Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Log ComboFix - Sprawdzi ktoś?

matriksz01 10 Mar 2016 17:29 714 9
  • CControls
  • #2 10 Mar 2016 19:18
    swiercm
    Moderator na urlopie...

    @matriksz01 Witaj,

    matriksz01 napisał:
    Log ComboFix - Sprawdzi ktoś?

    Nie, bo nie ma sensu.
    To szkodliwy program.

    Wykonaj skanowanie i usuń to, co zostało wykryte (dotyczy pkt 1-3):
    1. MBAM: https://www.malwarebytes.org/
    2. ADWCleaner: http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
    3. CCLeaner (opcja czyszczenia plików tymczasowych i opcja naprawy rejestru): http://www.filehippo.com/pl/download_ccleaner/download/78325cb97c23cd95a395335c7a6bc5bd/

    4. Pobierz FRST zgodny z Twoim Windows (32bit lub 64bit)
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
    Uruchom skanowanie i wygenerowane logi (frst.txt i addition.txt) zamieść jako załączniki.
    Naciśnij Log ComboFix - Sprawdzi ktoś? a następnie Log ComboFix - Sprawdzi ktoś?

    0
  • CControls
  • #3 10 Mar 2016 19:37
    Acorus 20
    Spec od komputerów

    W tym wyjątkowym wypadku okazał się pożyteczny.
    Zainfekowana kopia c:\windows\SysWow64\dnsapi.dll została znaleziona. Problem naprawiono
    Plik odzyskano z - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!SysWOW64!dnsapi.dll
    .

    0
  • #4 10 Mar 2016 19:39
    Kolobos
    Spec od komputerów

    To samo robi RepairDNS, bez potrzeby uzycia Combofix.

    0
  • #6 11 Mar 2016 08:52
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj Body Text Feathering, bRowseandshop, FreeSoftToday, Games-desktop, globalupdate Helper, qksee, Quick Ref, Setup, Smileys We Love Toolbar for IE.

    Przeskanuj komputer programem ADWCleaner i MBAM, usuń wszystko co znalazły i następnie załącz nowe logi z FRST.

    0
  • #7 11 Mar 2016 09:12
    krzychupar
    Poziom 40  

    Odinstaluj:
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
    IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
    Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
    Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== UWAGA
    bRowseandshop (HKLM-x32\...\{B54A674B-5B6E-A4E6-4E71-FB7182E9D18F}) (Version: - "") <==== UWAGA
    FreeSoftToday 008.1 (HKLM-x32\...\rec_pl_1_is1) (Version: - FREESOFTTODAY) <==== UWAGA
    Games-desktop 008.12 (HKLM-x32\...\rec_pl_12_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    Games-desktop 008.40 (HKLM-x32\...\rec_pl_40_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    Games-desktop 008.45 (HKLM-x32\...\rec_pl_45_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    Quick Ref 1.10.0.9 (HKLM-x32\...\QuickRef_1.10.0.9) (Version: 1.10.0.9 - Quick Ref) <==== UWAGA
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== UWAGA
    Smileys We Love Toolbar for IE (HKLM-x32\...\{7BC08DAF-B8CA-4B90-BE13-957F1B42400F}) (Version: 3.0.25 - SqueekyChocolate, LLC) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {08A0D3C1-FD06-486E-8C85-4AB354FDEFBD} - System32\Tasks\{4258B0E3-DA57-43DC-88B8-0F05D4B1A006} => pcalua.exe -a "C:\Elsword\VOID Elsword\uninstall.exe" -d "C:\Elsword\VOID Elsword"
    Task: {0B6F415D-EF00-430A-8BC7-73DD528A796E} - System32\Tasks\temp_6ed4fb9b-0dfa-4dae-af7f-c70332712c06-10_user => C:\Program Files (x86)\GoHD\6ed4fb9b-0dfa-4dae-af7f-c70332712c06-10.exe <==== UWAGA
    Task: {27D62F4D-E355-4F4C-87B3-337620DDF95F} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-06-10] (IObit)
    Task: {2BBEF7BA-E7C2-4273-8060-49A068929F7F} - System32\Tasks\{695A9820-3944-44E6-8380-932E34FC3E7A} => pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\GTA San Andreas\GTA San Andreas - spolszczenie_www.Portal24h.pl.exe" -d "C:\Program Files (x86)\Rockstar Games\GTA San Andreas"
    Task: {2C3446C9-B9DA-4D32-93E3-D5FC58EA1925} - System32\Tasks\{B282CD88-88AB-4633-9746-800EA1DB7105} => pcalua.exe -a "C:\Users\Mateusz Cybutron\AppData\Roaming\yoursearching\UninstallManager.exe" -c -ptid=face
    Task: {2CBC1C08-D690-4850-8403-0EB61C2E770E} - System32\Tasks\{1D779310-83F2-4A3C-9924-EC32D6A997BE} => pcalua.exe -a "C:\Program Files (x86)\The Sims 3\Sims3EP09Setup.exe" -d "C:\Program Files (x86)\The Sims 3"




    Task: {2F996129-9B80-449C-8117-C70C5A27BA1B} - System32\Tasks\{6B8C2BAB-C43B-4036-8EC4-60444011CD02} => pcalua.exe -a "C:\Program Files (x86)\Gothic\mody gothic\gothic1_playerkit-1.08k\gothic1_playerkit-1.08k.exe" -d "C:\Program Files (x86)\Gothic"
    Task: {337049B4-1E16-494C-92FD-18AFADE1ED9A} - System32\Tasks\SniperHit => c:\programdata\{33d403a2-e621-4743-33d4-403a2e620e8b}\7003251928794989678c.exe <==== UWAGA
    Task: {35D710F9-758E-48B9-82CA-4BBF4DC921D0} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe [2016-03-08] () <==== UWAGA
    Task: {3A9E1A7C-2C33-45A1-A911-00471B7A9B2E} - System32\Tasks\{2A1C9EDE-F64C-4877-8FC4-BE6B9DEC5D7E} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\filmy\Heroes of Might and Magic V PL\Setup.exe" -d "C:\Users\Mateusz Cybutron\Desktop\filmy\Heroes of Might and Magic V PL"
    Task: {541D319D-C333-4CCA-A24A-31A5A772DB02} - System32\Tasks\{6015E089-270F-4062-A348-2674A00166EB} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\skyrim\install.exe" -d "C:\Users\Mateusz Cybutron\Desktop\skyrim"
    Task: {561876E4-A3BD-4447-8EDE-D935806A6F0D} - System32\Tasks\Asuyae => C:\PROGRA~1\GROOVE~1\Gytgusfy.bat
    Task: {63587C6D-B73E-45FF-B6EB-86FB74A36A39} - System32\Tasks\{3B017B74-BE06-4BEF-8B9C-DB4BE8C2CC1E} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\Sims3EP09Setup.exe" -d "C:\Users\Mateusz Cybutron\Desktop"
    Task: {68E3F130-CA0E-4695-BB17-EAED8A3F4C24} - System32\Tasks\{84BF3560-D6CD-4572-A98E-7FC01032B9EF} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Downloads\Metin2Mod_ml.exe" -d "C:\Users\Mateusz Cybutron\Downloads"
    Task: {69479A8E-B151-43B8-B66B-40A24E60D977} - System32\Tasks\Games\UpdateCheck_S-1-5-21-189078006-2785437058-1862959051-1000
    Task: {7ABAA1A3-D0F0-45BF-A116-107B82BDF23B} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {844296BF-D8A9-4B4D-913A-86E39E45BBBA} - System32\Tasks\ASC8_SkipUac_Mateusz Cybutron => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
    Task: {87DCD890-97BE-4100-9F26-A375F44BFDE5} - System32\Tasks\Opera scheduled Autoupdate 1419166625 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {8B272606-FFFA-40CA-81C0-C3CA66236D58} - System32\Tasks\{F1C25398-CE79-46D1-A562-DC4553A14A6D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Dongtouch\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Dongtouch\uninstall.dat" -a uninstallme 4E928D87-4F7B-400E-B031-B923F9866CF1 DeviceId=d3f65a56-6f1f-7f63-fe27-a18f5480cfe6 BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAds
    Task: {8EE40B01-A300-4CAC-9309-982B50DA813A} - System32\Tasks\{B4C69A4C-1096-4BC7-AF5E-C6C22B5B6067} => pcalua.exe -a "C:\Program Files (x86)\Gothic\Materiały Dodatkowe\gothic1_playerkit-1.08k.exe" -d "C:\Program Files (x86)\Gothic\Materiały Dodatkowe"
    Task: {9F00E4EC-203D-44DD-9A76-213D897A5356} - System32\Tasks\{EBC42FD0-B315-4D0A-BEB3-6B8E9EE652BA} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Downloads\MinecraftZyczu (1).exe" -d "C:\Users\Mateusz Cybutron\Downloads"
    Task: {A1B4F874-470D-4A6D-9DBC-A5339B899C02} - System32\Tasks\{0C3CC610-316B-4825-AD27-0A0C49D6338D} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Downloads\MinecraftZyczu.exe" -d "C:\Users\Mateusz Cybutron\Downloads"
    Task: {A6A42010-2476-423B-A2AE-4A667F38CF53} - System32\Tasks\{4FECF4D0-EB0E-409E-A0C7-D5BF60A11006} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\Sims 3\Setup\Setup.exe" -d "C:\Users\Mateusz Cybutron\Desktop\Sims 3\Setup"
    Task: {B1A89A1E-E4C2-4155-B40A-6FD626B4DF3A} - System32\Tasks\{5C615430-B2CB-4B23-8651-733E762E5BA4} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\filmy\dzmr-sims3intothefuture\__Installer\Sims3EP11Setup.exe" -d "C:\Users\Mateusz Cybutron\Desktop\filmy\dzmr-sims3intothefuture\__Installer"
    Task: {BBA78BA0-56EB-4949-9DDF-176233C9D867} - System32\Tasks\Chrome Cleanup Tool post reboot run => C:\Users\Mateusz Cybutron\AppData\Local\Temp\4AD1.exe <==== UWAGA
    Task: {BCF8FC55-984F-443B-A700-4361D9B9CC39} - System32\Tasks\{285D06EF-15F2-47B0-A763-F1AA665E5FFB} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Downloads\Azzar2 ver 04.02.2014r.exe" -d "C:\Users\Mateusz Cybutron\Downloads"
    Task: {BF32C6AD-59CE-442F-A1F4-05069B206198} - System32\Tasks\ultimate_companion_helper_service => C:\Program Files (x86)\Ultimate Companion\ultimate_companion_helper_service.exe [2015-05-28] () <==== UWAGA
    Task: {BFD75420-E134-4C18-AA5D-70A5C362049F} - System32\Tasks\{D270817D-97E7-4312-AA3E-E1A8790FFF29} => pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\unins000.exe" -d "C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy"
    Task: {C51781F8-E241-4AEB-BEE3-EBEFD75A6467} - System32\Tasks\Morkalmi => C:\PROGRA~1\SHOPPE~1\Ikutxio.bat
    Task: {C5DF40CC-23D8-4E36-B204-ED134299E705} - System32\Tasks\{3C55E968-764F-4C5F-B863-55EA37838D79} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all
    Task: {C8B36645-202A-4EBF-8A49-075338FB87A9} - System32\Tasks\{51DBE811-E68E-42E6-96B9-6CAAF80E6CD3} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\Nowy folder (2)\Sims3EP09Setup.exe" -d "C:\Users\Mateusz Cybutron\Desktop\Nowy folder (2)"
    Task: {CA85007E-2041-444E-B94C-C0CB50B314B8} - System32\Tasks\{EB5649C8-92EE-4939-9343-00CA7968AEC3} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\hm\heroes_might_magic_5_3.01_pl.exe" -d "C:\Users\Mateusz Cybutron\Desktop\hm"
    Task: {CC9C1190-3256-4245-B3DC-3552ABAF066D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-02-06] (Enigma Software Group USA, LLC.)
    Task: {D8DFDB2F-248A-4E90-ABA5-FFCDBF761174} - System32\Tasks\{34CA27BA-672E-4805-9427-85DADAE4F084} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Desktop\gry\iMetin\Metin2Mod_ml.exe" -d "C:\Users\Mateusz Cybutron\Desktop\gry\iMetin"
    Task: {E58E047E-0BA4-48C9-8F25-B13C63A976CD} - System32\Tasks\{3FDBE1A4-2080-493F-B3CA-8E738A02B6CD} => pcalua.exe -a "C:\Users\Mateusz Cybutron\Downloads\MinecraftZyczu (2).exe" -d "C:\Users\Mateusz Cybutron\Downloads"
    Task: C:\Windows\Tasks\progames_companion_helper_service.job => C:\Program Files (x86)\proGames Companion\progames_companion_helper_service.exe <==== UWAGA
    Task: C:\Windows\Tasks\SniperHit.job => c:\programdata\{33d403a2-e621-4743-33d4-403a2e620e8b}\7003251928794989678c.exe <==== UWAGA
    Task: C:\Windows\Tasks\temp_6ed4fb9b-0dfa-4dae-af7f-c70332712c06-10_user.job => C:\Program Files (x86)\GoHD\6ed4fb9b-0dfa-4dae-af7f-c70332712c06-10.exe <==== UWAGA
    Task: C:\Windows\Tasks\ultimate_companion_helper_service.job => C:\Program Files (x86)\Ultimate Companion\ultimate_companion_helper_service.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    () C:\Program Files (x86)\SFK\SSFK.exe
    () C:\Program Files (x86)\SFK\SSFK.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRealTimeSpeedup.exe
    (Microsoft Corporation) C:\ComboFix\CF6673.3XE
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [rec_pl_219] => [X]
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM-x32\...\Run: [mpck_en_005030261] => [X]
    HKLM-x32\...\Run: [SystemClose] => D:\Documents\systemfile.exe
    HKLM-x32\...\Run: [cessrs.exe -start] => C:\Users\Mateusz Cybutron\AppData\Roaming\UPUpdata\cessrs.exe [2167808 2016-03-10] ()
    HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe [355296 2016-03-10] (Tencent)
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMGCShellExt64.dll [2016-03-10] (Tencent)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mateusz Cybutron\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
    BootExecute: autocheck autochk * SmartDefragBootTime.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-189078006-2785437058-1862959051-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{63BAE598-2DC3-42E9-B900-4466146F886C}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{A3213EE2-FD18-41EA-A7D5-A87858DDE047}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: [NameServer] 104.197.191.4
    ManualProxies:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...tm_medium=installer&utm_campaign=instalki
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    HKU\S-1-5-21-189078006-2785437058-1862959051-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-189078006-2785437058-1862959051-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-189078006-2785437058-1862959051-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-189078006-2785437058-1862959051-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL571
    SearchScopes: HKU\S-1-5-21-189078006-2785437058-1862959051-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...PLg6oAnujYPmgc-1n3fsr2XtAgHN4VL6tmMAgF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-189078006-2785437058-1862959051-1000 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat [2016-03-10] (Tencent)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&a...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    FF DefaultSearchEngine: yoursites123
    FF SelectedSearchEngine: yoursites123
    FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTR0cFME0FB18EURNNfXpXD0oFQFtXBkxW&q={searchTerms}
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\searchplugins\DD1B66D4.xml [2016-03-09]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\searchplugins\default.xml [2016-02-15]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\searchplugins\findit.xml [2016-03-08]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-08]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\default.xml [2016-03-09]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-03-08]
    FF SearchPlugin: C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yoursearching.xml [2016-03-10]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-03-08]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml [2016-03-08]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursites123.xml [2016-03-10]
    FF Extension: Brak nazwy - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\eztivviddygv@bim_fqqkxhjnniqy.com [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: Brak nazwy - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\lmeuhovwmmtxsgytkam@xtndrhikaygn.org [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: cheap-o - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\bkptzdbynjvj@vkivriafvptgyiob.com [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: FirefixTab - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: Default NewTab - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\default_newtabff@gmail.com [2016-03-10] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\yahooprotected@gmail.com [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: Disable Ads - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\@com.virtualjame.disableads.xpi [2016-02-06]
    FF Extension: cheap-o - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\bkptzdbynjvj@vkivriafvptgyiob.com [2015-08-15] [Brak podpisu cyfrowego]
    FF Extension: FirefixTab - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\deskCutv2@gmail.com [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: Brak nazwy - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\eztivviddygv@bim_fqqkxhjnniqy.com [2015-07-10] [Brak podpisu cyfrowego]
    FF Extension: Brak nazwy - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\lmeuhovwmmtxsgytkam@xtndrhikaygn.org [2015-08-08] [Brak podpisu cyfrowego]
    FF Extension: Constant Fun - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\{85a17f99-75a5-4e6a-9bf8-793884464c09}.xpi [2016-01-30] [Brak podpisu cyfrowego]
    FF Extension: Discover Treasure - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\Extensions\{a1941d69-4ecd-48ea-b7c7-1ed9c4631704}.xpi [2016-03-08] [Brak podpisu cyfrowego]
    FF Extension: Disable Ads - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@com.virtualjame.disableads.xpi [2016-02-06]
    FF Extension: GsearchFinder - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-01]
    FF Extension: Constant Fun - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{85a17f99-75a5-4e6a-9bf8-793884464c09}.xpi [2016-01-30] [Brak podpisu cyfrowego]
    FF Extension: Discover Treasure - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{a1941d69-4ecd-48ea-b7c7-1ed9c4631704}.xpi [2016-03-08] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6u4wy9.default\extensions\deskCutv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\yahooprotected@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Mateusz Cybutron\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\default_newtabff@gmail.com
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    CHR HomePage: Profile 1 -> hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX
    CHR StartupUrls: Profile 1 -> "hxxp://www.yoursites123.com/?type=hp&ts=1457618089&z=efa4a02abe2f4fe204c8f54g5z7w9m8q4g2b2edbeq&from=wpm06023&uid=HitachiXHTS545032B9A300_090908PB5306Q6CJ879GX"
    CHR DefaultSearchURL: Profile 1 -> hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_090908PB5306Q6CJ879GX&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> yoursites123
    CHR Extension: (电脑管家上网防护) - C:\Users\Mateusz Cybutron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-03-10]
    OPR Extension: (ahdcbmcfcelhbaajmnfilcmnchogibdn) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahdcbmcfcelhbaajmnfilcmnchogibdn [2015-04-16]
    OPR Extension: (ajkomeiemllejmopbbjjngpmmikfedad) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajkomeiemllejmopbbjjngpmmikfedad [2015-04-12]
    OPR Extension: (anbfhidldjknonaihbalghlebaijealk) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\anbfhidldjknonaihbalghlebaijealk [2015-04-07]
    OPR Extension: (apejnnaepapgobfhogaghfkjpalmmlmp) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\apejnnaepapgobfhogaghfkjpalmmlmp [2015-04-12]
    OPR Extension: (bobgnmijljonenlachekpkgikohcghon) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\bobgnmijljonenlachekpkgikohcghon [2015-04-12]
    OPR Extension: (cnpniohnfphhjihaiiggeabnkjhpaldj) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2015-04-18]
    OPR Extension: (elioihkkcdgakfbahdoddophfngopipi) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-04-03]
    OPR Extension: (flmfagndkngjknjjcoejaihmibcfcjdh) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\flmfagndkngjknjjcoejaihmibcfcjdh [2015-04-24]
    OPR Extension: (hehijbfgiekmjfkfjpbkbammjbdenadd) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-04-06]
    OPR Extension: (proGames Companion) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\hhjchhljdoccgihhmkmoefiegblmlekk [2015-05-28]
    OPR Extension: (trivia games) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\igedipimcmoahbhifkbkaceemknpnmej [2015-04-05]
    OPR Extension: (Ultimate Companion) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfioofndlomjineecdglfdbhckkfpbni [2015-05-28]
    OPR Extension: (dress4u) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\ndabmaflbdfldmdlccmpccenpkgklhln [2015-04-18]
    OPR Extension: (48 dresses) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkfgheamjehkhbjkidlbegfmkgndhdle [2015-04-03]
    OPR Extension: (phbooabomhiefkllgocicphjpcaijdgi) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\phbooabomhiefkllgocicphjpcaijdgi [2015-04-05]
    OPR Extension: (48 dresses) - C:\Users\Mateusz Cybutron\AppData\Roaming\Opera Software\Opera Stable\Extensions\pogchimbndbckepmhaagnapfmlfgnala [2015-04-12]
    R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
    S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-10] (TODO: ) [Brak podpisu cyfrowego]
    R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [699952 2016-03-08] (Qksee Pvt Ltd.)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe [301728 2016-03-10] (Tencent)
    U2 QQRepairf75; C:\Windows\GJFix\QQRepairf75 [129504 2016-03-10] ()
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-02-06] (Enigma Software Group USA, LLC.)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [263360 2016-03-10] ()
    S2 WdMan; C:\ProgramData\vWdMv\WdMan.exe [324096 2016-03-03] (TU-Funs LIMITED) [Brak podpisu cyfrowego]
    R2 WhiteSmokeSvc; C:\Program Files (x86)\WhiteSmoke Writer V8\WhiteSmokeSvc.exe [16384 2014-09-18] () [Brak podpisu cyfrowego]
    S2 zigipyro; C:\Users\Mateusz Cybutron\AppData\Local\8B48BB5A-1457625144-8440-824B-EB5FC6BCD1DA\qnsx9FE9.tmp [158720 2015-12-26] () [Brak podpisu cyfrowego]
    S2 Budpifiad; "C:\Users\Mateusz Cybutron\AppData\Roaming\Bolupa\Bolupa.exe" -cms [X]
    S2 CloudPrinter; Brak ImagePath
    S2 dojygici; Brak ImagePath
    S2 Gaxghn; "C:\Users\Mateusz Cybutron\AppData\Roaming\GaunaPenpufd\Taouao.exe" -cms [X]
    S2 ggbugreport; Brak ImagePath
    S2 Gorfubc; "C:\Users\Mateusz Cybutron\AppData\Roaming\Otazumimxa\Otazumimxa.exe" -cms [X]
    S2 wucotusy; C:\Program Files (x86)\8B48BB5A-1457452853-8440-824B-EB5FC6BCD1DA\hnsm5676.tmp [X]
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [138552 2016-03-10] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys [35128 2016-03-10] (Tencent)
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-03-10] (Tencent)
    R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-03-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-03-10] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TS888x64.sys [38520 2016-03-10] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [28984 2016-03-10] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [48440 2016-01-14] ()
    R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2016-03-10] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSSysKit64.sys [87352 2016-03-10] (电脑管家)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\MATEUS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    R1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]2016-03-10 16:19 - 2016-03-10 16:20 - 05658088 ____R (Swearware) C:\Users\Mateusz Cybutron\Downloads\ComboFix.exe
    2016-03-10 16:04 - 2016-03-10 16:23 - 00000000 ____D C:\Windows\GJFix
    2016-03-10 16:04 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-03-10 16:03 - 2016-03-10 16:03 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2016-03-10 16:03 - 2016-03-10 16:03 - 00005120 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\GiftBag.db
    2016-03-10 16:03 - 2016-03-10 16:00 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-03-10 16:03 - 2016-03-10 16:00 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-03-10 16:02 - 2016-03-10 16:23 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-10 16:02 - 2016-03-10 16:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-03-10 16:01 - 2016-03-10 16:01 - 00002266 _____ C:\Users\Public\Desktop\软件管理.lnk
    2016-03-10 16:01 - 2016-03-10 16:01 - 00002241 _____ C:\Users\Public\Desktop\电脑管家.lnk
    2016-03-10 16:01 - 2016-03-10 16:01 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-03-10 16:01 - 2016-03-10 16:01 - 00000000 _____ C:\Users\Mateusz Cybutron\Desktop\$电脑管家-清理垃圾$.qmgc
    2016-03-10 16:01 - 2016-03-10 16:00 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-03-10 16:01 - 2016-03-10 16:00 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-03-10 15:59 - 2016-03-10 16:08 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Tencent
    2016-03-10 15:59 - 2016-03-10 15:59 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-03-10 15:56 - 2016-03-10 15:56 - 00000000 ____D C:\ProgramData\WindowsMsg
    2016-03-10 15:56 - 2016-03-10 15:56 - 00000000 ____D C:\Program Files (x86)\osTip
    2016-03-10 15:55 - 2016-03-10 15:55 - 00011633 _____ C:\ProgramData\webad.xml
    2016-03-10 15:55 - 2016-03-09 21:49 - 01275392 _____ (TZ) C:\ProgramData\FrivLauncherUS.exe
    2016-03-10 15:54 - 2016-03-10 16:08 - 00000000 ____D C:\ProgramData\Tencent
    2016-03-10 15:53 - 2016-03-10 15:53 - 01734656 _____ C:\ProgramData\service.exe
    2016-03-10 15:20 - 2016-03-10 15:20 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2016-03-10 15:20 - 2016-03-10 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-03-10 14:58 - 2016-03-10 15:22 - 00000000 ____D C:\Program Files (x86)\qksee
    2016-03-10 14:58 - 2016-03-10 14:58 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\qksee
    2016-03-10 14:58 - 2016-03-10 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
    2016-03-10 14:55 - 2016-03-10 14:55 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\TSv
    2016-03-10 14:54 - 2016-03-10 14:55 - 00000000 ____D C:\ProgramData\vWdMv
    2016-03-10 14:54 - 2016-03-10 14:54 - 02766279 _____ (qBank) C:\Program Files (x86)\SSFK.exe
    2016-03-10 14:54 - 2016-03-10 14:54 - 00000647 _____ C:\yoursites123.xml
    2016-03-09 07:26 - 2016-03-09 07:26 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-03-09 07:16 - 2016-03-09 07:17 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-08 18:39 - 2016-03-08 18:39 - 00000000 ____D C:\Program Files (x86)\MKJogo
    2016-03-08 18:34 - 2016-03-08 18:35 - 13883048 _____ C:\Users\Mateusz Cybutron\Downloads\MKLOL2.0.0.66 (1).exe
    2016-03-08 18:17 - 2016-03-08 18:17 - 00000000 ____D C:\ProgramData\iWdMi
    2016-03-08 17:57 - 2016-03-08 17:57 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Local\mobilepcstarterkit
    2016-03-08 17:53 - 2016-03-08 17:53 - 00000635 _____ C:\mysites123.xml
    2016-03-08 17:53 - 2016-03-08 17:53 - 00000000 ____D C:\ProgramData\yWdMy
    2016-03-08 17:36 - 2016-03-08 17:36 - 00000000 ____D C:\Users\Mateusz Cybutron\LEGO Marvel Super Heroes - DEMO - Foxy Games
    2016-03-08 17:35 - 2016-03-10 16:22 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Otazumimxa
    2016-03-08 17:35 - 2016-03-10 16:22 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\GaunaPenpufd
    2016-03-08 17:34 - 2016-03-10 16:22 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Bolupa
    2016-03-08 17:34 - 2016-03-08 18:15 - 00000000 ____D C:\Program Files\shopperz080320161208
    2016-03-08 17:34 - 2016-03-08 17:35 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Local\Tempfolder
    2016-03-10 16:24 - 2016-03-10 16:32 - 00000000 ___SD C:\ComboFix
    2016-03-08 17:34 - 2016-03-10 16:22 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Bolupa
    2016-03-08 17:34 - 2016-03-08 18:15 - 00000000 ____D C:\Program Files\shopperz080320161208
    2016-03-08 17:34 - 2016-03-08 17:35 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Local\Tempfolder
    2016-03-08 17:14 - 2016-03-09 07:22 - 00000000 ____D C:\Program Files\SpaceSoundPro
    2016-03-08 17:14 - 2016-03-09 07:04 - 00000646 _____ C:\yoursearching.xml
    2016-03-08 17:14 - 2016-03-08 17:14 - 00000646 _____ C:\istartpageing.xml
    2016-03-08 17:01 - 2016-03-08 17:35 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\SimpleFiles
    2016-03-08 17:01 - 2016-03-08 16:58 - 00000170 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-03-08 17:00 - 2016-03-10 16:23 - 00000000 ____D C:\Program Files (x86)\8B48BB5A-1457452853-8440-824B-EB5FC6BCD1DA
    2016-03-08 16:57 - 2016-03-08 16:57 - 00000000 ____D C:\ProgramData\Holdtams
    2016-03-08 16:56 - 2016-03-10 16:23 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-03-08 16:56 - 2016-03-08 18:11 - 00000000 ____D C:\ProgramData\Holdtam
    2016-03-08 16:56 - 2016-03-08 16:56 - 07600640 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\agent.dat
    2016-03-08 16:56 - 2016-03-08 16:56 - 01788503 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Year-Flex.tst
    2016-03-08 16:56 - 2016-03-08 16:56 - 00126464 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\noah.dat
    2016-03-08 16:56 - 2016-03-08 16:56 - 00065040 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Config.xml
    2016-03-08 16:56 - 2016-03-08 16:56 - 00018432 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Main.dat
    2016-03-08 16:56 - 2016-03-08 16:53 - 00770048 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Year-Flex.exe
    2016-03-08 16:55 - 2016-03-08 16:56 - 00005568 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\md.xml
    2016-03-08 16:55 - 2016-03-08 16:55 - 00848437 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Strongcof.bin
    2016-03-08 16:55 - 2016-03-08 16:55 - 00126464 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\lobby.dat
    2016-03-08 16:55 - 2016-03-08 16:55 - 00072708 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Biolex.tst
    2016-03-08 16:55 - 2016-03-08 16:55 - 00054272 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\ApplicationHosting.dat
    2016-03-08 16:55 - 2016-03-08 16:53 - 00770048 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Biolex.exe
    2016-03-08 16:55 - 2016-03-08 16:53 - 00770048 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Biolex.exe
    2016-03-08 16:54 - 2016-03-08 16:54 - 00003098 _____ C:\Windows\System32\Tasks\LuckyBrowse
    2016-03-08 16:54 - 2016-03-08 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
    2016-03-08 16:54 - 2016-03-08 16:54 - 00000000 ____D C:\ProgramData\LuckyBrowse
    2016-03-08 16:53 - 2016-03-08 16:54 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
    2016-03-08 16:53 - 2016-03-08 16:53 - 00127488 _____ C:\Users\Mateusz Cybutron\AppData\Roaming\Installer.dat
    2016-02-06 16:57 - 2016-02-06 16:57 - 00000000 _____ C:\autoexec.bat
    2016-02-06 16:56 - 2016-02-06 16:56 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\Enigma Software Group
    2016-02-06 16:55 - 2016-02-06 16:55 - 00003384 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-02-06 16:53 - 2016-02-06 16:54 - 00000000 ____D C:\sh4ldr
    2016-02-06 16:48 - 2016-02-06 16:48 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-02-06 16:47 - 2016-02-06 16:47 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-02-06 16:45 - 2016-02-06 16:46 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Mateusz Cybutron\Downloads\SpyHunter-Installer.exe
    2016-01-30 20:29 - 2016-01-30 20:29 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
    2016-01-30 20:23 - 2016-01-30 20:23 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\AVG
    2016-01-30 20:19 - 2016-01-30 20:23 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-01-30 20:18 - 2016-01-31 09:22 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Local\AvgSetupLog
    2016-01-30 20:18 - 2016-01-30 20:18 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\OpenCandy
    2016-01-30 20:18 - 2016-01-30 20:18 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\{DBE9A219-5A49-4941-8EE7-E564268F5572}
    2016-01-30 20:13 - 2016-01-30 20:13 - 00000000 ____D C:\Games
    2016-01-30 20:12 - 2016-01-30 20:12 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\gameDownloader
    2016-01-30 19:31 - 2016-01-30 19:31 - 00003362 _____ C:\Windows\System32\Tasks\{695A9820-3944-44E6-8380-932E34FC3E7A}
    2016-01-10 17:57 - 2016-01-10 17:57 - 00000000 ____D C:\Users\Mateusz Cybutron\AppData\Roaming\AVS4YOU
    2016-01-10 17:57 - 2016-01-10 17:57 - 00000000 ____D C:\ProgramData\AVS4YOU
    2016-01-10 17:56 - 2016-01-18 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    C:\ProgramData\FrivLauncherUS.exe
    C:\ProgramData\service.exe
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Mateusz Cybutron\Desktop\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #8 11 Mar 2016 09:35
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #10 11 Mar 2016 19:19
    Acorus 20
    Spec od komputerów

    To nie jest log ze skanowania tylko z usuwania. Mają być nowe Addition.txt i FRST.txt.

    0