Odinstaluj przez Dodaj/Usuń AlphaGo,BZip version 1.0,KingCoouPon,Microsoft Security Essentials,mkfabdcpfmdkhlgngccmkbbmideddbig.Otwórz notatnik systemowy i wklej: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-15767563-2575837698-2306030566-1012\...\Run: [background_fault] => "C:\Users\Szymonek_2\AppData\Local\background_fault\aswRD.exe" "C:\Users\Szymonek_2\AppData\Local\background_fault\bf.dll",background_fault_collector <==== UWAGA HKU\S-1-5-21-15767563-2575837698-2306030566-1012\...\Run: [SteamServerBrowser] => C:\Program Files (x86)\SteamServerBrowser\SteamServerBrowser.exe [228352 2017-02-26] () HKU\S-1-5-21-15767563-2575837698-2306030566-1012\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-15767563-2575837698-2306030566-1012\...\Run: [mkfabdcpfmdkhlgngccmkbbmideddbig] => "C:\Users\Szymonek_2\AppData\Roaming\mkfabdcpfmdkhlgngccmkbbmideddbig\python\pythonw.exe" "C:\Users\Szymonek_2\AppData\Roaming\mkfabdcpfmdkhlgngccmkbbmideddbig\ml.py" --APPNAME="mkfabdcpfmdkhlgngccmkb (dane wartości zawierają 11 znaków więcej). <==== UWAGA HKU\S-1-5-18\...\Run: [GenieFloater] => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494335863&z=78dd262ce36de105fe441a8gdzet0z8c0cew1bbq5m&from=che0812&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435056148&from=mych123&uid=st500dm002-1bd142_w2amfjqnxxxxw2amfjqn&z=94775781a98a94eb647e22cgdz0ccw2ebw2q7gezcm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435056148&from=mych123&uid=st500dm002-1bd142_w2amfjqnxxxxw2amfjqn&z=94775781a98a94eb647e22cgdz0ccw2ebw2q7gezcm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435056148&from=mych123&uid=st500dm002-1bd142_w2amfjqnxxxxw2amfjqn&z=94775781a98a94eb647e22cgdz0ccw2ebw2q7gezcm SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496237580&z=9cc2b81c193f8c9a2ab558egazctfq1o9c3m1w1b4b&from=che0812&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496237580&z=9cc2b81c193f8c9a2ab558egazctfq1o9c3m1w1b4b&from=che0812&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496237580&z=9cc2b81c193f8c9a2ab558egazctfq1o9c3m1w1b4b&from=che0812&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN&q={searchTerms} SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-15767563-2575837698-2306030566-1012 -> {3248E828-1B35-43C0-94BE-99D9B79ADBFD} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=151 SearchScopes: HKU\S-1-5-21-15767563-2575837698-2306030566-1012 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493721707&z=e1d0acfc5d25dea4581085cg3zat1c7m4o5g5m6gcg&from=ypid&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN&q={searchTerms} SearchScopes: HKU\S-1-5-21-15767563-2575837698-2306030566-1012 -> {6DF2D8CE-EC21-487F-A309-FA18AE1153E3} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}&r=186 SearchScopes: HKU\S-1-5-21-15767563-2575837698-2306030566-1012 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = CHR StartupUrls: Profile 2 -> "hxxp://www.ourluckysites.com/?type=hp&ts=1493721707&z=e1d0acfc5d25dea4581085cg3zat1c7m4o5g5m6gcg&from=ypid&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN" CHR DefaultSearchURL: Profile 2 -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1493721707&z=e1d0acfc5d25dea4581085cg3zat1c7m4o5g5m6gcg&from=ypid&uid=ST500DM002-1BD142_W2AMFJQNXXXXW2AMFJQN&q={searchTerms} CHR DefaultSearchKeyword: Profile 2 -> ourluckysites CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-14] CHR Extension: (Adblocker for Youtube™) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-09-06] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-14] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-05] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Quick Searcher v16.2) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-06] CHR Extension: (Brak nazwy) - C:\Users\Szymonek_2\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19] CHR HKU\S-1-5-21-15767563-2575837698-2306030566-1012\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (Adblocker for Youtube™) - C:\Users\Szymonek_2\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-09-06] S2 Corteli File Checker; C:\Program Files (x86)\Corteli\File Checker\updater\0.0.0.11\runner_service\service.exe [36352 2017-09-06] (CloudBees, Inc.) [Brak podpisu cyfrowego] S2 Windows Node; C:\Windows\WinKit\0.0.0.115\daemon\service.exe [X] R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA S1 {0ca29851-3273-497e-b859-b648c9a6fe3a}t; C:\Windows\System32\drivers\{0ca29851-3273-497e-b859-b648c9a6fe3a}t.sys [55872 2015-03-05] (StdLib) R1 {0ca29851-3273-497e-b859-b648c9a6fe3a}w64; C:\Windows\System32\drivers\{0ca29851-3273-497e-b859-b648c9a6fe3a}w64.sys [48832 2014-12-01] (StdLib) R1 {27b3e6ee-4db5-4837-b077-4680439131f4}w64; C:\Windows\System32\drivers\{27b3e6ee-4db5-4837-b077-4680439131f4}w64.sys [48736 2016-02-10] (StdLib) S1 {cc30460f-753f-44d9-b58c-13dae1321968}t; C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}t.sys [55232 2014-05-22] (StdLib) R1 {cc30460f-753f-44d9-b58c-13dae1321968}w64; C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys [61120 2014-05-22] (StdLib) R1 {e087dbd9-26a2-4265-be90-fcd3ab1b0247}w64; C:\Windows\System32\drivers\{e087dbd9-26a2-4265-be90-fcd3ab1b0247}w64.sys [48832 2014-11-28] (StdLib) R1 {f9b36afe-8f89-4e92-9187-52451fe87825}w64; C:\Windows\System32\drivers\{f9b36afe-8f89-4e92-9187-52451fe87825}w64.sys [48832 2014-11-27] (StdLib) 2017-09-06 19:00 - 2017-09-07 17:30 - 000000000 ____D C:\AdwCleaner 2017-09-06 18:47 - 2017-09-06 18:47 - 000000000 ____D C:\Users\Szymonek_2\AppData\Local\UCBrowser 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\otjwmz4awfp 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\okisnqmeqap 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\n04y5hj1drz 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\mddvxjackfx 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\fsm4pelr0kp 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\ZL7NHHU1PM 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\VCRN4GUS35 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\UBOY0G4WD6 2017-09-06 18:27 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\6MDVJFSF1V 2017-09-06 18:26 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\lzp3x12qa1p 2017-09-06 18:26 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\IVZ4SQ6VK3 2017-09-06 18:16 - 2017-09-06 18:16 - 007327744 _____ C:\Users\Szymonek_2\AppData\Local\agent.dat 2017-09-06 18:16 - 2017-09-06 18:16 - 001900814 _____ C:\Users\Szymonek_2\AppData\Local\Whitesoft.tst 2017-09-06 18:16 - 2017-09-06 18:16 - 000278509 _____ C:\Users\Szymonek_2\AppData\Local\Biolux.bin 2017-09-06 18:16 - 2017-09-06 18:16 - 000126464 _____ C:\Users\Szymonek_2\AppData\Local\noah.dat 2017-09-06 18:16 - 2017-09-06 18:16 - 000070800 _____ C:\Users\Szymonek_2\AppData\Local\Config.xml 2017-09-06 18:16 - 2017-09-06 18:16 - 000005568 _____ C:\Users\Szymonek_2\AppData\Local\md.xml 2017-09-06 18:16 - 2017-09-06 18:14 - 002554368 _____ (TODO: ) C:\Users\Szymonek_2\AppData\Local\Whitesoft.exe 2017-09-06 18:15 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\vy53s3gkdut 2017-09-06 18:15 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\juqx5lrpnir 2017-09-06 18:15 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\YJMNFO7KDT 2017-09-06 18:15 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\A8K6BUGNQJ 2017-09-06 18:14 - 2017-09-07 16:58 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\nana 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\ykhnxllgddu 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\o1ppyk4kfvf 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\ahrsw2as1bh 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\KVKVNDK1YD 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files\B8R1N2SQEW 2017-09-06 18:14 - 2017-09-06 18:57 - 000000000 ____D C:\Program Files (x86)\kbi4ynsgtps 2017-09-06 18:14 - 2017-09-06 18:14 - 000140800 _____ C:\Users\Szymonek_2\AppData\Local\installer.dat 2017-09-06 18:14 - 2017-09-06 18:14 - 000001522 _____ C:\Windows\Tasks\Nokia 6680 USB OBEX.job 2017-09-06 18:14 - 2017-09-06 18:14 - 000000000 ____D C:\Program Files (x86)\BZip 2017-09-06 18:13 - 2017-09-06 18:57 - 000000000 ____D C:\Users\Szymonek_2\AppData\Roaming\dwr45aublvn 2017-09-06 18:16 - 2017-09-06 18:16 - 007327744 _____ () C:\Users\Szymonek_2\AppData\Local\agent.dat 2017-09-06 18:16 - 2017-09-06 18:16 - 000278509 _____ () C:\Users\Szymonek_2\AppData\Local\Biolux.bin 2017-09-06 18:16 - 2017-09-06 18:16 - 000070800 _____ () C:\Users\Szymonek_2\AppData\Local\Config.xml 2017-09-06 18:14 - 2017-09-06 18:14 - 000140800 _____ () C:\Users\Szymonek_2\AppData\Local\installer.dat 2017-09-06 18:16 - 2017-09-06 18:16 - 000005568 _____ () C:\Users\Szymonek_2\AppData\Local\md.xml 2017-09-06 18:16 - 2017-09-06 18:16 - 000126464 _____ () C:\Users\Szymonek_2\AppData\Local\noah.dat 2017-09-06 18:16 - 2017-09-06 18:14 - 002554368 _____ (TODO: ) C:\Users\Szymonek_2\AppData\Local\Whitesoft.exe 2017-09-06 18:16 - 2017-09-06 18:16 - 001900814 _____ () C:\Users\Szymonek_2\AppData\Local\Whitesoft.tst Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl