HKU\S-1-5-21-3252174892-1228126723-2253924350-1002\...\Run: [offughyxqz] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207" <===== UWAGA
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA
HKU\S-1-5-21-3252174892-1228126723-2253924350-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207
SearchScopes: HKU\S-1-5-21-3252174892-1228126723-2253924350-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\yw6rn2qu.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\yw6rn2qu.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\yw6rn2qu.default -> hxxp://mail.ru/cnt/10445?gp=811013
FF Keyword.URL: Mozilla\Firefox\Profiles\yw6rn2qu.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B44AE2709-039D-454D-BEB7-AA99FB4138E8%7D&gp=811014
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\yw6rn2qu.default\Extensions\homepage@mail.ru [2017-02-07]
FF Extension: (Поиск@Mail.Ru) - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\yw6rn2qu.default\Extensions\search@mail.ru [2017-02-07]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\yw6rn2qu.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-02-07]
FF SearchPlugin: C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\yw6rn2qu.default\searchplugins\mailru.xml [2017-02-07]
FF Homepage: Mozilla\Firefox\Profiles\29c4jlgc.default-1466002260651 -> hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207
CHR HomePage: Default -> hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207
CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207"
CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> GoSearch
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
CHR Extension: (Brak nazwy) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (Brak nazwy) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdhcabjnhhifipbnopnfpfidkafanjf [2017-01-22]
CHR Extension: (Brak nazwy) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
CHR Extension: (Brak nazwy) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
OPR StartupUrls: "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207"
Task: {E6C0E62D-3F8C-49DA-B553-D6E5D779B553} - System32\Tasks\PowerMonitor => C:\Users\dom\AppData\Local\PowerMonitor\PowerMonitor.exe [2017-02-08] () <==== UWAGA
C:\Users\dom\AppData\Local\PowerMonitor
RemoveDirectory: C:\Users\dom\AppData\Local\Jlotpoheing
EmptyTemp:
Task: {F6977E0C-0B7C-4FAD-A796-60ABA6F83A62} - System32\Tasks\Eqghclamecult Cloud => C:\Program Files (x86)\Anerzutydweward\lermty.exe
Task: {F6977E0C-0B7C-4FAD-A796-60ABA6F83A62} - System32\Tasks\Eqghclamecult Cloud => C:\Program Files (x86)\Anerzutydweward\lermty.exe
RemoveDirectory: C:\Program Files (x86)\Anerzutydweward
InternetURL: C:\Users\dom\Favorites\Links\Интернет.url -> URL: hxxp://dunanta.ru/?utm_source=favorites03&utm_content=1eac396fc00d742b3f6523cdb05d6aae&utm_term=A8AD14641AF931A6AF6CEC2143EC61C6&utm_d=20170207
C:\Users\dom\Favorites\Links\Интернет.url
HKU\S-1-5-21-3252174892-1228126723-2253924350-1002\...\StartupApproved\Run: => "apphide2"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Advanced SystemCare 10.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Protect.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Speed Up.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare\Toolbox.lnk
EmptyTemp:
DeleteQuarantine:
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 16 gości