Otwórz notatnik systemowy i wklej: CloseProcesses: Task: {2A3D4420-EB8D-4D95-9B35-9D586ABB4B1B} - \AutoKMS -> No File <==== ATTENTION Task: {F09EB89C-1F41-4DFC-ADFF-C4E13036A7EE} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_daltn_17_40¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0AyBtBzy0FzyzzzyyBtN0D0Tzu0StBtCtDtAtN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzztCtB0D0FtBtBtGyDyC0BtDtG0AyD0F0CtGtA0C0CyDtGzztBtAyByDzz0CtDyC0BtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0E0FzztBzyyDtGyCtAtBtDtGyEyC0EtCtG0A0E0AtDtGyByDtBtC0B0Ezy0D0EyC0DyC2QtN0A0LzuyE%26cr%3D102100649%26a%3Dwncy_daltn_17_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423357244&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423357291&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423357244&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&q={searchTerms} HKU\S-1-5-21-75475265-1000315647-3360528035-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423357291&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&q={searchTerms} HKU\S-1-5-21-75475265-1000315647-3360528035-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_daltn_17_40¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0AyBtBzy0FzyzzzyyBtN0D0Tzu0StBtCtDtAtN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzztCtB0D0FtBtBtGyDyC0BtDtG0AyD0F0CtGtA0C0CyDtGzztBtAyByDzz0CtDyC0BtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0E0FzztBzyyDtGyCtAtBtDtGyEyC0EtCtG0A0E0AtDtGyByDtBtC0B0Ezy0D0EyC0DyC2QtN0A0LzuyE%26cr%3D102100649%26a%3Dwncy_daltn_17_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-75475265-1000315647-3360528035-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423357291&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309 HKU\S-1-5-21-75475265-1000315647-3360528035-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423357291&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_daltn_17_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0AyBtBzy0FzyzzzyyBtN0D0Tzu0StBtCtDtAtN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzztCtB0D0FtBtBtGyDyC0BtDtG0AyD0F0CtGtA0C0CyDtGzztBtAyByDzz0CtDyC0BtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0E0FzztBzyyDtGyCtAtBtDtGyEyC0EtCtG0A0E0AtDtGyByDtBtC0B0Ezy0D0EyC0DyC2QtN0A0LzuyE%26cr%3D102100649%26a%3Dwncy_daltn_17_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_daltn_17_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0AyBtBzy0FzyzzzyyBtN0D0Tzu0StBtCtDtAtN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzztCtB0D0FtBtBtGyDyC0BtDtG0AyD0F0CtGtA0C0CyDtGzztBtAyByDzz0CtDyC0BtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0E0FzztBzyyDtGyCtAtBtDtGyEyC0EtCtG0A0E0AtDtGyByDtBtC0B0Ezy0D0EyC0DyC2QtN0A0LzuyE%26cr%3D102100649%26a%3Dwncy_daltn_17_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-75475265-1000315647-3360528035-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309&ts=1423357331&type=default&q={searchTerms} FF Homepage: Mozilla\Firefox\Profiles\gkxvgonn.default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423357291&from=obw&uid=WDCXWD1600BEVT-75ZCT2_WD-WXCX0814930949309 FF SearchPlugin: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\gkxvgonn.default\searchplugins\Web Search.xml [2014-04-14] CHR Extension: (Search Manager) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-10-05] CHR Extension: (Search Manager) - C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-10-04] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-75475265-1000315647-3360528035-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-75475265-1000315647-3360528035-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-75475265-1000315647-3360528035-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx S3 TBS; %SystemRoot%\System32\tbssvc.dll [X] S3 EverestDriver; \??\H:\Everest_Ultimate_5_30_1900_Portable\kerneld.wnt [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 {4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw; system32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw.sys [X] S1 {c0915853-fd66-4086-a9ce-b80496d49b3f}Gw; system32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}Gw.sys [X] 2017-10-05 17:49 - 2017-10-05 17:51 - 200428360 _____ (Apple Inc.) C:\Users\Marta\Downloads\iTunesSetup (2).exe 2017-10-04 21:21 - 2017-08-08 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).