Otwórz notatnik systemowy i wklej: CustomCLSID: HKU\S-1-5-21-560449224-3561805689-3965242287-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Łukasz\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {64624521-03EB-45C6-9202-3C42AC1BDAD8} - System32\Tasks\Łukasz => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Łukasz /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== ATTENTION Task: {6AF390E7-DEBA-4382-85D3-0DED4F569400} - System32\Tasks\{8625DC3C-60D6-4966-B106-B687A9CCF47A} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/pl/go/help.faq.installer?LastError=1618 HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\Run: [Łukasz] => explorer.exe hxxp://ozirizsoos.info <==== ATTENTION HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {09df87c7-50c3-11e5-826e-7429af2c1710} - "J:\SETUP.EXE" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {28bb8f77-3392-11e5-826b-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {3ce6438f-6321-11e7-82c4-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {51640575-0407-11e7-82b0-7429af2c1710} - "I:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {8086c471-23dd-11e5-826b-7429af2c1710} - "G:\setup.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {9a3eda61-3e8f-11e5-826b-7429af2c1710} - "H:\setup.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {9a3edabd-3e8f-11e5-826b-7429af2c1710} - "I:\SETUP.EXE" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {a6452ef5-64a0-11e7-82c4-7429af2c1710} - "G:\startme.exe" HKU\S-1-5-21-560449224-3561805689-3965242287-1001\...\MountPoints2: {fc6db86f-c85c-11e6-82a7-7429af2c1710} - "H:\startme.exe" IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\capture.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\connect.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\coreldrw.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\corelpp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\extendscript toolkit 2.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\fontnav.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\lu.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\poptoastprocess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\vfconfig.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" IFEO\xperiacompanion.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-560449224-3561805689-3965242287-1001 -> {5015E38D-A252-4453-84DB-13C6D198372A} URL = Tożsamość1=C:\Users\Łukasz\Documents\Draco Organizer\Tożsamość1\ [not found] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx S3 BITCOMET_HELPER_SERVICE; H:\Flash\prog\BitComet\tools\BitCometService.exe -service [X] S2 Update Special Box; "C:\Program Files (x86)\Special Box\updateSpecialBox.exe" [X] S2 Util Special Box; "C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe" [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] 2018-01-29 09:24 - 2018-01-29 09:54 - 000000000 ____D C:\AdwCleaner EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw.