Otwórz notatnik systemowy i wklej: Task: {FDE00A49-CBA8-48D4-AA4E-D21DDFBF730F} - System32\Tasks\OptiTransByop => Rundll32.exe "C:\Program Files\OptiTransByop\OptiTransByop.dll",vWTJvR <==== UWAGA WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA AlternateDataStreams: C:\WINDOWS\system32\Drivers\yqdwgtak.sys:changelist [862] AlternateDataStreams: C:\WINDOWS\system32\Drivers\zuruxklg.sys:changelist [862] HKLM\...\Run: [gplyra] => C:\Users\efusc\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== UWAGA HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1216466868-3178556606-3610138414-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [2694144 2017-07-04] () <==== UWAGA ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Windows\C_02iu57.dat [2017280 2017-07-10] (Micrasaft Carparation) FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\efusc\AppData\Local\htyh\application\htwebHelper.dll [Brak pliku] CHR Extension: (海淘1号) - C:\Users\efusc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh [2017-06-29] S1 yqdwgtak; C:\WINDOWS\system32\drivers\yqdwgtak.sys [55168 2017-07-14] (Microsoft Corporation) S1 zuruxklg; C:\WINDOWS\system32\drivers\zuruxklg.sys [55168 2017-07-14] (Microsoft Corporation) 2017-07-14 03:23 - 2017-07-14 03:24 - 00000000 ____D C:\AdwCleaner 2017-07-14 03:18 - 2017-07-14 03:18 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\yqdwgtak.sys 2017-07-14 03:16 - 2017-07-14 03:16 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\zuruxklg.sys 2017-07-14 03:10 - 2017-07-14 03:10 - 00016808 _____ C:\WINDOWS\System32\Tasks\OptiTransByop 2017-07-14 03:09 - 2017-07-14 03:10 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 2017-07-14 03:09 - 2017-07-14 03:09 - 00000000 ____D C:\Users\efusc\AppData\Roaming\UCChannel 2017-07-14 03:09 - 2017-07-14 03:09 - 00000000 ____D C:\Users\efusc\AppData\Roaming\gplyra 2017-07-14 03:09 - 2017-07-14 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 2017-07-14 03:09 - 2017-07-10 09:25 - 02017280 ___SH (Micrasaft Carparation) C:\WINDOWS\C_02iu57.dat 2017-07-14 03:08 - 2017-07-14 03:08 - 0011568 _____ () C:\Users\efusc\AppData\Local\InstallationConfiguration.xml 2017-07-14 03:08 - 2017-07-14 03:08 - 0140800 _____ () C:\Users\efusc\AppData\Local\installer.dat 2017-07-14 03:08 - 2017-07-14 03:08 - 1847296 _____ () C:\Users\efusc\AppData\Local\po.db C:\Users\efusc\AppData\Roaming\gplyra\gplyra\start.cmd C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Zapisując Fixlist kodowanie ustaw na UTF-8 Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/