Odinstaluj SafeFinder.Otwórz notatnik systemowy i wklej: Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {151CD052-A7D8-4CC1-929B-337A7D0100AB} - \Online Application V2G2 -> Brak pliku <==== UWAGA Task: {1E985394-07CC-4E47-840F-78C8C27314BB} - \Online Application V2G6 -> Brak pliku <==== UWAGA Task: {56DD17FD-9BD8-4008-B375-5BED80AEA015} - \Online Application V2G3 -> Brak pliku <==== UWAGA Task: {6B7A5A4A-B0D0-4542-87CD-A904C7405EF8} - \AutoPico Daily Restart -> Brak pliku <==== UWAGA Task: {74E5B920-C84F-49CD-AB6E-23967CDD602B} - System32\Tasks\psv_Zooity => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\BioWarm.reg" & del "C:\ProgramData\Quoteex\BioWarm.reg" & SCHTASKS /Delete /TN "psv_Zooity" /F <==== UWAGA Task: {878F8D45-A4E8-4E0B-BD3B-C0EBD40BEA41} - \Online Application V2G5 -> Brak pliku <==== UWAGA Task: {8DC36648-1187-4BBC-ADFB-B4D367351E09} - \snf -> Brak pliku <==== UWAGA Task: {A52B6ECD-1E54-4EF3-AAD9-CF4C6C83F911} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA Task: {A56BC88D-D027-4B41-B8FC-91F018AC716E} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {E19F096C-933F-491D-A884-73C7403B6807} - \Online Application V2G4 -> Brak pliku <==== UWAGA Task: {EBEAC276-0645-4B9B-9E58-AC19C45BA587} - \Online Application V2G1 -> Brak pliku <==== UWAGA Task: {EF00BE60-9B40-418C-932D-2940FC780D50} - \snp -> Brak pliku <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA ShortcutWithArgument: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% HKU\S-1-5-21-128298827-1552392015-1180577371-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvTUZA7UbT9UkWi4ivpMvyNsPzMQPGXavQLcnLnOn98lWLP_XKWiGjql2yJYvrFRaWkk8K5dBC2pnUKFHxflXsHfuoZoFA9oO3-j9EJAdo_HtBoDhRiGv363ysvOljaNulajyIr-gZNLRzhr2d8_YmxWTYT3v1&q={searchTerms} HKU\S-1-5-21-128298827-1552392015-1180577371-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvTUZA7UbT9UkWi4ivpMvyNsPzMQPGXavQLcnLnOn98lWLP_XKWiGjql2yJYvrFRaa46f_CQoRkQ2mL_3wfy7Z-vPLFB4alax0Nd7eCUod9-Kugls8Vxk0yDnuGhS5M_DgW8nRxwLL_U-r3LXR9kTvHG9foiWG SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvTUZA7UbT9UkWi4ivpMvyNsPzMQPGXavQLcnLnOn98lWLP_XKWiGjql2yJYvrFRaWkk8K5dBC2pnUKFHxflXsHfuoZoFA9oO3-j9EJAdo_HtBoDhRiGv363ysvOljaNulajyIr-gZNLRzhr2d8_YmxWTYT3v1&q={searchTerms} SearchScopes: HKU\S-1-5-21-128298827-1552392015-1180577371-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvTUZA7UbT9UkWi4ivpMvyNsPzMQPGXavQLcnLnOn98lWLP_XKWiGjql2yJYvrFRaWkk8K5dBC2pnUKFHxflXsHfuoZoFA9oO3-j9EJAdo_HtBoDhRiGv363ysvOljaNulajyIr-gZNLRzhr2d8_YmxWTYT3v1&q={searchTerms} SearchScopes: HKU\S-1-5-21-128298827-1552392015-1180577371-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvTUZA7UbT9UkWi4ivpMvyNsPzMQPGXavQLcnLnOn98lWLP_XKWiGjql2yJYvrFRaWkk8K5dBC2pnUKFHxflXsHfuoZoFA9oO3-j9EJAdo_HtBoDhRiGv363ysvOljaNulajyIr-gZNLRzhr2d8_YmxWTYT3v1&q={searchTerms} CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA S2 MicroService; C:\WINDOWS\System32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== UWAGA <==== UWAGA (Brak ServiceDLL) S2 MicroService; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== UWAGA <==== UWAGA (Brak ServiceDLL) R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA R2 WMPNetworkAcSvc; C:\Users\Mateusz\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3794944 2018-09-07] () [Brak podpisu cyfrowego] <==== UWAGA U3 kwldqaod; C:\Users\Mateusz\AppData\Local\Temp\kwldqaod.sys [56584 2018-09-07] (GMER) [Brak podpisu cyfrowego] <==== UWAGA 2018-09-07 20:36 - 2018-09-07 20:36 - 000000000 ____D C:\Program Files (x86)\Microleaves 2018-09-07 20:35 - 2018-09-07 20:50 - 000000000 ____D C:\ProgramData\Quoteex 2018-09-07 20:35 - 2018-09-07 20:35 - 000070896 _____ () C:\Users\Mateusz\AppData\Local\Config.xml 2018-09-07 20:35 - 2018-09-07 20:35 - 000016416 _____ () C:\Users\Mateusz\AppData\Local\InstallationConfiguration.xml 2018-09-07 20:35 - 2018-09-07 20:35 - 000140800 _____ () C:\Users\Mateusz\AppData\Local\installer.dat 2018-09-07 20:35 - 2018-09-07 20:35 - 000005568 _____ () C:\Users\Mateusz\AppData\Local\md.xml 2018-09-07 20:35 - 2018-09-07 20:35 - 000126464 _____ () C:\Users\Mateusz\AppData\Local\noah.dat 2018-09-07 20:35 - 2018-09-07 20:35 - 001413120 _____ () C:\Users\Mateusz\AppData\Local\sham.db 2018-09-07 20:35 - 2018-09-07 20:35 - 000032038 _____ () C:\Users\Mateusz\AppData\Local\uninstall_temp.ico 2018-09-07 20:35 - 2018-09-07 20:35 - 002018558 _____ () C:\Users\Mateusz\AppData\Local\Zoodom.tst EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).