Odinstaluj Java 8 Update 121,Reimage Repair.Otwórz notatnik systemowy i wklej: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {04331410-577D-4BA5-9C49-0657A80159BF} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-07-03] (Reimage ltd.) <==== UWAGA Task: {0CF33E4C-CE3D-490B-8F40-1C07A4F22384} - System32\Tasks\SMW_UpdateTask_Time_3634333038373637342d3437415a556c2a3223346c41 => wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA Task: {30A0A113-C606-4124-8DBD-B23D0C6B7C8D} - System32\Tasks\Bear PC Spy => C:\Windows\system32\rundll32.exe "C:\Program Files\Bear PC Spy\Bear PC Spy.dll",eMzJHusNnHst <==== UWAGA Task: {7B3EBF07-3F44-42AE-B21C-D60B3748BADB} - System32\Tasks\RunAtStartup => C:\Users\Yoogi\AppData\Roaming\Event Monitor\em.exe [2017-05-29] () <==== UWAGA Task: {7B7CE3A6-A06A-40A7-9995-1DF382FF9E4B} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files\YiuAskU\Iw3d7Ud.dll",#1 <==== UWAGA Task: {7BA3520C-045A-4235-8915-EDA6E4EE35D3} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B7835112 => rundll32 "C:\Program Files\MafarchU\SlTMNry.dll",#1 <==== UWAGA Task: {7E52B5BB-5E27-4152-B56E-FE8379E4CB5E} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => rundll32 "C:\Program Files\YiuAskU\Iw3d7Ud.dll",#1 <==== UWAGA Task: {8A86A917-581A-4553-9C1E-26757591392B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== UWAGA Task: {942D70F3-8723-40B3-BC75-732896FA39F8} - System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files\MafarchU2\tRwbN87.dll",#1 Task: {B4829199-E71F-4CBC-AE94-CF5194F07D13} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe Task: {B9494153-118A-46E3-B668-0D1F10700658} - System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files\YiuAskU2\81q7Xn9.dll",#1 Task: {CE7839A1-B552-4126-992B-667228D498EB} - System32\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => rundll32 "C:\Program Files\MafarchU\SlTMNry.dll",#1 <==== UWAGA Task: {DA46E89E-5F6F-44E5-821E-1262AB7B85BC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== UWAGA Task: C:\Windows\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job => C:\Program Files\YiuAskU\Iw3d7Ud.dll <==== UWAGA Task: C:\Windows\Tasks\B3A986DC-C2DD-40A0-8C0C-FEF66B783511.job => C:\Program Files\MafarchU\SlTMNry.dll <==== UWAGA WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h7jzbcnbl1bu,4248c706-03ca-4560-8c17-0c28a0fb0234, ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Yoogi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Yoogi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/ MSCONFIG\startupreg: 9xwfzbr.exe => C:\Users\Yoogi\AppData\Roaming\b7020d26b76b40b3bcf027f9a3027af7\9xwfzbr.exe -r1_1 -r2_2 MSCONFIG\startupreg: i19Q6OJ.exe => C:\Users\Yoogi\AppData\Local\Temp\6c9a1a102f994302b9b14eb106350d43\i19Q6OJ.exe -r1_1 -r2_2 MSCONFIG\startupreg: msiql => C:\Users\Yoogi\AppData\Local\Temp\00007951\msiql.exe /RUNNING MSCONFIG\startupreg: p-uTiYL-Wn.exe => C:\Program Files\Scarlet.Crush Productions\LDY13LURAIRTY2RVJQCOK5ANOYUAKOL9QB\p-uTiYL-Wn.exe MSCONFIG\startupreg: WhdV2oCczld.exe => C:\ProgramData\351f5023a4d2407b9117d4422490b9ee\WhdV2oCczld.exe -r1_1 -r2_2 MSCONFIG\startupreg: YeaDesktop => C:\Program Files\YeaDesktop\YeaDesktop.exe /autostart HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\...\MountPoints2: {ea002615-08e0-11e7-897b-001fd0b439ce} - F:\INSTALL.EXE HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\...\MountPoints2: {ea002619-08e0-11e7-897b-001fd0b439ce} - I:\AutoRun.exe --autorun AppInit_DLLs: C:\ProgramData\Subair\Airlight.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <==== UWAGA GroupPolicyScripts: Ograniczenia <==== UWAGA HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7AR4ZSRkPD_WHSPAm_QXka2QGbZFhwnhdHRE2H570JhpengENSB5IWjXlVeJ-iVZEbluiqsMkD1kayJEsFld_hypLfzM, SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3403083442-3079574581-3742481433-1000 -> {E02CDEB6-D6B8-4EC5-A058-5B91DCB36874} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H7Jzbcnbl1BU,4248c706-03ca-4560-8c17-0c28a0fb0234, SearchScopes: HKU\S-1-5-21-3403083442-3079574581-3742481433-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DQg7_9AB80K5wVBlUMdllUMlxYh5Mrf4hfWocLYVJUoWNAkUDZMuS1oa2b22k7YCAnWGneiwQO9-CGLNC4sbjej5Hvg,&q={searchTerms} BHO: Brak nazwy -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> Brak pliku FF Homepage: Mozilla\Firefox\Profiles\ac7u6p94.default -> C:\ProgramData\Subairs\ff.HP FF NewTab: Mozilla\Firefox\Profiles\ac7u6p94.default -> C:\ProgramData\Subairs\ff.NT FF SearchPlugin: C:\Users\Yoogi\AppData\Roaming\Mozilla\Firefox\Profiles\ac7u6p94.default\searchplugins\findit.xml [2017-07-19] FF Plugin: @haitao.com/npHaitaoPlugin -> C:\Users\Yoogi\AppData\Local\htyh\application\htwebHelper.dll [Brak pliku] CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iY3AhIJvu_GKNPKE0-hBZL6gL1uwQkYF2m9wohMQTurZTo1xYw4BXlzDnpcfG3ATTj-JpbmRD6MTRK7DROTTgGnk6MLyWmrdDgxPfBCA_rFm9khR7M6JyMciiBusp50QT7c-3J5vWbiIMq5XHix2RcDk8DWtQNDUykdlsKMLQE, CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=H7Jzbcnbl1BU,4248c706-03ca-4560-8c17-0c28a0fb0234,&vp=ch&prd=set_ch" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms} CHR DefaultSearchKeyword: Default -> Search Module Plus CHR HKLM\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - CHR HKU\S-1-5-21-3403083442-3079574581-3742481433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (Brak nazwy) - C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdmkclkigoemafepfpiljdlgnoloicom [2017-07-19] OPR Extension: (Brak nazwy) - C:\Users\Yoogi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jenggbjfjblgmpcfejchbpnpineboigk [2017-07-19] S4 Ds3Service; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe" [X] S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] S4 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X] <==== UWAGA S4 updater; "C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe" /runservice [X] 2017-07-19 18:27 - 2017-07-20 11:49 - 00000000 ____D C:\AdwCleaner 2017-07-19 18:14 - 2017-07-19 18:14 - 7320064 _____ () C:\Users\Yoogi\AppData\Local\agent.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 0070800 _____ () C:\Users\Yoogi\AppData\Local\Config.xml 2017-07-19 18:14 - 2017-07-19 18:13 - 2554368 _____ (TODO: ) C:\Users\Yoogi\AppData\Local\Groovein.exe 2017-07-19 18:14 - 2017-07-19 18:14 - 1898550 _____ () C:\Users\Yoogi\AppData\Local\Groovein.tst 2017-07-19 18:13 - 2017-07-19 18:13 - 0016176 _____ () C:\Users\Yoogi\AppData\Local\InstallationConfiguration.xml 2017-07-19 18:13 - 2017-07-19 18:13 - 0140800 _____ () C:\Users\Yoogi\AppData\Local\installer.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 1895383 _____ () C:\Users\Yoogi\AppData\Local\Lotzap.bin 2017-07-19 18:14 - 2017-07-19 18:14 - 0018432 _____ () C:\Users\Yoogi\AppData\Local\Main.dat 2017-07-19 18:14 - 2017-07-19 18:14 - 0005568 _____ () C:\Users\Yoogi\AppData\Local\md.xml 2017-07-19 18:14 - 2017-07-19 18:14 - 0126464 _____ () C:\Users\Yoogi\AppData\Local\noah.dat 2017-07-19 18:13 - 2017-07-19 18:14 - 1847296 _____ () C:\Users\Yoogi\AppData\Local\po.db 2017-07-19 18:14 - 2017-07-19 18:14 - 0032038 _____ () C:\Users\Yoogi\AppData\Local\uninstall_temp.ico 2017-07-19 18:13 - 2017-07-19 18:13 - 0278510 _____ () C:\Users\Yoogi\AppData\Local\Unitough.bin C:\ProgramData\service.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl Pokaż nowy raport z FRST bez Addition i Shortcut.