CloseProcesses:
CreateRestorePoint:
EmptyTemp:
Multitimer version 1.0 (HKLM-x32\...\Multitimer_is1) (Version: 1.0 - ) <==== ATTENTION
One System Care (HKLM-x32\...\OneSystemCare_is1) (Version: 4.4.0.3 - One System Care) <==== ATTENTION
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
SafeFinder (HKLM-x32\...\{CE81012B-05F2-4641-9253-3D1230840A35}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
TigerTrade Setup 4.3.1 (HKLM-x32\...\TigerTrade Setup 4.3.1) (Version: 4.3.1 - TigerTrade) <==== ATTENTION
YoutubeAdBlock (HKLM-x32\...\1655C0CA-7AE7-4012-8502-970C8675E5F8) (Version: 2.0.0.835 - Company Inc.) <==== ATTENTION
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Task: {14606D1E-EFD3-4E4D-A93A-244BBA2E5B2E} - System32\Tasks\Opera scheduled Autoupdate 1527442111 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {1CC82302-A0EA-44DF-A026-A1983C70695C} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {2555AD5F-3375-4B8C-AC92-569268F17080} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {29F53990-FE1C-419C-9148-0052A79121D0} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {51BAF9E7-F868-4CEE-A594-34476CB3BF0F} - System32\Tasks\{J239HE2K-DJYX-GT3W-4YN2-ABH2SDXTVBVY} => explorer "hxxp://eroiuka.com/cl/?guid=yf03p87fyi9p5hfop61zthhile8k1pwc&prid=1&pid=11_1415_0" <==== ATTENTION
Task: {8D3E73CC-4B97-4623-836B-2F10316CC6E7} - \kQPOAcCRavYRc2 -> No File <==== ATTENTION
Task: {98AC6517-6F90-4975-B3D9-8E76CD033202} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {9C8E8B15-36F7-45BA-9BC8-B23E119C4D86} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
Task: {C2B8F36D-0EF6-4E7B-A460-30CDF7586763} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
Task: {C5D8DD1B-4A4F-4FC4-A86F-99CFF6DD2B5B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {C66C22E7-E43C-4AF0-856D-FF0941900B48} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {E2294FBA-2689-47B3-A349-81E564C83A42} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{J239HE2K-DJYX-GT3W-4YN2-ABH2SDXTVBVY}.job => explorerThttp /eroiuka com cl/?guid yf03p87fyi9p5hfop61zthhile8k1pwc prid pid 11_1415_0DESKTOP LL8TNPO MikiThis is comment
C:\Users\Miki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
HKU\S-1-5-21-3623133826-1210183299-932913162-1001\Software\Classes\exefile:  <==== ATTENTION
FirewallRules: [TCP Query User{920E8A4F-40F0-4233-B248-F16AF1A42A11}E:\a1 najnowsze\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe] => (Allow) E:\a1 najnowsze\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{DF751E1B-2F45-4807-AFB7-CC7D752DE670}E:\a1 najnowsze\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe] => (Allow) E:\a1 najnowsze\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\ProgramData\c4719f13b2\ceudwuuj.lnk [2019-04-14]
ShortcutTarget: ceudwuuj.lnk -> C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\c4719f13b2\ddjcgvvt.lnk [2019-04-14]
ShortcutTarget: ddjcgvvt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{df450caf-797e-47f1-9d5c-e0a5efd306af}: [NameServer] 82.163.143.146,82.163.142.148
Tcpip\..\Interfaces\{df450caf-797e-47f1-9d5c-e0a5efd306af}: [DhcpNameServer] 192.168.0.1
HKU\S-1-5-21-3623133826-1210183299-932913162-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ00r3BrunW_QwvOn21j5upz514xmHPGMmTHRFR4JVoFKIVzrWiyGkAJHhDCEQZMnjZRCLtMu4piMVzu7XpbDlKablmFkXruUmEMFbnaecBXHNvOVtfSHZNscUUtU_8W3QjadBFVR2mY-2wJ8WZaL9WkVkpGn38&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ00r3BrunW_QwvOn21j5upz514xmHPGMmTHRFR4JVoFKIVzrWiyGkAJHhDCEQZMnjZRCLtMu4piMVzu7XpbDlKablmFkXruUmEMFbnaecBXHNvOVtfSHZNscUUtU_8W3QjadBFVR2mY-2wJ8WZaL9WkVkpGn38&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3623133826-1210183299-932913162-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ00r3BrunW_QwvOn21j5upz514xmHPGMmTHRFR4JVoFKIVzrWiyGkAJHhDCEQZMnjZRCLtMu4piMVzu7XpbDlKablmFkXruUmEMFbnaecBXHNvOVtfSHZNscUUtU_8W3QjadBFVR2mY-2wJ8WZaL9WkVkpGn38&q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\87m4950n.default -> file:///C:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\87m4950n.default -> file:///C:/ProgramData/Quoteexs/ff.NT
FF SearchPlugin: C:\Users\Miki\AppData\Roaming\Mozilla\Firefox\Profiles\87m4950n.default\searchplugins\findit.xml [2019-04-14]
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ00r3BrunW_QwvOn21j5upz514xmHPGMmTHRFR4JVoFKIVzrWiyGkAJHhDCEQZMnjZX2hfjPqtMKWPjoRMVmQhou0notCvwpf0BIz7UsISGkuTvlfyofVutVndwjxUDt0t4-g8nAbsW8MSYktzDlujl2OuEP8r
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ00r3BrunW_QwvOn21j5upz514xmHPGMmTHRFR4JVoFKIVzrWiyGkAJHhDCEQZMnjZU_wLPc8CIR0X0muhUrwLKxHFAAppQcNAxBsaOHQBKsyqWyMlbHPtCe2tnPqqAppeuxnw1O9omDw-7NtPTFDcF1oGLGr6&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (chrome_filter) - C:\Users\Miki\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\kljiogdfigecnffccfpmbeefjdfnhnge [2019-04-14]
CHR Extension: (chrome_filter) - C:\Users\Miki\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\kljiogdfigecnffccfpmbeefjdfnhnge [2019-04-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (chrome_filter) - C:\Users\Miki\AppData\Roaming\Opera Software\Opera Stable\Extensions\kljiogdfigecnffccfpmbeefjdfnhnge [2019-04-14]
S2 rcdll; C:\Users\Miki\AppData\Local\Temp\rcdll.exe [60928 2019-04-14] (Microsoft Corporation) [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 localNETService; C:\ProgramData\localNETService\localNETService.exe [X]
S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a <==== ATTENTION
S2 Smart Monitoring; "C:\Program Files (x86)\SmartData\bbaassd.exe" /srv [X]
2019-04-14 22:19 - 2019-04-15 06:10 - 000000000 ____D C:\Users\Miki\AppData\Roaming\gnn1tez3tyg
2019-04-14 22:19 - 2019-04-14 22:48 - 000000000 ____D C:\Program Files\KK5QO0S3A8
2019-04-14 22:19 - 2019-04-14 22:19 - 000000258 __RSH C:\Users\Miki\ntuser.pol
2019-04-14 22:12 - 2019-04-14 23:01 - 000000000 ____D C:\Program Files (x86)\OneSystemCare
2019-04-14 22:12 - 2019-04-14 22:53 - 000000000 ____D C:\Program Files (x86)\BDaKbhYEU
2019-04-14 22:12 - 2019-04-14 22:12 - 000002638 _____ C:\WINDOWS\System32\Tasks\AnVDoMYPdlSYoXw
2019-04-14 22:12 - 2019-04-14 22:12 - 000000000 ____D C:\ProgramData\TDX4OEPW3IFW3TO0TJK2
2019-04-14 22:12 - 2019-04-14 22:12 - 000000000 ____D C:\ProgramData\{E998D8DB-85AE-5872-D698-F1D4D67FA885}
2019-04-14 22:12 - 2019-04-14 22:12 - 000000000 ____D C:\ProgramData\{287A7B2D-2658-9990-203B-131520DC4A44}
2019-04-14 22:11 - 2019-04-15 06:10 - 000000000 ____D C:\Users\Miki\AppData\Roaming\nknqvhlyzaw
2019-04-14 22:11 - 2019-04-14 22:53 - 000000000 ____D C:\Program Files (x86)\mhShVMQuuTUn
2019-04-14 22:11 - 2019-04-14 22:53 - 000000000 ____D C:\Program Files (x86)\aliyBIkXlIE
2019-04-14 22:11 - 2019-04-14 22:48 - 000000000 ____D C:\Program Files\ZJK2OJY4CF
2019-04-14 22:11 - 2019-04-14 22:48 - 000000000 ____D C:\Program Files\Homeville
2019-04-14 22:10 - 2019-04-14 22:53 - 000000000 ____D C:\WINDOWS\SysWOW64\fsgljvpt
2019-04-14 22:10 - 2019-04-14 22:53 - 000000000 ____D C:\ProgramData\c4719f13b2
2019-04-14 22:10 - 2019-04-14 22:48 - 000000000 ____D C:\Program Files (x86)\Espace
2019-04-14 22:10 - 2019-04-14 22:20 - 000000000 _____ C:\ProgramData\0
2019-04-14 22:10 - 2019-04-14 22:10 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-04-14 22:09 - 2019-04-14 23:03 - 000000000 __RHD C:\ProgramData\3FD5E53A
2019-04-14 22:09 - 2019-04-14 22:53 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2019-04-14 22:09 - 2019-04-14 22:18 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2019-04-14 22:09 - 2019-04-14 22:18 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2019-04-14 22:09 - 2019-04-14 22:11 - 000000000 ____D C:\ProgramData\0eVgaZWLTNRJzN
2019-04-14 22:09 - 2019-04-14 22:09 - 000278528 _____ C:\Users\Miki\AppData\Local\cleartool.exe
2019-04-14 22:09 - 2019-04-14 22:09 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2019-04-14 22:09 - 2019-04-14 22:09 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2019-04-14 22:09 - 2019-04-14 22:09 - 000002880 __RSH C:\ProgramData\ntuser.pol
2019-04-14 22:07 - 2019-04-14 22:18 - 000000406 _____ C:\WINDOWS\Tasks\{J239HE2K-DJYX-GT3W-4YN2-ABH2SDXTVBVY}.job
2019-04-14 22:07 - 2019-04-14 22:07 - 000003482 _____ C:\WINDOWS\System32\Tasks\{J239HE2K-DJYX-GT3W-4YN2-ABH2SDXTVBVY}
2019-04-14 22:08 - 2019-04-14 22:08 - 025260414 _____ (TigerTrade ) C:\Users\Miki\AppData\Local\Temp\4958579357.exe
2019-04-14 22:08 - 2019-04-14 22:08 - 000606720 _____ () C:\Users\Miki\AppData\Local\Temp\AppOne.exe
2019-04-14 22:07 - 2019-04-14 22:07 - 000710656 _____ () C:\Users\Miki\AppData\Local\Temp\fhalslk.dll
2019-04-14 22:08 - 2019-04-14 22:08 - 001023169 _____ (360dev ) C:\Users\Miki\AppData\Local\Temp\lightcleanerlightcleaner.exe
2019-04-14 22:09 - 2019-04-14 22:09 - 000060928 _____ (Microsoft Corporation) C:\Users\Miki\AppData\Local\Temp\rcdll.exe
2019-04-14 22:07 - 2019-04-14 22:07 - 000550400 _____ () C:\Users\Miki\AppData\Local\Temp\seescenicelfc.exe
2019-04-14 22:07 - 2019-04-14 22:07 - 000096256 _____ () C:\Users\Miki\AppData\Local\Temp\setup.exe
2019-04-14 22:10 - 2019-04-14 22:10 - 000375522 _____ ( ) C:\Users\Miki\AppData\Local\Temp\xt3zyudae1s.exe
2019-04-14 22:07 - 2019-04-14 22:07 - 003786762 _____ () C:\Users\Miki\AppData\Local\Temp\zernvo.exe
RemoveProxy:
Hosts: