1) Odinstaluj te programy:
VidsqaurE (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - ) <==== UWAGA
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
2) Uruchom FRST. NA klawiaturze naciśnij jednocześnie
CTRL+
Y.Otworzy się Notatnik - wklej do niego:
C:\ProgramData\igfxDH.dll
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
Task: {AFF47797-32BB-42B8-B28B-EFEB97AB469F} - System32\Tasks\ClearTime => Rundll32.exe "C:\Program Files\ClearTime\ClearTime.dll",iSPwYVxsJhgM <==== UWAGA
Task: {B849C85A-B701-4B00-9324-A4AFFA14B922} - System32\Tasks\XfDtNLjdEu3o => xfdtnljdeu3o.exe
Task: {69E84187-508E-4E6D-8A32-4EE551AB90F9} - System32\Tasks\Ad Baseball 2 Screensaver => Rundll32.exe "C:\Program Files\Ad Baseball 2 Screensaver\Ad Baseball 2 Screensaver.dll",zwpKFT <==== UWAGA
Task: {5B94C587-8E49-4721-A6B2-068D5EE9CFB8} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
Task: {3C25F563-EF32-40F8-A781-CDEBD2308B6F} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA
Task: {34C16CA9-3BF2-47D4-BDD9-B156B745B06F} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
Task: {2BD0B64C-0FD3-4D76-829C-24A68C26BAF3} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
2017-06-22 13:50 - 2017-06-22 13:50 - 0016512 _____ () C:\Users\Dawid\AppData\Local\InstallationConfiguration.xml
2017-06-22 13:50 - 2017-06-22 13:50 - 0140800 _____ () C:\Users\Dawid\AppData\Local\installer.dat
2017-06-22 13:50 - 2017-06-22 13:50 - 1705984 _____ () C:\Users\Dawid\AppData\Local\po.db
RemoveDirectory: C:\Users\Dawid\AppData\Roaming\gplyra
RemoveDirectory: C:\Program Files (x86)\Microleaves
RemoveDirectory: C:\Program Files\ClearTime
RemoveDirectory: C:\Program Files\Ad Baseball 2 Screensaver
2017-06-22 13:50 - 2017-06-22 13:50 - 00003198 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-06-22 13:50 - 2017-06-22 13:50 - 00003168 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-06-22 13:50 - 2017-06-22 13:50 - 00003168 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-06-22 13:50 - 2017-06-22 13:50 - 00003168 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-06-22 13:50 - 2017-06-22 13:50 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\Microleaves
2017-06-22 13:50 - 2017-06-22 13:50 - 00000000 ____D C:\Users\Dawid\AppData\Local\AdvinstAnalytics
2017-06-22 13:53 - 2017-06-22 13:53 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-22 13:52 - 2017-06-22 13:52 - 00021520 _____ C:\Windows\System32\Tasks\XfDtNLjdEu3o
2017-06-22 13:52 - 2017-06-22 13:52 - 00016752 _____ C:\Windows\System32\Tasks\Ad Baseball 2 Screensaver
2017-06-22 13:52 - 2017-06-08 16:08 - 00952832 ___SH C:\ProgramData\igfxDH.dll
2017-06-22 13:51 - 2017-06-22 13:53 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\UCChannel
2017-06-22 13:51 - 2017-06-22 13:52 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\gplyra
2017-06-22 13:51 - 2017-06-22 13:52 - 00000000 ____D C:\Program Files (x86)\XfDtNLjdEu3o
2017-06-22 13:51 - 2017-06-22 13:51 - 00016700 _____ C:\Windows\System32\Tasks\ClearTime
2017-06-22 13:51 - 2017-06-22 13:51 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
FF ProfilePath: C:\Users\Dawid\AppData\Roaming\Firefox\Firefox\Profiles\g1q2x7dw.default [2017-01-13] <==== UWAGA
SearchScopes: HKU\S-1-5-21-4094207102-437010263-1326338917-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1470300763&z=b14ad9cefb1bb328fea6860g5zfmbeec3e1e3mdq3o&from=wpm0802&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4094207102-437010263-1326338917-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1470300763&z=b14ad9cefb1bb328fea6860g5zfmbeec3e1e3mdq3o&from=wpm0802&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
Tcpip\..\Interfaces\{8DA5D353-706E-474A-9DA4-A272793792FF}: [NameServer] 82.163.142.8,95.211.158.136
ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll [952832 2017-06-08] ()
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [msiql] => C:\Users\Dawid\AppData\Local\Temp\00007518\msiql.exe [2072576 2017-06-22] () <===== UWAGA
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Run: [gplyra] => C:\Users\Dawid\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
C:\Users\Dawid\Desktop\Boxing Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxing Manager\Boxing Manager.lnk
EmptyTemp:
Na klawiaturze naciśnij jednocześnie
CTRL+
S. W FRST kliknij na Fix (NAPRAW).
3) Użyj
Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"
4) Zrób nowe logi FRST.
5) Napisz, jaka sytuacja?