http://wklej.org/id/2710805/ - FRST
CloseProcesses:
CreateRestorePoint:
Task: {31E01707-7852-4679-A5C6-8436A758482E} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-5_user => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== UWAGA
Task: {3352C2B9-872C-4FA6-B083-1D0B29F03834} - System32\Tasks\Inst_Rep => C:\Users\Dawid\AppData\Local\Installer\Install_6424\ytdieamodc_amodc_inst.exe <==== UWAGA
Task: {57E511CF-272A-46E4-B079-F65CF421C849} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-4 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-4.exe <==== UWAGA
Task: {6BFFE0F7-EF6E-4502-8808-D1367AD32512} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-10_user => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe <==== UWAGA
Task: {6C44C0EC-A1D9-430E-BF10-FF3EBF94DBC7} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== UWAGA
Task: {70A6530C-0BE7-468C-B105-A2071E8533AF} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-5 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== UWAGA
Task: {74DC8A82-6315-4E3D-AFEB-A810AD6AE189} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== UWAGA
Task: {8F9DD722-EB97-48CF-96D0-DF3A96AAE014} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe <==== UWAGA
Task: {9F2450B7-6B48-492C-8EFE-E1B327B65EA4} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-4.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-4.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-5.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== UWAGA
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== UWAGA
Task: {8C3219EE-1F74-41DD-8557-4547797DCF87} - System32\Tasks\{7B6F69CE-E800-4209-876E-293D1055090A} => pcalua.exe -a C:\Users\Dawid\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
Task: {9BBDAFA5-946D-4CC3-9903-804868A2EF65} - System32\Tasks\{7CFFD778-2567-4F29-9E26-9D7D446A58A9} => pcalua.exe -a C:\Users\Dawid\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=tt4u
Shortcut: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424` (Brak pliku)
Shortcut: C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424` (Brak pliku)
Shortcut: C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424 (Brak pliku)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424 (Brak pliku)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424 (Brak pliku)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
HKLM-x32\...\Run: [mbot_pl_014010099] => [X]
HKLM-x32\...\Run: [mbot_pl_014010146] => [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 swsesrvc_1.10.0.25; "C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe" [X]
S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]
C:\Program Files (x86)\SFK\SSFK.exe
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [131296 2016-07-01] ()
C:\Program Files (x86)\SSFK.exe
C:\Users\Dawid\Downloads\Nieznany kibic - Pazdan Boy.mp3.sfk
C:\Users\Dawid\Downloads\Rock'n'Polo - Przez Twe Barwy Bia_o - Czerwone (Akcent cover by Dziemian, Mischung & Rogowsky).mp3.sfk
C:\Program Files (x86)\SFK
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\MountPoints2: {457df2ee-4e92-11e5-8256-645a043fbacd} - "E:\Setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-13]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4094207102-437010263-1326338917-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4094207102-437010263-1326338917-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursearchweb.com/search/?type=ds&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424&q={searchTerms}
FF Homepage: hxxp://www.yoursearchweb.com/?type=hp&ts=1465800484&z=d6ac5b4700a7abefae775c4gdz8q5wab8e6ebz3bbo&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
FF DefaultSearchEngine: omniboxes
FF SelectedSearchEngine: omniboxes
FF NewTab: hxxp://www.attirerpage.com/newtab/?type=nt&ts=1466421649&z=bb989b37085b92fbd38d88cg0zeq9qfz6o1g0q2zaq&from=wpm0616&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\searchplugins\yoursearchweb.xml [2016-06-13]
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\searchplugins\so-v.xml [2016-04-15]
FF Extension: Brak nazwy - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\extensions\default_newtabff@gmail.com [nie znaleziono]
FF Extension: Brak nazwy - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\Extensions\1465800507_xpi [2016-06-13] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\extensions\yahooprotected@gmail.com => nie znaleziono
StartMenuInternet: FIREFOX.EXE - c:\program files (x86)\mozilla firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1467640012&z=b63f5b709aafcaa7214531eg7z9q6m0q1z1e9e8gce&from=wpm0616&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
CHR DefaultSearchKeyword: Default -> so-v
CHR DefaultSearchURL: Default -> hxxp://search.so-v.com/web?type=ds&x=fqxbzkqbbb-f646abe6&uid=fdbfff0f-2e11-48a1-8396-62f68e59ab3f&q={searchTerms}
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\searchplugins\so-v.xml [2016-04-15]
R2 IhPul; C:\Users\Dawid\AppData\Roaming\TSv\TSvr.exe [475856 2016-07-04] (tsvr.com)
U3 McMPFSvc; Brak ImagePath
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Dawid\VM_dbase_2015_16_preliminary.dat
C:\Users\Dawid\AppData\Local\Temp\amt_oursurfing.exe
C:\Users\Dawid\AppData\Local\Temp\Crack do new star soccer __10924_i1682139516_il348132.exe
C:\Users\Dawid\AppData\Local\Temp\ICReinstall_Passware-Kit-Enterprise-13115-dp.exe
C:\Users\Dawid\AppData\Local\Temp\LenovoSHAREit17-9.exe
C:\Users\Dawid\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Dawid\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Dawid\AppData\Local\Temp\sqlite3.dll
C:\Users\Dawid\AppData\Local\Temp\tmp33F2.tmp.exe
C:\Users\Dawid\AppData\Local\Temp\tmpC245.tmp.exe
EmptyTemp:
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467367003&z=ffd23f22da54085633f57c4gcz4q5m6c3q9meebe9g&from=eve0629&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1467640012&z=b63f5b709aafcaa7214531eg7z9q6m0q1z1e9e8gce&from=wpm0616&uid=ST1000LM024XHN-M101MBB_S314JA0F418424418424
S2 0031301467807169mcinstcleanup; C:\Windows\TEMP\003130~1.EXE -cleanup -nolog [X]
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\MountPoints2: E - "E:\Setup.exe"
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
EmptyTemp:
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
Łowca Androidów napisał(a):Nic nie widać, czysto - kosmetyczny fix.
No chyba, że coś siedzi w TEMPach, a tego FRST nie pokazuje, ale czysćci
Opcje zasilania sprawdziłeś - żeby nie byłojak ostatnio
- Do notatnika wklej poniższe:
- Kod: Zaznacz wszystko
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\MountPoints2: E - "E:\Setup.exe"
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
EmptyTemp:- Zapisz w C:\Users\Dawid\Downloads\FRST-OlderVersion jako fixlist.txt
- Uruchom FRST (z C:\Users\Dawid\Downloads\FRST-OlderVersion)
- Wciśnij przycisk NAPRAW
- Zostanie wygenerowany fixlog.txt - pokaż go (na http://www.wklej.org)
Dodatkowo:
- Pobierz >>>AdwCleaner<<<
- Uruchom prawym myszy i opcja Uruchom jako administrator
- Po uruchomieniu klikamy przycisk akceptujący umowę (ten z lewej).
- Teraz klikamy przycisk Szukaj
- Po zakończeniu skanowania klikamy przycisk Usuń
- Nastąpi ponowne uruchomienie komputera.
- Po ponownym uruchomieniu wyświetli się log - wstawiamy na http://www.wklej.org i podaj link
CloseProcesses:
CreateRestorePoint:
Task: {2BD0B64C-0FD3-4D76-829C-24A68C26BAF3} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
Task: {34C16CA9-3BF2-47D4-BDD9-B156B745B06F} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
Task: {3C25F563-EF32-40F8-A781-CDEBD2308B6F} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA
Task: {5B94C587-8E49-4721-A6B2-068D5EE9CFB8} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
Task: {69E84187-508E-4E6D-8A32-4EE551AB90F9} - System32\Tasks\Ad Baseball 2 Screensaver => Rundll32.exe "C:\Program Files\Ad Baseball 2 Screensaver\Ad Baseball 2 Screensaver.dll",zwpKFT <==== UWAGA
Task: {AFF47797-32BB-42B8-B28B-EFEB97AB469F} - System32\Tasks\ClearTime => Rundll32.exe "C:\Program Files\ClearTime\ClearTime.dll",iSPwYVxsJhgM <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [msiql] => C:\Users\Dawid\AppData\Local\Temp\00007518\msiql.exe [2072576 2017-06-22] () <===== UWAGA
FF ProfilePath: C:\Users\Dawid\AppData\Roaming\Firefox\Firefox\Profiles\g1q2x7dw.default [2017-01-13] <==== UWAGA
() C:\Users\Dawid\AppData\Local\Temp\00007518\msiql.exe
() C:\Users\Dawid\AppData\Roaming\gplyra\gplyra\gplyra.exe
C:\Program Files (x86)\XfDtNLjdEu3o\xfdtnljdeu3o.exe
C:\Windows\System32\Tasks\XfDtNLjdEu3o
C:\Program Files (x86)\XfDtNLjdEu3o
HKLM\...\Run: [gplyra] => C:\Users\Dawid\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
C:\Users\Dawid\AppData\Roaming\gplyra
HKU\S-1-5-21-4094207102-437010263-1326338917-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
FF Extension: (Bing Search) - C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\g1q2x7dw.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-04-04]
C:\Users\Dawid\AppData\Roaming\UCChannel
C:\Users\Public\Documents\XMUpdate
C:\Windows\Tasks\Online Application V2G1.job
C:\Windows\Tasks\Online Application V2G3.job
C:\Windows\Tasks\Online Application V2G2.job
C:\Windows\Tasks\Updater_Online_Application.job
C:\Users\Dawid\AppData\Local\installer.dat
C:\Windows\System32\Tasks\Updater_Online_Application
C:\Windows\System32\Tasks\Online Application V2G3
C:\Windows\System32\Tasks\Online Application V2G2
C:\Windows\System32\Tasks\Online Application V2G1
C:\Users\Dawid\AppData\Roaming\Microleaves
C:\Program Files (x86)\Microleaves
C:\Users\Dawid\AppData\Roaming\WB.CFG
C:\Users\Dawid\AppData\Local\InstallationConfiguration.xml
C:\Users\Dawid\AppData\Local\po.db
C:\ProgramData\igfxDH.dll
EmptyTemp:
nie potrafie znaleźć darmowego programu który byłby za darmo
---------------------------------------------------------------------------------------
sprawdź czy na systemie jest system
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 3 gości