
Odinstaluj SafeFinder.Otwórz notatnik systemowy i wklej:


Task: {0CD733C0-7B43-4ADF-9986-B1E10292F132} - System32\Tasks\qAYfjnTMJZeKjBNGsRT2 => rundll32 "C:\Program Files (x86)\BvbhSZLyqCrsC\otPGlyS.dll",#1
Task: {4AAE5A29-25B0-4932-9067-931497470B02} - System32\Tasks\vsqrvYZkOOVdGo => rundll32 "C:\Program Files (x86)\UoZoIgkuCKdU2\lMwvLVlSnRIry.dll",#1
Task: {5CAE5D4B-2086-4096-B4B3-E3E4FEB55736} - System32\Tasks\DhLAWZsHfQsZBWkdQ2 => rundll32 "C:\Program Files (x86)\yCQMrlJAErjPGpRjulR\HeVjiCj.dll",#1
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {75E8A939-2E24-4B94-8D93-56225BD2731C} - System32\Tasks\hYPwlYRCmhawMCp2 => rundll32 "C:\Program Files (x86)\KTxhztjwU\MvVSRr.dll",#1
Task: {9263A0C4-0C09-47F9-8328-DE5EEE0E0201} - System32\Tasks\pQVZvbQbakOUK2 => C:\Windows\system32\wscript.exe "C:\ProgramData\WjIOjGvJCfODeXVB\oGIuFWn.wsf"
HKLM\...\RunOnce: [fez5p4y4qye] => C:\Program Files (x86)\Exams\3348285.exe [670720 2018-09-21] (Copyright ©)
HKLM\...\RunOnce: [zioepjm3am4] => C:\Program Files (x86)\Exams\8822054.exe [670720 2018-09-21] (Copyright ©)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
AppInit_DLLs: C:\ProgramData\Voyasollam\ZumDoming.dll => Brak pliku
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Quotetop.dll => Brak pliku
BootExecute: autocheck autochk *  
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
HKU\S-1-5-21-3464312378-836173039-1212056961-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-Dt0xGH3wKCSUsI4UKIC3yw3T3sXaEH7KiyZMKy0ZWIzuZ9n9ucx7Mc2hBkxeX76PnlC2HSWdqDDo3d5Ityt7NdWM0dqj-gArZ1PMnOncXfsZoqLTNgJSkFdNdixQB0htCMRUw65llwQd6pb9weP6EFkfk,&q={searchTerms}
HKU\S-1-5-21-3464312378-836173039-1212056961-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxldvM_sEGJZAe-Dt0xGH3wKCSUsI4UKIC3yw3T3sXaEH7KiyZMKy0ZWIzuZ9n9ucx7Mc2hBkxeX76PnpbwSS7XUGW5qo9snOsB314zx4dg9yWdlogDKEmHrlYq9CePNYO-3aeJWhCDrNbuaO00dJKiP1HPUsiEEHzU8NERc,
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
U3 afldiaob; C:\Users\piech\AppData\Local\Temp\afldiaob.sys [56584 2018-09-22] (GMER) [Brak podpisu cyfrowego] <==== UWAGA
2018-09-22 16:27 - 2018-09-22 16:27 - 000000000 ____D C:\Program Files\1FFC5JPHXU
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\ProgramData\WjIOjGvJCfODeXVB
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files\5VW6P7GUFS
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\yCQMrlJAErjPGpRjulR
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\UoZoIgkuCKdU2
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\KTxhztjwU
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\BvbhSZLyqCrsC
2018-09-22 15:43 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\aPpZCllEqIE
2018-09-22 15:42 - 2018-09-22 15:42 - 000000000 ____D C:\Users\piech\AppData\Roaming\y0fbwknglvk
2018-09-22 15:36 - 2018-09-22 15:36 - 000000000 ____D C:\Users\piech\AppData\Roaming\zouigvgrpio
2018-09-22 15:36 - 2018-09-22 15:36 - 000000000 ____D C:\Program Files\R2A31IQTW0
2018-09-22 14:37 - 2018-09-22 14:37 - 000000000 ____D C:\Users\piech\AppData\Roaming\puoved2jit4
2018-09-22 14:37 - 2018-09-22 14:37 - 000000000 ____D C:\Program Files\ZNS53AZZVJ
2018-09-22 14:21 - 2018-09-22 15:43 - 000000000 ____D C:\Program Files (x86)\uLAxgEZogeUn
2018-09-22 13:26 - 2018-09-22 13:27 - 002704030 _____ () C:\ProgramData\Rears.exe
2018-09-22 17:18 - 2018-09-22 17:18 - 007784960 _____ () C:\Users\piech\AppData\Local\agent.dat
2018-09-22 17:18 - 2018-09-22 17:18 - 000070896 _____ () C:\Users\piech\AppData\Local\Config.xml
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. 
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Pokaż nowe logi z FRST.Logi umieść na pastebin.com