Odinstaluj AlphaGo-wszystkie wersje.Otwórz notatnik systemowy i wklej: ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku Task: {1DB1BFA1-B5EF-4062-9BA7-952655ED5DC6} - System32\Tasks\{9B9B597B-035F-4F34-98B9-79918530BEF6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\YeaDesktop\unins000.exe" Task: {21E59CB2-8C44-4CBF-96D6-06D175119D2A} - System32\Tasks\842DE247-2F95-42F1-A8A6-A3B7C6786533 => rundll32 "C:\Program Files (x86)\MederchU\uFLZzJj.dll",#1 <==== UWAGA Task: {22F2EF06-EEEE-413A-A21D-47419C5FF8CB} - \Microsoft\Windows\Media Center\VCore -> Brak pliku <==== UWAGA Task: {53AA2F23-EA9A-464E-9DB6-BCF3776E3729} - \Shkasejdetion -> Brak pliku <==== UWAGA Task: {6D3EFC8B-D31D-485A-BA5B-D2E8D348CE51} - System32\Tasks\{66F2A67F-10DB-41AB-B581-48F80EDC7454} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/pl/abandoninstall?page=tsMain Task: {7DDE9575-1A5D-44AD-93C4-2CC8375E67D1} - System32\Tasks\{485EEB66-E4EF-FFCC-BB63-1B567BFDD915} => C:\Users\Pawel\AppData\Roaming\{485EE~1\SYNHEL~1 [Argument = /Check] <==== UWAGA Task: {85399159-97B1-4D28-B14B-E92203AD8F5C} - System32\Tasks\842DE247-2F95-42F1-A8A6-A3B7C67865332 => rundll32 "C:\Program Files (x86)\MederchU\uFLZzJj.dll",#1 <==== UWAGA Task: {EB48E0E6-BFBF-415E-9CFA-9C422AA9CD09} - System32\Tasks\AF9A5517-A7AD-4299-A3C2-BD1DD4D6E61F => rundll32 "C:\Program Files (x86)\MadarchU2\V02wtZi.dll",#1 Task: C:\Windows\Tasks\842DE247-2F95-42F1-A8A6-A3B7C6786533.job => C:\Program Files (x86)\MederchU\uFLZzJj.dll <==== UWAGA Task: C:\Windows\Tasks\{485EEB66-E4EF-FFCC-BB63-1B567BFDD915}.job => C:\Users\Pawel\AppData\Roaming\{485EE~1\SYNHEL~1/CheckPaweł\Pawel0֠< <==== UWAGA Hosts: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5975264 2016-03-14] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\Run: [T0QAGFOBE08OPSK] => C:\Program Files (x86)\ljg5psbsjl1\QO36G.exe [1040896 2017-07-22] (7) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\Run: [3A4CUSOZD85IZIN] => C:\Program Files (x86)\nehrpdyfff0\H6VNC.exe [1040896 2017-07-22] (7) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Pawel\AppData\Local\Temp\ALLRemote.exe [2200144 2017-07-24] (ALLPlayer ) <==== UWAGA Startup: C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware Premium 2.0.2.1012 Serial Keys are Here! [Latest].lnk [2015-04-20] ShortcutTarget: Malwarebytes Anti-Malware Premium 2.0.2.1012 Serial Keys are Here! [Latest].lnk -> C:\ProgramData\{66854e5b-2ec5-6333-6685-54e5b2ec396c}\Malwarebytes Anti-Malware Premium 2.0.2.1012 Serial Keys are Here! [Latest].exe (Brak pliku) GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA FF Extension: (Brak nazwy) - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\lnhjtubk.default-1429555363162\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2017-06-17] FF ProfilePath: C:\Users\Pawel\AppData\Roaming\Firefox\Firefox\Profiles\lnhjtubk.default-1429555363162 [2017-05-27] <==== UWAGA FF Extension: (Brak nazwy) - C:\Users\Pawel\AppData\Roaming\Firefox\Firefox\Profiles\lnhjtubk.default-1429555363162\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-12-17] FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Pawel\AppData\Local\htyh\application\htwebHelper.dll [2017-07-04] (上海子丑六合网络科技有限公司) HKU\S-1-5-21-3344947371-2584253-2552923864-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Dopig\Application\chrome.exe <==== UWAGA S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== UWAGA S2 DsSvc; C:\ProgramData\Package Cache\{00C5024D-925C-4E9E-A8E6-F9B84ABE0DA0}\packages\Win81_SDK\9bcb3fab78e80d68be28892ea7ad46c3.msp:dp [X] <==== UWAGA 2017-07-22 23:02 - 2017-07-22 23:02 - 00000000 ____D C:\Users\Pawel\AppData\LocalLow\TMasech 2017-07-22 23:01 - 2017-07-24 19:13 - 00000300 _____ C:\Windows\Tasks\842DE247-2F95-42F1-A8A6-A3B7C6786533.job 2017-07-22 23:01 - 2017-07-23 15:13 - 00000000 ____D C:\Program Files (x86)\MederchU 2017-07-22 23:01 - 2017-07-23 15:13 - 00000000 ____D C:\Program Files (x86)\MadarchU2 2017-07-22 23:01 - 2017-07-22 23:28 - 00000000 ____D C:\Program Files (x86)\MefarchIE 2017-07-22 23:01 - 2017-07-22 23:27 - 00000000 ____D C:\Program Files (x86)\MayarchUn 2017-07-22 23:01 - 2017-07-22 23:01 - 00003040 _____ C:\Windows\System32\Tasks\AF9A5517-A7AD-4299-A3C2-BD1DD4D6E61F 2017-07-22 23:01 - 2017-07-22 23:01 - 00002706 _____ C:\Windows\System32\Tasks\842DE247-2F95-42F1-A8A6-A3B7C67865332 2017-07-22 23:01 - 2017-07-22 23:01 - 00002554 _____ C:\Windows\System32\Tasks\842DE247-2F95-42F1-A8A6-A3B7C6786533 2017-07-22 23:01 - 2017-07-22 23:01 - 00000000 ____D C:\Users\Pawel\AppData\LocalLow\TutubeBl 2017-07-22 23:01 - 2017-07-22 23:01 - 00000000 ____D C:\Program Files\9USIWL4WNQ 2017-07-22 23:00 - 2017-07-22 23:30 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\iiypxxsj0z1 2017-07-22 23:00 - 2017-07-22 23:30 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\aaoey4mvnwm 2017-07-22 23:00 - 2017-07-22 23:00 - 00000000 ____D C:\Program Files\GLJEGILNZ1 2017-07-22 22:34 - 2017-07-22 22:34 - 00003084 _____ C:\Windows\System32\Tasks\{9B9B597B-035F-4F34-98B9-79918530BEF6} 2017-07-22 22:30 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\5UC8RJPTOI 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\tdvf2vegmna 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\ly15dj0sf1m 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\lo0e4rtsvdg 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\1beqhz4yiqe 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Program Files (x86)\nehrpdyfff0 2017-07-22 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Program Files (x86)\ljg5psbsjl1 2017-07-22 22:29 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\W277W8M72L 2017-07-22 22:29 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\S3M2WFEVXI 2017-07-22 22:29 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\OAMLKK058G 2017-07-22 22:29 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\I91V67PTDS 2017-07-22 22:29 - 2017-07-18 17:25 - 02021376 ___SH (Micrasaft Carparation) C:\Windows\C_02iu57.dat 2017-07-07 22:30 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\uerp0ent2dj 2017-07-07 22:30 - 2017-07-22 22:55 - 00000000 ____D C:\Program Files\WL2QUFM0OQ 2017- -07 22:30 - 2017-07-07 22:30 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\baidu 2017-07-07 22:30 - 2017-07-07 22:30 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\360se6 2017-07-07 22:30 - 2017-07-07 22:30 - 00000000 ____D C:\Users\Pawel\AppData\Local\Tencent 2017-07-07 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\lfpnpbxumtd 2017-07-07 22:29 - 2017-07-22 23:14 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\eeebc30trs1 2017-07-07 22:29 - 2017-07-07 22:29 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HT1H 2017-07-07 22:29 - 2017-07-07 22:29 - 00000000 ____D C:\Users\Pawel\AppData\LocalLow\htyh 2017-07-07 22:29 - 2017-07-07 22:29 - 00000000 ____D C:\Users\Pawel\AppData\Local\htyh 2017-07-07 22:29 - 2017-07-07 22:29 - 00000000 ____D C:\Users\Pawel\AppData\Local\360chrome 2016-05-21 12:59 - 2016-05-21 12:59 - 0127488 _____ () C:\Users\Pawel\AppData\Roaming\Installer.dat 2016-05-21 12:59 - 2016-05-21 12:59 - 0018432 _____ () C:\Users\Pawel\AppData\Roaming\Main.dat C:\Users\Pawel\AppData\Local\Temp\ALLRemote.exe C:\Windows\Tasks\{485EEB66-E4EF-FFCC-BB63-1B567BFDD915}.job EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Zapisując Fixlist kodowanie ustaw na UTF-8 Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść). Pokaż nowy raport z FRST bez Addition i Shortcut.