
LOGI Z FRST w załączeniu
BHO: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
C:\Program Files\Strong Signal
CHR Extension: (Strong Signal) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdmekppnalhnpenpglkipoppjmiidke [2015-03-08]
Task: {02BC8D30-C2B7-4F61-BF55-D4CA63471F52} - System32\Tasks\temp_484cff01-ec83-4cdc-a0de-ba4b07f8a424 => C:\Program Files\SavePass 1.1\484cff01-ec83-4cdc-a0de-ba4b07f8a424.exe <==== ATTENTION
Task: {03BF94D0-7CEB-4E54-B235-A7A3CCC1A298} - System32\Tasks\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-1-7 => C:\Program Files\CinemaP-1.9cV15.02\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-1-7.exe <==== ATTENTION
Task: {639B1DE2-6077-44D3-9764-C83E0844D31F} - System32\Tasks\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-7 => C:\Program Files\CinemaP-1.9cV15.02\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-7.exe <==== ATTENTION
Task: {68DC5558-BEF1-4112-908C-46334C713069} - System32\Tasks\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-5 => C:\Program Files\CinemaP-1.9cV15.02\6671aa3e-bbd9-4a3e-ad15-3ba2473ef696-5.exe <==== ATTENTION
Task: {73221F0D-32B5-47BF-A953-634F1DF4025F} - System32\Tasks\NFvAqQ4o9I0DLp8tYP5bCoDetf => C:\Users\Kamil\AppData\Roaming\NFvAqQ4o9I0DLp8tYP5bCoDetf.exe [2015-04-03] ()
Task: {76E260A4-215E-4053-ABE7-854B58781FF7} - System32\Tasks\summer_games_notification_service => C:\Program Files\summer games\summer_games_notification_service.exe
Task: {792429AA-64C4-4BC8-A830-9684FDBD4BCE} - System32\Tasks\MB2GyDGsADFCvk2hsoJ4ms2rSli => C:\Users\Kamil\AppData\Roaming\MB2GyDGsADFCvk2hsoJ4ms2rSli.exe [2015-04-03] ()
Task: {8048026C-4E97-4481-8F86-138AF0B20F3D} - System32\Tasks\{2BC2357F-44C8-472D-BC37-5C662DE8540E} => pcalua.exe -a C:\Users\Kamil\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=amt
Task: {8A334D20-A6E0-401E-933B-B93521684EE3} - System32\Tasks\qFCOWltiOmVl5BPxzi => C:\Program Files\globalUpdate\Update\Install\{3AE457FF-FA4C-4E15-A217-44D22BE9278F}\setup.exe
Task: {AAA8BA43-D842-460A-A564-93A6797D4042} - System32\Tasks\VIVV => C:\Users\Kamil\AppData\Roaming\VIVV.exe [2015-02-15] (Cinema PlusV15.02) <==== ATTENTION
Task: {E4A70D74-B0E1-4FAC-B427-BF776F83941A} - System32\Tasks\summer_games_updating_service => C:\Program Files\summer games\summer_games_updating_service.exe
C:\Program Files\summer games
C:\Users\Kamil\AppData\Roaming\VIVV.exe
C:\Program Files\globalUpdate\Update\Install\{3AE457FF-FA4C-4E15-A217-44D22BE9278F}
C:\Users\Kamil\AppData\Roaming\omniboxes
C:\Users\Kamil\AppData\Roaming\MB2GyDGsADFCvk2hsoJ4ms2rSli.exe
C:\Users\Kamil\AppData\Roaming\NFvAqQ4o9I0DLp8tYP5bCoDetf.exe
C:\Program Files\CinemaP-1.9cV15.02
C:\Program Files\SavePass 1.1
Task: C:\windows\Tasks\MB2GyDGsADFCvk2hsoJ4ms2rSli.job => C:\Users\Kamil\AppData\Roaming\MB2GyDGsADFCvk2hsoJ4ms2rSli.exe
Task: C:\windows\Tasks\NFvAqQ4o9I0DLp8tYP5bCoDetf.job => C:\Users\Kamil\AppData\Roaming\NFvAqQ4o9I0DLp8tYP5bCoDetf.exe
Task: C:\windows\Tasks\VIVV.job => C:\Users\Kamil\AppData\Roaming\VIVV.exe <==== ATTENTION
HKLM\...\Run: [mbot_pl_179] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1593006839-2138524865-1092479640-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_198264_66052281&ts=1424017094&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1593006839-2138524865-1092479640-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_198264_66052281&ts=1424017094&type=default&q={searchTerms}
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1424016993&from=cor&uid=3219913727_198264_66052281"
CHR Extension: (web disco) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhiokdidpkighjkankkbahmeheadohg [2015-04-03]
CHR Extension: (iohcojnlgnfbmjfjfkbhahhmppcggdog) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2015-02-19]
CHR Extension: (summer games) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlinpflaifheoeohbdffhfnnpghdnlel [2015-04-02]
OPR Extension: (gcjpefhffmcgplgklffgbebganmhffje) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcjpefhffmcgplgklffgbebganmhffje [2015-04-02]
OPR Extension: (web disco) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnhiokdidpkighjkankkbahmeheadohg [2015-04-03]
OPR Extension: (summer games) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\jlinpflaifheoeohbdffhfnnpghdnlel [2015-04-02]
S2 Update Cyti Web; "C:\Program Files\Cyti Web\updateCytiWeb.exe" [X]
CHR Extension: (Cyti Web) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\andipkffoiligjpnnjkooomldbjhnaac [2015-02-15]
C:\Users\Kamil\AppData\Roaming\NFvAqQ4o9I0DLp8tYP5bCoDetf.exe
2015-04-03 15:49 - 2015-04-03 15:49 - 01577472 _____ () C:\Users\Kamil\AppData\Roaming\MB2GyDGsADFCvk2hsoJ4ms2rSli.exe
2015-04-03 08:13 - 2015-04-04 13:59 - 00001034 _____ () C:\windows\Tasks\NFvAqQ4o9I0DLp8tYP5bCoDetf.job
2015-04-03 08:13 - 2015-04-03 08:14 - 00000000 ____D () C:\Program Files\web disco
2015-04-02 13:26 - 2015-04-02 13:26 - 00001036 _____ () C:\windows\Tasks\MB2GyDGsADFCvk2hsoJ4ms2rSli.job
2015-04-02 13:26 - 2015-04-02 13:26 - 00000000 ____D () C:\Program Files\summer games
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Kamil\AppData\Roaming\NFvAqQ4o9I0DLp8tYP5bCoDetf
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Users\Kamil\AppData\Roaming\MB2GyDGsADFCvk2hsoJ4ms2rSli
C:\Users\Kamil\AppData\Local\nss41C9.tmp
EmptyTemp:
DeleteQuarantine:
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 3 gości