Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - Prośba o sprawdzenie logów OTL FRST

Maciuś_maciejkA 30 Kwi 2016 13:28 774 3
  • CControls
  • #2 30 Kwi 2016 13:29
    Kolobos
    Spec od komputerów

    Wymagane sa logi z FRST, a nie z przestarzalego OTL.

    0
  • CControls
  • #4 30 Kwi 2016 14:11
    Kolobos
    Spec od komputerów

    Nie pobieraj programow z dobrych programow przy pomocy ich menadzera pobierania, ktory instaluje szkodliwe oprogramowanie!

    Odinstaluj:
    HiJackThis
    Qtrax Player
    SafeFinder

    Wykonaj Fixlist.txt dla FRST:
    Task: {095BD269-F284-446C-BFBE-3D3F463D6E75} - System32\Tasks\{7BC547FE-2E9A-4570-97DB-61FCE1FB7B62} => pcalua.exe -a "C:\Users\Maciek\Downloads\Adobe Photoshop CS5 Extended PL\Adobe Photoshop CS5 Extended.v12\Software\payloads\AdobeHelp\AIRInstallerRunner.exe"
    Task: {0B123555-F3CB-49D4-8F26-F75D2DC4A10B} - System32\Tasks\{A8412C3F-CF50-4C51-9126-4815830D6C7E} => pcalua.exe -a E:\eauninstall.exe -d E:\
    Task: {158DAA12-7911-4BFC-AC1F-CAB0A71BA893} - System32\Tasks\{4DA161F6-997C-491F-934F-EB0B400F61F8} => C:\Valve\Leis.exe
    Task: {159F27BE-7754-45AD-A15E-AF06853A6E63} - System32\Tasks\{577C10C9-6C5C-4EBB-A703-26734256AC98} => pcalua.exe -a G:\CardDetectorSetup.exe -d G:\
    Task: {16DB8A9E-1AA5-48D0-8344-C91EECEFD03D} - System32\Tasks\{C94BAC57-66BC-4785-B6F6-31F20B2EB58E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102.259/pl/abandoninstall?page=tsMain
    Task: {171F1C2E-5DEA-4A58-9E72-C865BFA384EF} - System32\Tasks\{AC9EE363-AD8C-48AE-A79E-9E85B2DF9F44} => pcalua.exe -a C:\Users\Maciek\Downloads\sp45140.exe -d C:\Users\Maciek\Downloads
    Task: {17F662E2-715B-4B87-BBD3-2FC7A8F48AB1} - System32\Tasks\{2155563A-3A6C-489A-987D-ECA2939B80C7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.108.259/pl/aba...e-chrome:notoffered;ienotdefaultbrowser2
    Task: {363DB835-7B18-4AD7-9F22-A9766EB4C7A4} - System32\Tasks\WinTsks => C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe <==== UWAGA
    Task: {47D6F922-D5F5-49C6-BAAF-77C93CCA2A7C} - System32\Tasks\{100E5015-AB74-4A18-BCA5-C5E5F41455B4} => pcalua.exe -a C:\Users\Maciek\AppData\Local\Babylon\Setup\Setup32.exe -d C:\Users\Maciek\AppData\Local\Babylon\Setup\ -c .\setup32.exe -rc
    Task: {5BCC8F8D-780E-40C6-980C-29D58FCDB2B6} - System32\Tasks\{08EFD6FA-08E7-48F6-A4E6-EC3A4837FD16} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/43110
    Task: {635E5881-8A57-45AC-81BE-3B6E6EB82AB6} - System32\Tasks\{B3320B9A-602B-46B0-8AA3-3B2BD7B5ACCA} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...amp;amp;ver=6.7.0.102&amp;LastError=12002




    Task: {63F3AE21-A83A-4A04-9CF4-657BC37FEFB0} - \BonanzaDealsLiveUpdateTaskMachineCore -> Brak pliku <==== UWAGA
    Task: {6D7DF4AA-01A3-4D7C-8260-F362F58E7939} - System32\Tasks\{3F1EFD99-B392-45CD-87CA-38F0B2B45A04} => C:\Valve\Leis.exe
    Task: {6E79DC3D-6B50-40C3-B852-3EA059305305} - System32\Tasks\{7E2600DF-0BA8-464E-94BE-AD1171CDF338} => pcalua.exe -a G:\setup.exe -d G:\
    Task: {70236B08-3737-4A4A-B74C-3E2E90A30D0D} - System32\Tasks\{215E6956-ECF0-4D49-AC40-3F7C1301A1BD} => pcalua.exe -a C:\Users\Maciek\Downloads\sp45671.exe -d C:\Users\Maciek\Downloads
    Task: {7F78D83D-79A8-4AB9-82A5-3BCFA4727173} - System32\Tasks\irMonitor => C:\Windows\system32 [2016-04-29] ()
    Task: {95090000-6DCA-4BF5-957B-E058FAEE2BCD} - System32\Tasks\{48C1FE79-CF63-4D20-90E0-356940BE969B} => C:\Valve\Leis.exe
    Task: {9F846CC1-8D9E-4099-9329-08FD578280FE} - System32\Tasks\{7DBD44A0-AD27-477D-ADFB-0DC32ACE26C8} => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26] (Nokia)
    Task: {AEDB8A13-DCD4-4819-9C31-0B7B7977EAF8} - System32\Tasks\{99808817-9D75-4A41-B9EC-46A985A50CEE} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.64.102/pl/abandoninstall?page=tsMain
    Task: {BC2B842A-CC79-41BF-82D4-C4CF2EE870A7} - \BonanzaDealsUpdate -> Brak pliku <==== UWAGA
    Task: {CED0E2EC-9EF8-4BD7-A8F5-B04AD2FDD5AE} - System32\Tasks\{847AFE1D-3489-41E2-8A9A-8877EAD7B3B5} => pcalua.exe -a "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe" -c /arp
    Task: {D037FADB-E300-424D-915B-E71849819FDE} - System32\Tasks\{2BCA613B-73DD-4EA3-80A7-A89DBE4C267A} => pcalua.exe -a E:\DIRECTX\DXSETUP.EXE -d E:\DIRECTX
    Task: {D3B08053-23BA-43E9-B033-15229212AB27} - System32\Tasks\{7D0A7C35-03B3-43C9-AFB8-48BE07D6AD7F} => pcalua.exe -a C:\Users\Maciek\Downloads\Nokia_PC_Suite_pol_web.exe -d C:\Users\Maciek\Downloads
    Task: {D424C4D4-2797-4E2D-80B3-9F3610E3C687} - \BonanzaDealsLiveUpdateTaskMachineUA -> Brak pliku <==== UWAGA
    Task: {D66AAF20-D14D-4380-893B-AD28305A3184} - System32\Tasks\{30C61CE7-1BC0-43B4-9313-5C2B36ED41FD} => C:\Valve\hl.exe
    Task: {DE922F3E-86D4-4E41-BC4E-44591CCDFB0A} - System32\Tasks\{2A40E64B-961B-4530-9DB1-D0C7FB0C88AA} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsMain
    Task: {E1849C42-5A9C-44BE-9959-D35F9733FB0A} - System32\Tasks\{3BEF3CE7-CBDB-42A6-AE19-1FE9A3ACC9BB} => pcalua.exe -a G:\Setup.exe -d G:\
    Task: {E2B75527-A8FC-4307-B441-5F7E74A19B0B} - System32\Tasks\{7105596B-857F-47D2-98DF-1330E4839F4E} => pcalua.exe -a "E:\MSO2007PL\MS Office 2007 PL\setup.exe" -d "E:\MSO2007PL\MS Office 2007 PL"
    Task: {F46741AA-5133-4EC6-8CCD-D33C33E21828} - System32\Tasks\{452D8BBA-8D36-404B-AA6F-39C87D961A39} => pcalua.exe -a "C:\Users\Maciek\Desktop\gry\Spolszczenie Adobe Photoshop CS4.exe" -d C:\Users\Maciek\Desktop\gry
    Task: {FAE20373-A3A7-4680-AB77-20BD994F9CD2} - System32\Tasks\{0DD94247-110D-43F3-96C6-5EAB3723964E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-01-19] (Skype Technologies S.A.)
    Shortcut: C:\Users\Maciek\Desktop\gry\Dedicated Server.lnk -> C:\Counter-Strike 1.6 V42 DiGiTALZONE\Dedicated.bat (Brak pliku)
    AlternateDataStreams: C:\Users\Maciek\AppData\Local\Cy53v90Hd3:lGW61tZ1oXu4jWVJnrYk [2006]
    AlternateDataStreams: C:\Users\Maciek\Documents\Vivaldi - Lato 1: Allegro non molto[www.MOBItUBE.pl].mp3 [9666562]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81096230.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81096230.sys => ""="Driver"
    (© 2015 Microsoft Corporation) C:\Users\Maciek\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-14] ()
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Run: [] => [X]
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Maciek\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Run: [explorer.exe1] => \explorer.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Run: [BingSvc] => C:\Users\Maciek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Policies\Explorer: [DisableTaskMgr] 1
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {0116980c-f3ee-11df-9743-00269e5f59c4} - G:\AutoRunCardDetector.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {103cc903-cddd-11e0-98ef-00247ef238b1} - H:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {2e7abd65-f97d-11df-9209-00269e5f59c4} - G:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {38dc4c6e-aa3b-11e3-a4c8-85548495044a} - H:\AutoRun.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {38dc4d00-aa3b-11e3-a4c8-85548495044a} - H:\AutoRun.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {5f02c768-4a16-11e3-b9e3-00269e5f59c4} - H:\LGAutoRun.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {dbd9c0e8-b61a-11e0-a0ec-00247ef238b1} - H:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\...\MountPoints2: {f6cf5e2f-3d8d-11e2-a28f-00269e5f59c4} - H:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\Run: [] => [X]
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\Policies\Explorer: [DisableTaskMgr] 1
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\Policies\Explorer: []
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {0116980c-f3ee-11df-9743-00269e5f59c4} - G:\AutoRunCardDetector.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {103cc903-cddd-11e0-98ef-00247ef238b1} - H:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {2e7abd65-f97d-11df-9209-00269e5f59c4} - G:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {7fd30ed4-1a70-11e0-880d-00247ef238b1} - F:\autorun.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {95bc80eb-0545-11e0-b389-00247ef238b1} - G:\Autorun.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {dbd9c0e8-b61a-11e0-a0ec-00247ef238b1} - H:\MicroLauncher.exe
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\...\MountPoints2: {f6cf5e2f-3d8d-11e2-a28f-00269e5f59c4} - H:\MicroLauncher.exe
    Lsa: [Notification Packages] scecli DPPWDFLT
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicyUsers\S-1-5-21-4200436672-2902011508-2235222109-1000\User: Ograniczenia <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=14338817...z7q&from=cor&uid=ST9500420AS_5VJ1G4CT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=14338817...z7q&from=cor&uid=ST9500420AS_5VJ1G4CT
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433...;from=cor&uid=ST9500420AS_5VJ1G4CT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14338817...z7q&from=cor&uid=ST9500420AS_5VJ1G4CT
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14338817...z7q&from=cor&uid=ST9500420AS_5VJ1G4CT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433...;from=cor&uid=ST9500420AS_5VJ1G4CT&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={81CD6F51-EA53-4462-9CC3-F22DB1F1586A}&mid=1e0fa94af80b47d0bee2d16fd8bbb037-21eb4bf0893481b1e4d235c12bbb03fb09b6166c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-27 18:50:45&v=4.2.9.726&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14338817...z7q&from=cor&uid=ST9500420AS_5VJ1G4CT
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433...;from=cor&uid=ST9500420AS_5VJ1G4CT&q={searchTerms}
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kKe3wuIJaUmTrE1Y2MRUQvrJsaZHJrVz2A8CRS&q={searchTerms}
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1016\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1016\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-1016\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&...le=pl_PL&c=94&bd=Pavilion&pf=cnnb
    HKU\S-1-5-21-4200436672-2902011508-2235222109-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/custom?domains=entretie...p;sitesearch=&client=pub-3439752189615153
    URLSearchHook: HKLM-x32 -> Domyślne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
    URLSearchHook: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> Domyślne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
    URLSearchHook: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 - (Brak nazwy) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - Brak pliku
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kKe3wuIJaUmTrE1Y2MRUQvrJsaZHJrVz2A8CRS&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kKe3wuIJaUmTrE1Y2MRUQvrJsaZHJrVz2A8CRS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&ut...4CT&ts=1433881758&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={81CD6F51-EA53-4462-9CC3-F22DB1F1586A}&mid=1e0fa94af80b47d0bee2d16fd8bbb037-21eb4bf0893481b1e4d235c12bbb03fb09b6166c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-02-27 18:50:45&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kKe3wuIJaUmTrE1Y2MRUQvrJsaZHJrVz2A8CRS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> {6BA24844-F1CA-4B75-8D20-D32F4468F815} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> {D9EAC2E0-31DE-4CB7-8C53-2BBE4D6E3F3D} URL = hxxp://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=a8622fd101aa486786775f9fd7738f54
    BHO: Brak nazwy -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> Brak pliku
    BHO: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku
    BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-07-02] (AOL LLC)
    Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-07-02] (AOL LLC)
    Toolbar: HKLM-x32 - Brak nazwy - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> Brak nazwy - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> Brak nazwy - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-1000 -> Brak nazwy - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> Brak nazwy - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> Brak nazwy - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - Brak pliku
    Toolbar: HKU\S-1-5-21-4200436672-2902011508-2235222109-500 -> Brak nazwy - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Brak pliku
    FF NewTab: C:\\ProgramData\\Quotenamrons\\ff.NT
    FF DefaultSearchEngine: findit
    FF SelectedSearchEngine: do-search
    FF Homepage: C:\\ProgramData\\Quotenamrons\\ff.HP
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [Brak pliku]
    FF SearchPlugin: C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\searchplugins\avg-secure-search.xml [2016-04-14]
    FF SearchPlugin: C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\searchplugins\do-search.xml [2015-12-13]
    FF SearchPlugin: C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\searchplugins\findit.xml [2016-04-06]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-06]
    FF Extension: AVG Web TuneUp - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\Extensions\avg@toolbar.xpi [2016-04-14]
    FF Extension: Newtab - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\Extensions\deskCutv2@gmail.com [2015-12-05] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\Extensions\yahooprotected@gmail.com.xpi [2015-12-05] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\extensions\searchffv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Maciek\AppData\Roaming\Mozilla\Firefox\Profiles\464b2ull.default-1428220179014\extensions\sweetsearch@gmail.com => nie znaleziono
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
    CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1433881713&z=827dda371a75711894f8548gbzcc2cdb9b6g6mcz7q&from=cor&uid=ST9500420AS_5VJ1G4CT"
    CHR Extension: (SafeFinder New Tab) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnaihaddpogmkclkahpcnhppgapinpe [2016-04-09]
    CHR HKU\S-1-5-21-4200436672-2902011508-2235222109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [knnaihaddpogmkclkahpcnhppgapinpe] - hxxps://clients2.google.com/service/update2/crx
    S2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [X]
    S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
    S0 aswRvrt; Brak ImagePath
    S0 aswVmm; Brak ImagePath
    U3 amqgrnku; C:\Windows\System32\Drivers\amqgrnku.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S0 81096230; system32\drivers\50688896.sys [X]
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [X]
    S1 aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [X]
    S1 aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [X]
    S1 aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [X]
    S3 aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [X]
    S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X]
    S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
    S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
    S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
    S3 btwampfl; system32\drivers\btwampfl.sys [X]
    S3 btwaudio; system32\drivers\btwaudio.sys [X]
    S3 btwavdt; system32\drivers\btwavdt.sys [X]
    S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
    S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
    S3 dump_wmimmc; \??\C:\Program Files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [X]
    U4 eabfiltr; Brak ImagePath
    S3 GGSAFERDriver; \??\C:\Users\Maciek\Desktop\Bypass Garena + blackshot Hack\Garena bypass\safedrv.sys [X]
    S2 HWiNFO32; \??\C:\Users\Maciek\AppData\Local\Temp\Rar$EX00.438\HWiNFO64A.SYS [X]
    S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
    S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    2016-04-29 16:53 - 2016-04-29 16:53 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 983262.crdownload
    2016-04-28 23:00 - 2016-04-28 23:00 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 419483.crdownload
    2016-04-25 22:45 - 2016-04-25 22:45 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 854926.crdownload
    2016-04-25 00:33 - 2016-04-30 13:25 - 00199410 _____ C:\Users\Maciek\Downloads\OTL.Txt
    2016-04-24 23:42 - 2016-04-24 23:42 - 00602112 _____ (OldTimer Tools) C:\Users\Maciek\Downloads\OTL_[www.programosy.pl].exe
    2016-04-24 23:39 - 2016-04-24 23:39 - 00602112 _____ (OldTimer Tools) C:\Users\Maciek\Downloads\Niepotwierdzony 911401.crdownload
    2016-04-24 23:39 - 2016-04-24 23:39 - 00602112 _____ (OldTimer Tools) C:\Users\Maciek\Downloads\Niepotwierdzony 567579.crdownload
    2016-04-24 17:33 - 2016-04-24 17:33 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 97510.crdownload
    2016-04-23 21:15 - 2013-06-13 13:17 - 414242893 ____T C:\308B.tmp
    2016-04-22 00:58 - 2016-04-22 00:58 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 357872.crdownload
    2016-04-19 00:27 - 2016-04-19 00:27 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 754552.crdownload
    2016-04-15 18:23 - 2016-04-15 18:23 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 134052.crdownload
    2016-04-13 21:02 - 2016-04-13 21:02 - 00874648 _____ (Google Inc.) C:\Users\Maciek\Downloads\Niepotwierdzony 753966.crdownload
    2016-04-09 18:21 - 2016-04-09 18:22 - 00000000 ____D C:\Program Files (x86)\SpeedSearchesbnd
    2016-04-09 18:21 - 2016-04-09 18:21 - 00015156 _____ C:\Windows\System32\Tasks\WinTsks
    2016-04-09 18:21 - 2016-04-09 18:21 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-04-09 18:21 - 2016-04-09 18:21 - 00000000 ____D C:\Program Files (x86)\WinTsks
    2016-04-09 18:21 - 2016-04-09 18:21 - 00000000 ____D C:\Program Files (x86)\WinSvces
    2016-04-09 18:20 - 2016-04-09 18:20 - 00085025 _____ C:\Users\Maciek\Downloads\SketchUpPro-en-x64.exe.zip
    2016-04-06 21:13 - 2016-04-09 17:52 - 00000000 ____D C:\ProgramData\Quotenamron
    2016-04-06 21:13 - 2016-04-06 21:13 - 01932216 _____ C:\Users\Maciek\AppData\Roaming\Domlax.bin
    2016-04-06 21:13 - 2016-04-06 21:13 - 00000000 ____D C:\ProgramData\Quotenamrons
    2016-04-06 21:12 - 2016-04-06 21:12 - 06504960 _____ C:\Users\Maciek\AppData\Roaming\agent.dat
    2016-04-06 21:12 - 2016-04-06 21:12 - 01626591 _____ C:\Users\Maciek\AppData\Roaming\Dingtom.tst
    2016-04-06 21:12 - 2016-04-06 21:12 - 00127488 _____ C:\Users\Maciek\AppData\Roaming\Installer.dat
    2016-04-06 21:12 - 2016-04-06 21:12 - 00126464 _____ C:\Users\Maciek\AppData\Roaming\noah.dat
    2016-04-06 21:12 - 2016-04-06 21:12 - 00065856 _____ C:\Users\Maciek\AppData\Roaming\Config.xml
    2016-04-06 21:12 - 2016-04-06 21:12 - 00035205 _____ C:\Users\Maciek\AppData\Roaming\inst.lat
    2016-04-06 21:12 - 2016-04-06 21:12 - 00018432 _____ C:\Users\Maciek\AppData\Roaming\Main.dat
    2016-04-06 21:12 - 2016-04-06 21:12 - 00014448 _____ C:\Users\Maciek\AppData\Roaming\InstallationConfiguration.xml
    2016-04-06 21:12 - 2016-04-06 21:12 - 00005568 _____ C:\Users\Maciek\AppData\Roaming\md.xml
    2016-04-06 21:11 - 2016-04-06 21:11 - 00976367 _____ C:\Users\Maciek\Downloads\MiniTool-Partition-Wizard-Free-15710-dp.zip
    2016-04-06 19:12 - 2016-04-06 21:11 - 01035912 _____ (Cahelagoka ) C:\Users\Maciek\Desktop\MiniTool-Partition-Wizard-Free-15710-dp.exe
    2016-04-06 19:12 - 2016-04-06 21:11 - 00975965 _____ C:\Users\Maciek\Desktop\MiniTool-Partition-Wizard-Free-15710-dp.zip
    2016-04-02 22:48 - 2016-04-02 22:48 - 01068339 _____ ( ) C:\Users\Maciek\Downloads\installer_Free_Clipboard_Viewer_sciagnij (1).exe
    2016-04-02 22:47 - 2016-04-02 22:48 - 01068339 _____ ( ) C:\Users\Maciek\Downloads\installer_Free_Clipboard_Viewer_sciagnij.exe
    2016-02-28 20:09 - 2016-04-12 17:13 - 00000351 _____ C:\prefs.js
    2016-02-02 11:50 - 2016-02-02 11:50 - 00221184 _____ C:\Users\Maciek\Downloads\installer (3).exe
    2016-02-02 11:50 - 2016-02-02 11:50 - 00221184 _____ C:\Users\Maciek\Downloads\installer (2).exe
    2014-02-08 00:09 - 2014-05-08 20:42 - 0003743 _____ () C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10safeguard-secure-search.xml
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0