[Rozwiązano] Podczas Wlaczania Systemu wlacza mi sie przeglądarka z stroną time-to-read.ru

Pomocy. to mi przeszkadza

Napisales w zlym dziale, do tego nie zamiesciles wymaganych logow z FRST w zalaczniku!

a to w jakim dziale i co to są FRST

W Pogotowie Antywirusowe, to chyba logiczne?

Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

Zamiesc w zalaczniku logi ze skanowania z FRST (Frst.txt oraz Addition.txt):
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Miales uzyc Adwcleaner i dopiero FRST!

Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA

W FRST wybierz Napraw.

Odinstaluj:
SafeFinder
Online Application
YoutubeAdBlock

Utworz kolejny Fixlist.txt z zawartoscia:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3299040902-2852289434-351810794-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\IGOR\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-3299040902-2852289434-351810794-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\IGOR\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-3299040902-2852289434-351810794-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\IGOR\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
Task: {0926204C-7587-4D93-A4C2-9D9034A93C9B} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\vciceeet\fersrwhd.exe [2018-09-08] ()
Task: {0B448B6D-0931-4E2F-B4F8-D3ABD26446F3} - System32\Tasks\indexer => C:\Users\IGOR\AppData\Local\indexer\indexer.exe <==== UWAGA
Task: {23B35A34-B7F0-42D1-8472-05C50937B931} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {2A0A3EE8-4303-442B-936A-C99F4BDA18B4} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {2D3800E0-7B03-49BA-89FF-94FD40059B8D} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {2F4C1A04-B0F4-45F4-B461-21495D8C456F} - System32\Tasks\MailRuUpdater => C:\Users\IGOR\AppData\Local\Mail.Ru\MailRuUpdater.exe <==== UWAGA
Task: {325522E6-214A-4908-88C1-1689C0003D8D} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGATask: {3F78F908-D772-4839-A026-C5F4524F9662} - System32\Tasks\curl => C:\Users\IGOR\AppData\Roaming\curl\curl_7_54.exe <==== UWAGA
Task: {5683EEC0-F3D6-42E8-A83C-059FBF10E269} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {6725355D-2371-4B22-A802-106BFDB70323} - System32\Tasks\Opera scheduled Autoupdate 1529609393 => C:\Users\IGOR\AppData\Local\Programs\Opera\launcher.exe
Task: {81365D03-061C-41F5-9A8F-0FBC4E317776} - System32\Tasks\psv_Redtech => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\X-Apflex.reg" & del "C:\ProgramData\Quoteex\X-Apflex.reg" & SCHTASKS /Delete /TN "psv_Redtech" /F <==== UWAGA
Task: {839BFF7D-7741-4D5A-9848-30B7A28C15D6} - System32\Tasks\LHLIBCMS4FANB4BDVQ => C:\ProgramData\{8VEI6VOL-IZ14-2PB1-35HTIUEOZDD1}\backgroundTaskHost.exe [2018-10-30] (Microsoft Corporation) <==== UWAGA
Task: {92D13F73-AD16-4E72-B747-8B3E6FC8DB5B} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {972ABC8A-6E10-4F8D-A3CA-68F458BD7936} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {C821F1CF-7D71-469F-A56A-12646EDA789A} - System32\Tasks\wget => C:\Users\IGOR\AppData\Roaming\wget\wget_1_19_4.exe <==== UWAGA
Task: {CC09B931-71A3-479D-A828-AA81101ED29B} - System32\Tasks\RjugMwUzTsQQHAQNApl2 => rundll32 "C:\Program Files (x86)\OahiAhLMPlKqC\WWlaUCC.dll",#1
Task: {D1EFA4BB-5E85-4B61-A3C9-EBF39B2F2071} - System32\Tasks\CcUoDIeswNjImb => rundll32 "C:\Program Files (x86)\PAaFRntpKTdU2\gcnBDgTHIdQad.dll",#1
Task: {E8AB42DF-E534-47BA-918E-C817F015552E} - System32\Tasks\bVyBIwMCwVjnlcc2 => rundll32 "C:\Program Files (x86)\EIVqbhZCU\cBgHda.dll",#1
Task: {ECA4DA2E-B035-4D1A-8B8C-328BAE7BE29D} - System32\Tasks\VHDezYAiMmhSpjSVJ2 => rundll32 "C:\Program Files (x86)\jtPeraHZWlxuYtVRBkR\AafbRhi.dll",#1
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
ShortcutWithArgument: C:\Users\IGOR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
2018-11-02 16:57 - 2018-11-02 16:57 - 000180208 _____ () C:\ProgramData\33fbf33bbf\pmwin.exe
2018-10-12 19:39 - 2018-09-08 09:02 - 000152576 ___SH () C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\vciceeet\fersrwhd.exe
2018-10-18 19:14 - 2018-10-18 19:14 - 001259520 _____ () c:\users\igor\appdata\local\microservice\microservice.dll
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\ProgramData\33fbf33bbf\pmwin.exe
(Microsoft Corporation) C:\ProgramData\{8VEI6VOL-IZ14-2PB1-35HTIUEOZDD1}\backgroundTaskHost.exe
() C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\vciceeet\fersrwhd.exe
() C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\vciceeet\fersrwhd.exe
HKLM\...\RunOnce: [0h0xe4ixrhb] => C:\Program Files (x86)\BB\8079992.exe [671232 2018-10-18] ()
HKLM\...\RunOnce: [4lhw1hlnc24] => C:\Program Files (x86)\BB\5404629.exe [671232 2018-10-18] ()
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [wxguhtxmgx] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=27C0B2D99AD38BD491E988F6F5D81D82&utm_d=20180126" <==== UWAGA
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [MicrosoftRuntime] => C:\Users\IGOR\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [1007 2018-08-06] ()
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [MicrosoftRuntimeUpdate] => C:\Users\IGOR\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [1007 2018-08-06] ()
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [A29F.tmp] => C:\Users\IGOR\AppData\Local\Temp\A29F.tmp.exe <==== UWAGA
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [Spol] => hxxp://www.toya.net.pl/~spol/site/index.htm
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\Run: [Windows Session Manager] => C:\ProgramData\services\csrss.exe [1785344 2018-10-31] () <==== UWAGA
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\MountPoints2: {cb1888b2-c724-11e8-947a-38d547d826bd} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\...\MountPoints2: {cb188917-c724-11e8-947a-38d547d826bd} - "E:\HiSuiteDownLoader.exe"
AppInit_DLLs: C:\ProgramData\Quoteex\Xxx--Dex.dll => C:\ProgramData\Quoteex\Xxx--Dex.dll [342528 2018-10-23] ()
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Solozestock.dll => C:\ProgramData\Quoteex\Solozestock.dll [460800 2018-10-23] ()
Startup: C:\ProgramData\33fbf33bbf\pmwin.exe [2018-11-02] ()
Startup: C:\ProgramData\33fbf33bbf\vciceeet.lnk [2018-11-03]
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Tcpip\..\Interfaces\{a6829b40-4564-4cc6-ac62-4c75ac325329}: [NameServer] 34.249.127.26,77.244.215.138
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61..._MVGo56zy_7R_nnofjUmKulyGvKLqBdFbE9YTr&q={searchTerms}
HKU\S-1-5-21-3299040902-2852289434-351810794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spolszczenia.pl.prv.pl
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61..._MVGo56zy_7R_nnofjUmKulyGvKLqBdFbE9YTr&q={searchTerms}
SearchScopes: HKLM-x32 -> {2F5C40C8-6D23-4e64-A7B8-6D1058499BEC} URL = hxxp://www.bing.com/search?pc=cosp&ptag=N...&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61..._MVGo56zy_7R_nnofjUmKulyGvKLqBdFbE9YTr&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> {2F5C40C8-6D23-4e64-A7B8-6D1058499BEC} URL = hxxp://www.bing.com/search?pc=cosp&ptag=N...&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B4672A227-F4D7-409D-A96E-850FB7C1740B%7D&gp=811610
SearchScopes: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61..._MVGo56zy_7R_nnofjUmKulyGvKLqBdFbE9YTr&q={searchTerms}
BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
BHO-x32: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
Edge HomeButtonPage: HKU\S-1-5-21-3299040902-2852289434-351810794-1001 -> hxxp://hao.360.cn/?src=lm&ls=n4134a09b9b
FF Homepage: Mozilla\Firefox\Profiles\5sd4a4yl.user -> file:///C:/ProgramData/Quoteex/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\5sd4a4yl.user -> file:///C:/ProgramData/Quoteex/ff.NT
FF SearchPlugin: C:\Users\IGOR\AppData\Roaming\Mozilla\Firefox\Profiles\5sd4a4yl.user\searchplugins\findit.xml [2018-10-23]
CHR HomePage: Default -> inline.go.mail.ru
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23
CHR DefaultSearchKeyword: Default -> inline.go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohajmcdpjokbdoihfhkpbmlmknejmoec
CHR Extension: (Adblocker for Youtube™) - C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohajmcdpjokbdoihfhkpbmlmknejmoec [2018-01-28]
C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\bfjkljkefehgcchbkmcjgjbfnjbgbjbp
CHR Extension: (Google Access Offline) - C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\bfjkljkefehgcchbkmcjgjbfnjbgbjbp [2018-01-29]
CHR Extension: (Brak nazwy) - C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jnoejnlbkbnckikbkmnpippafneemknp [2018-01-26]
C:\Users\IGOR\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jnoejnlbkbnckikbkmnpippafneemknp
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-10-18]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-10-18]
S4 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-10-18] () [Brak podpisu cyfrowego] <==== UWAGA
R2 MicroService; C:\Users\IGOR\AppData\Local\MicroService\MicroService.dll [1259520 2018-10-18] () [Brak podpisu cyfrowego] <==== UWAGA <==== UWAGA
S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [7409368 2018-01-08] (LLC Mail.Ru)
S4 qjvvcko; C:\WINDOWS\SysWOW64\qjvvcko\hjevmgng.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
S4 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [2300928 2018-10-18] (TODO: <Company name>) [Brak podpisu cyfrowego] <==== UWAGA
S2 AIPS; C:\Program Files (x86)\arcai.com\aips.exe [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [6637344 2018-01-08] (LLC Mail.Ru)
2018-11-03 11:00 - 2018-11-03 11:01 - 000000000 ____D C:\ProgramData\VIU4KAK95PVXDC
2018-11-03 11:00 - 2018-11-03 11:00 - 000342016 _____ (Aestan Software) C:\ProgramData\UGXCOM2NS2.exe
2018-11-02 16:57 - 2018-11-03 21:30 - 000000000 ____D C:\ProgramData\33fbf33bbf
2018-11-02 16:57 - 2018-11-03 20:14 - 000000000 _____ C:\ProgramData\0
2018-10-31 12:13 - 2018-10-31 12:13 - 000000000 __SHD C:\ProgramData\services
2018-10-30 15:54 - 2018-10-30 15:55 - 000000000 __SHD C:\ProgramData\{8VEI6VOL-IZ14-2PB1-35HTIUEOZDD1}
2018-10-30 15:54 - 2018-10-30 15:54 - 000003640 _____ C:\WINDOWS\System32\Tasks\LHLIBCMS4FANB4BDVQ
2018-10-30 15:54 - 2018-10-30 15:54 - 000000000 ____D C:\ProgramData\B5LN9XEQKPISSM
2018-10-30 15:53 - 2018-10-31 12:22 - 000000000 ____D C:\Users\IGOR\AppData\Roaming\Elementqq
2018-10-26 14:17 - 2018-10-26 14:17 - 002046576 _____ (WiperSoft) C:\Users\IGOR\Downloads\WiperSoft-installer.exe
2018-10-26 14:17 - 2018-10-26 14:17 - 002046576 _____ (WiperSoft) C:\Users\IGOR\Downloads\WiperSoft-installer (1).exe
2018-10-25 18:13 - 2018-10-25 18:13 - 000003322 _____ C:\WINDOWS\System32\Tasks\psv_Redtech
2018-10-18 19:18 - 2018-10-18 19:18 - 000000000 ____D C:\WINDOWS\SysWOW64\qjvvcko
2018-10-18 19:16 - 2018-11-03 21:30 - 000003566 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 2796787680
2018-10-18 19:16 - 2018-10-19 14:01 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-10-18 19:16 - 2018-10-18 19:17 - 000000000 ____D C:\Program Files (x86)\BB
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-10-18 19:16 - 2018-10-18 19:16 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-10-18 19:15 - 2018-10-25 19:18 - 000000000 ____D C:\ProgramData\Quoteex
2018-10-18 19:15 - 2018-10-23 18:14 - 000015587 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-10-18 19:15 - 2018-10-18 19:15 - 007793152 _____ C:\Users\IGOR\AppData\Local\agent.dat
2018-10-18 19:15 - 2018-10-18 19:15 - 002018719 _____ C:\Users\IGOR\AppData\Local\Ittax.tst
2018-10-18 19:15 - 2018-10-18 19:15 - 001895381 _____ C:\Users\IGOR\AppData\Local\Kayzendox.bin
2018-10-18 19:15 - 2018-10-18 19:15 - 000278510 _____ C:\Users\IGOR\AppData\Local\Goodlamcof.tst
2018-10-18 19:15 - 2018-10-18 19:15 - 000126464 _____ C:\Users\IGOR\AppData\Local\noah.dat
2018-10-18 19:15 - 2018-10-18 19:15 - 000070896 _____ C:\Users\IGOR\AppData\Local\Config.xml
2018-10-18 19:15 - 2018-10-18 19:15 - 000018432 _____ C:\Users\IGOR\AppData\Local\Main.dat
2018-10-18 19:15 - 2018-10-18 19:15 - 000005568 _____ C:\Users\IGOR\AppData\Local\md.xml
2018-10-18 19:15 - 2018-10-18 19:15 - 000000000 ____D C:\ProgramData\Quoteexs
2018-10-18 19:15 - 2018-10-18 19:15 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-10-18 19:15 - 2018-10-18 19:13 - 002300928 _____ (TODO: <Company name>) C:\Users\IGOR\AppData\Local\Ittax.exe
2018-10-18 19:15 - 2018-10-18 19:13 - 002300928 _____ (TODO: <Company name>) C:\Users\IGOR\AppData\Local\Goodlamcof.exe
2018-10-18 19:14 - 2018-11-03 20:46 - 001413120 _____ C:\Users\IGOR\AppData\Local\sham.db
2018-10-18 19:14 - 2018-10-18 19:16 - 000016416 _____ C:\Users\IGOR\AppData\Local\InstallationConfiguration.xml
2018-10-18 19:14 - 2018-10-18 19:14 - 000140800 _____ C:\Users\IGOR\AppData\Local\installer.dat
2018-10-18 19:14 - 2018-10-18 19:14 - 000000000 ____D C:\Users\IGOR\AppData\Local\MicroService
2018-10-18 19:12 - 2018-10-18 19:13 - 001438086 _____ (Igor Pavlov) C:\Users\IGOR\Downloads\7z1805-x64.exe
2018-10-18 19:10 - 2018-10-18 19:10 - 003020897 _____ C:\Users\IGOR\Downloads\Download Neghbors fullypcgames rar.rar
2018-10-13 22:50 - 2018-10-13 22:50 - 005937968 _____ (EnigmaSoft Limited) C:\Users\IGOR\Downloads\sh-remover.exe
2018-10-13 22:50 - 2018-10-13 22:50 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-10-13 22:22 - 2018-10-14 08:45 - 000000150 _____ C:\WINDOWS\Reimage.ini
2018-10-13 22:22 - 2018-10-13 22:22 - 000605424 _____ (Reimage) C:\Users\IGOR\Downloads\ReimageRepair.exe
2018-10-19 14:01 - 2018-07-27 20:00 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-10-19 14:01 - 2018-07-27 20:00 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-10-19 14:01 - 2018-07-27 20:00 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-10-19 14:01 - 2018-07-27 20:00 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-10-19 14:01 - 2018-07-27 20:00 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-10-19 14:01 - 2018-07-27 20:00 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-10-18 19:16 - 2018-07-27 20:00 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-10-06 07:45 - 2018-06-21 20:30 - 000003698 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1529609393
2018-10-06 07:45 - 2018-06-09 20:35 - 000002854 _____ C:\WINDOWS\System32\Tasks\CcUoDIeswNjImb
2018-10-06 07:45 - 2018-06-09 20:35 - 000002770 _____ C:\WINDOWS\System32\Tasks\indexer
2018-10-06 07:45 - 2018-06-09 20:35 - 000002740 _____ C:\WINDOWS\System32\Tasks\wget
2018-10-06 07:45 - 2018-06-09 20:35 - 000002730 _____ C:\WINDOWS\System32\Tasks\curl
2018-10-06 07:45 - 2018-06-09 20:35 - 000002686 _____ C:\WINDOWS\System32\Tasks\VHDezYAiMmhSpjSVJ2
2018-10-06 07:45 - 2018-06-09 20:35 - 000002678 _____ C:\WINDOWS\System32\Tasks\RjugMwUzTsQQHAQNApl2
2018-10-06 07:45 - 2018-06-09 20:35 - 000002496 _____ C:\WINDOWS\System32\Tasks\Game_Booster_AutoUpdate
2018-10-06 07:45 - 2018-06-09 20:35 - 000002320 _____ C:\WINDOWS\System32\Tasks\MailRuUpdater
2018-10-05 20:27 - 2018-06-09 20:35 - 000003606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-10-05 20:27 - 2018-06-09 20:35 - 000002660 _____ C:\WINDOWS\System32\Tasks\bVyBIwMCwVjnlcc2
2018-11-03 11:00 - 2018-11-03 11:00 - 000342016 _____ (Aestan Software) C:\ProgramData\UGXCOM2NS2.exe
2018-04-16 14:15 - 2018-04-16 14:15 - 000142336 _____ (Riley Labrecque) C:\Users\IGOR\CSteamworks.dll
2018-04-16 14:15 - 2018-04-16 14:15 - 000497664 _____ () C:\Users\IGOR\steam-idle.exe
2018-04-16 14:15 - 2018-04-16 14:15 - 000217376 _____ (Valve Corporation) C:\Users\IGOR\steam_api.dll
2018-02-09 18:50 - 2018-02-09 18:50 - 005729792 _____ () C:\Users\IGOR\AppData\Roaming\QTX.vmp.dll
2018-02-09 18:50 - 2018-02-09 18:57 - 000000000 _____ () C:\Users\IGOR\AppData\Roaming\rbx_hook
2017-10-21 05:59 - 2018-01-20 07:40 - 000000184 _____ () C:\Users\IGOR\AppData\Roaming\sp_data.sys
2018-02-09 18:50 - 2018-02-09 18:50 - 000000024 _____ () C:\Users\IGOR\AppData\Roaming\version
2018-10-18 19:15 - 2018-10-18 19:15 - 007793152 _____ () C:\Users\IGOR\AppData\Local\agent.dat
2018-10-18 19:15 - 2018-10-18 19:15 - 000070896 _____ () C:\Users\IGOR\AppData\Local\Config.xml
2017-12-27 21:22 - 2018-01-16 14:41 - 000000058 _____ () C:\Users\IGOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2018-10-18 19:15 - 2018-10-18 19:13 - 002300928 _____ (TODO: <Company name>) C:\Users\IGOR\AppData\Local\Goodlamcof.exe
2018-10-18 19:15 - 2018-10-18 19:15 - 000278510 _____ () C:\Users\IGOR\AppData\Local\Goodlamcof.tst
2018-10-18 19:14 - 2018-10-18 19:16 - 000016416 _____ () C:\Users\IGOR\AppData\Local\InstallationConfiguration.xml
2018-10-18 19:14 - 2018-10-18 19:14 - 000140800 _____ () C:\Users\IGOR\AppData\Local\installer.dat
2018-10-18 19:15 - 2018-10-18 19:13 - 002300928 _____ (TODO: <Company name>) C:\Users\IGOR\AppData\Local\Ittax.exe
2018-10-18 19:15 - 2018-10-18 19:15 - 002018719 _____ () C:\Users\IGOR\AppData\Local\Ittax.tst
2018-10-18 19:15 - 2018-10-18 19:15 - 001895381 _____ () C:\Users\IGOR\AppData\Local\Kayzendox.bin
2018-10-18 19:15 - 2018-10-18 19:15 - 000018432 _____ () C:\Users\IGOR\AppData\Local\Main.dat
2018-10-18 19:15 - 2018-10-18 19:15 - 000005568 _____ () C:\Users\IGOR\AppData\Local\md.xml
2018-10-18 19:15 - 2018-10-18 19:15 - 000126464 _____ () C:\Users\IGOR\AppData\Local\noah.dat
2018-07-18 14:18 - 2018-07-18 14:18 - 000001593 _____ () C:\Users\IGOR\AppData\Local\recently-used.xbel
2018-04-06 19:42 - 2018-10-30 14:45 - 000007600 _____ () C:\Users\IGOR\AppData\Local\Resmon.ResmonCfg
2018-10-18 19:14 - 2018-11-03 20:46 - 001413120 _____ () C:\Users\IGOR\AppData\Local\sham.db
2018-10-18 19:15 - 2018-10-18 19:15 - 000032038 _____ () C:\Users\IGOR\AppData\Local\uninstall_temp.ico
2018-06-03 16:21 - 2018-06-03 16:21 - 000000003 _____ () C:\Users\IGOR\AppData\Local\updater.log
2018-06-03 16:21 - 2018-06-03 16:21 - 000000425 _____ () C:\Users\IGOR\AppData\Local\UserProducts.xml
C:\ProgramData\services\csrss.exe

W FRST wybierz Napraw.

Po wykonaniu uzyj AdwCleaner oraz zrob skan przy pomocy mbam!

Na koniec zamiesc nowe logi z FRST, ze skanowania oraz Fixlog.txt z wykonania Fixlist.

A jak mam odinstalować te rzeczy?
Ok, już wiem.

Zaraz dam logi

Dodano po 3 [minuty]:

Proszę

EDIT
Zrestartowałem komputer i już sie nie wlacza chrome z tą stroną. Dziekuje.

Scaliłem posty i zamykam temat. RADU23

Wykonales skan przy pomocy mbam?
Jezeli nie to zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Wykonaj nowy Fixlist.txt dla FRST:
Task: {3F78F908-D772-4839-A026-C5F4524F9662} - \curl -> Brak pliku <==== UWAGA
Task: {441F83B3-92E6-49E3-A8F8-F0D494D2C2DA} - \Adobe Flash Player Updater -> Brak pliku <==== UWAGA
Task: {BAB8896F-A7E2-4C49-932E-1C5BEA1EF61F} - \Game_Booster_AutoUpdate -> Brak pliku <==== UWAGA
HKU\S-1-5-21-3299040902-2852289434-351810794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032018230017945\...\Run: [AvastBrowserAutoLaunch_A52739A41DB0790ECF7CFAA65485D4F9] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1704992 2018-10-24] (AVAST Software)
FF NewTab: Mozilla\Firefox\Profiles\5sd4a4yl.user -> file:///C:/ProgramData/Quoteex/ff.NT
2018-11-03 22:48 - 2018-11-03 22:50 - 000000000 ____D C:\AdwCleaner
EmptyTemp:

Po wykonaniu usun katalog C:\FRST i to wszystko.

Dziękuje za Pomoc Kolobus . Miłego dnia