Converter
2017-06-10 13:11 - 2017-06-10 13:11 - 00016704 _____ C:\Windows\System32\Tasks\Optimals VSTi
2017-06-10 13:11 - 2017-06-10 13:11 - 00004244 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_313538353432343736332d55783745342a2d3432325b57
2017-06-10 13:11 - 2017-06-10 13:11 - 00000991 _____ C:\Users\Public\Desktop\magicdisk.lnk
2017-06-10 13:11 - 2017-06-10 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk
2017-06-10 13:11 - 2017-06-10 13:11 - 00000000 ____D C:\Program Files (x86)\mgdisk
2017-06-10 13:11 - 2017-06-10 13:11 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-06-10 13:10 - 2017-06-10 16:17 - 00000000 ____D C:\Program Files\YHH00E90UB
2017-06-10 13:10 - 2017-06-10 16:17 - 00000000 ____D C:\Program Files\NMFH8XO2CM
2017-06-10 13:10 - 2017-06-10 16:16 - 00000000 ____D C:\Program Files\LZ42IE79EH
2017-06-10 13:10 - 2017-06-10 16:16 - 00000000 ____D C:\Program Files\J4VNLNPBYT
2017-06-10 13:10 - 2017-06-10 16:16 - 00000000 ____D C:\Program Files\8UDOY4NJM9
2017-06-10 13:10 - 2017-06-10 16:16 - 00000000 ____D C:\Program Files\6XG2EBD00U
2017-06-10 13:10 - 2017-06-10 16:16 - 00000000 ____D C:\Program Files\69DSUISUJY
2017-06-10 13:10 - 2017-06-10 16:15 - 00000000 ____D C:\Program Files (x86)\mvd2cxc2j43
2017-06-10 13:10 - 2017-06-10 16:15 - 00000000 ____D C:\Program Files (x86)\kqntvo4thcc
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\yw4llhfodfl
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\ksmbcc2t1pv
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\jqyttjmlcp3
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\ip3gbkbc4n0
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\hx3c2fpj2cl
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\ar4eoti1hfq
2017-06-10 13:10 - 2017-06-10 15:21 - 00000000 ____D C:\Users\Łukasz\AppData\Roaming\aaqqorlkzvn
2017-06-11 12:23 - 2015-01-24 21:12 - 00000000 ____D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/