

Otwórz notatnik systemowy i wklej:

Task: {0FE0A18E-8A9F-44EC-934F-9A6E75CB9D5E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: {3C66C025-FDF5-4967-85D3-41FB8E57DF4F} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: {4365F8F5-D16A-4FDE-95D4-329007E9238A} - System32\Tasks\ndjbf => C:\Users\Wojtek\AppData\Local\kvcha.bat [2017-11-06] () <==== UWAGA
Task: {4AF8294C-41DA-4DF0-9549-D65110DE3C04} - System32\Tasks\bjjbf => C:\Users\Wojtek\AppData\Local\oaatvxkte.bat [2017-11-06] () <==== UWAGA
Task: {6188C6ED-A1E4-4A92-97CC-10F563475189} - System32\Tasks\{EF0EEE88-E7DA-4DEE-9391-4E51A072AB3A} => C:\Windows\system32\pcalua.exe -a "D:\Users\Wojtek\Downloads\Sitting Ducks\AUTORUN.EXE" -d "D:\Users\Wojtek\Downloads\Sitting Ducks"
Task: {65F61C55-06D3-4771-AA23-E181B3538399} - System32\Tasks\UeYyDHMzhc0p => ueyydhmzhc0p.exe
Task: {7CB93845-42A3-469E-882F-7483EB5A646F} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: {F4EE01DA-7742-43F8-BF96-216016D07D1C} - System32\Tasks\{D46FD3EA-391D-42A3-8FD0-F6D475119177} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.36.0.101/pl/go/help.faq.installer?LastError=1603
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
HKLM\...\Run: [SERVICE] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1883005379-2761239155-3550619939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-1883005379-2761239155-3550619939-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B032FF580-2DBB-4047-959C-44B21CE6E046%7D&gp=811142
SearchScopes: HKU\S-1-5-21-1883005379-2761239155-3550619939-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B032FF580-2DBB-4047-959C-44B21CE6E046%7D&gp=811142
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811141
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR NewTab: Default -> "chrome-extension://lhemechcanjmilllmccjbjldonmnnjjj/visual-bookmarks.html"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B4A941624-E8B1-4511-B36B-F5B4329A0AB0%7D&gp=811142
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-11-06]
CHR Extension: (Tampermonkey) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-06]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-11-06]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2017-11-06]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
S2 UeYyDHMzhc0p Updater; C:\Program Files (x86)\UeYyDHMzhc0p Updater\UeYyDHMzhc0p Updater.exe [X]
S1 pgkssepc; \??\C:\WINDOWS\system32\drivers\pgkssepc.sys [X]
2017-11-06 18:34 - 2017-11-06 18:34 - 000140800 _____ C:\Users\Wojtek\AppData\Local\installer.dat
2017-11-06 18:34 - 2017-11-06 18:34 - 000021586 _____ C:\WINDOWS\System32\Tasks\UeYyDHMzhc0p
2017-11-06 18:34 - 2017-11-06 18:34 - 000000000 ____D C:\Program Files (x86)\UeYyDHMzhc0p
2017-11-06 18:33 - 2017-11-06 18:43 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-11-06 18:33 - 2017-11-06 18:43 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-11-06 18:33 - 2017-11-06 18:43 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-11-06 18:33 - 2017-11-06 18:33 - 000003254 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-11-06 18:33 - 2017-11-06 18:33 - 000003254 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-11-06 18:33 - 2017-11-06 18:33 - 000003254 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\WinSys
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\Windat
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\Program Files\Shadowsocks
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\Program Files\LaCie Private Public
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\Disk
2017-11-06 18:33 - 2017-11-06 18:33 - 000000000 ____D C:\Applications
2017-11-06 16:28 - 2017-11-06 18:59 - 000000000 ____D C:\AdwCleaner
2017-11-06 16:25 - 2017-11-06 16:25 - 000000000 ____D C:\Users\Wojtek\AppData\LocalLow\Unity
2017-11-06 16:25 - 2017-11-06 16:25 - 000000000 ____D C:\Users\Wojtek\AppData\Local\Unity
2017-11-06 16:22 - 2017-11-06 16:22 - 000003536 _____ C:\WINDOWS\System32\Tasks\bjjbf
2017-11-06 16:22 - 2017-11-06 16:22 - 000003326 _____ C:\WINDOWS\System32\Tasks\ndjbf
2017-11-06 16:22 - 2017-11-06 16:22 - 000000351 _____ C:\Users\Wojtek\AppData\Local\zckumjcmnmdj.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000351 _____ C:\Users\Wojtek\AppData\Local\pidtsn.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000072 _____ C:\Users\Wojtek\AppData\Local\kvcha.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000066 _____ C:\Users\Wojtek\AppData\Local\oaatvxkte.bat
2017-11-06 16:22 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\3336156.exe
2017-11-06 16:22 - 2017-11-06 16:22 - 000000072 _____ () C:\Users\Wojtek\AppData\Local\kvcha.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000066 _____ () C:\Users\Wojtek\AppData\Local\oaatvxkte.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000351 _____ () C:\Users\Wojtek\AppData\Local\pidtsn.bat
2017-11-06 16:22 - 2017-11-06 16:22 - 000000351 _____ () C:\Users\Wojtek\AppData\Local\zckumjcmnmdj.bat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.