Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące reklamy w przeglądarkach - prośba o sprawdzenie logów FRST

user007 06 Lip 2017 09:56 786 5
  • #1 06 Lip 2017 09:56
    user007
    Poziom 8  

    Tak jak w temacie prosiłbym o sprawdzenie logów FRST. Reklamy samoistnie wyskakują w najróżniejszych momentach co jest bardzo uciążliwe. Komputer skanowany adwcleanerm, trochę się polepszyło, jednak nie wyeliminowało problemu w 100%, dlatego zwracam się do Was z prośbą o pomoc

    0 5
  • CControls
  • Pomocny post
    #2 06 Lip 2017 10:05
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-180759767-3818507846-1001368108-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => Brak pliku
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    Task: {35BAC1F7-54AE-4E8C-9692-98D763DE4457} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
    Task: {7D36EB09-D69E-4007-BED0-90E068D23DC6} - System32\Tasks\Mojcult Update => C:\Program Files (x86)\Stotutralcult\vuciward.exe [2017-05-09] (Google Inc.)
    Task: {CC526461-5B54-4BE1-94C3-B34BE3807809} - System32\Tasks\Easy Access Viewer => Rundll32.exe "C:\Program Files\Easy Access Viewer\Easy Access Viewer.dll",CDBEfgK <==== UWAGA
    Task: {FDD3F422-1AFB-45BE-B158-A998702EB650} - System32\Tasks\Opera scheduled Autoupdate 1497336418 => C:\Program Files\Opera\launcher.exe [2017-06-27] (Opera Software)
    HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
    HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
    HKLM-x32\...\Run: [] => [X]
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA




    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-180759767-3818507846-1001368108-1000\...\MountPoints2: {01913313-7412-11e6-9a62-b4b52fc684b4} - J:\autorun.exe
    HKU\S-1-5-21-180759767-3818507846-1001368108-1000\...\MountPoints2: {198a9f16-4e22-11e6-b214-b4b52fc684b4} - E:\LGAutoRun.exe
    HKU\S-1-5-21-180759767-3818507846-1001368108-1000\...\MountPoints2: {9a8ea4ff-c453-11e6-b198-b4b52fc684b4} - E:\autorun.exe
    HKU\S-1-5-21-180759767-3818507846-1001368108-1000\...\MountPoints2: {d92dee74-d346-11e6-ac1b-b4b52fc684b4} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-180759767-3818507846-1001368108-1000\...\MountPoints2: {e73973fa-2af9-11e6-8fb7-b4b52fc684b4} - J:\HTC_Sync_Manager_PC.exe
    HKLM\...\Providers\e056fu7s: C:\Program Files (x86)\Mojcult Update\local64spl.dll <==== UWAGA
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellExecuteHooks: Brak nazwy - {35EC203A-316C-11E7-8C42-64006A5CFC23} - C:\Users\TV\AppData\Roaming\Patusreojole\Chigent.dll -> Brak pliku <==== UWAGA
    AutoConfigURL: [S-1-5-21-180759767-3818507846-1001368108-1000] => hxxp://unstopaccess.net/wpad.dat?9bcab9676a6021c31cc3f173807baf0230854705
    ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?9bcab9676a6021c31cc3f173807baf0230854705
    RemoveProxy:
    FF user.js: detected! => C:\Users\TV\AppData\Roaming\Mozilla\Firefox\Profiles\yina6rt8.default-1495522743063\user.js [2017-06-01]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
    S2 WinZip Smart Monitor Service; "C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe" [X]
    2017-07-06 09:41 - 2017-07-06 09:42 - 00602112 _____ (OldTimer Tools) C:\Users\TV\Downloads\OTL.exe
    2017-06-13 08:38 - 2017-05-23 08:30 - 00000000 ____D C:\AdwCleaner
    2017-05-11 15:41 - 2017-05-11 15:41 - 0000000 ____H () C:\Users\TV\AppData\Local\BIT262F.tmp
    C:\Program Files (x86)\Stotutralcult\
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • Pomocny post
    #4 02 Sie 2017 13:26
    krzychupar
    Poziom 41  

    Odinstaluj:
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)

    Otwórz notatnik systemowy i wklej:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    Task: {0C9DEDBD-8CE2-4DAD-9E68-12F7C2DEC875} - System32\Tasks\Opera scheduled Autoupdate 1493844527 => C:\Users\Paulina\AppData\Local\Programs\Opera\launcher.exe [2017-07-18] (Opera Software)
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
    BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\Paulina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-07-13]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
    2017-08-02 09:34 - 2017-08-02 09:39 - 000000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #6 28 Sie 2017 19:24
    Kolobos
    Spec od komputerów

    Odinstaluj Winamp Toolbar

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie.

    Wykonaj Fixlist.txt:
    Task: {3A161ECA-7BA2-4489-928F-C68A64C20945} - System32\Tasks\{47941F27-A95D-4673-9CDE-1F9AF0AE710D} => E:\Deluxe Ski Jump 3\DSJ3.exe
    Task: {3DFB699C-9448-48C0-9E34-1EAA79A66F4A} - System32\Tasks\{80B664B9-3C15-49C6-BCEA-27B2AE15CFE8} => E:\Deluxe Ski Jump 3\DSJ3.exe
    Task: {401B7B73-264E-4C03-A27E-94FA161285EB} - System32\Tasks\{4167DEFB-A1BC-4D3C-AD06-92AA42D7A918} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
    Task: {4656CFCA-02E9-4F0F-8CB8-2ADF847D8ADA} - System32\Tasks\{704E6A2F-EE2B-4EE2-A42E-1D623E6F2D0B} => C:\Windows\system32\pcalua.exe -a C:\Users\Norbert\Downloads\PLPfix..exe -d C:\Users\Norbert\Downloads
    Task: {4BC0B600-66E9-457D-9B17-771831A4A96C} - System32\Tasks\{5117C10F-79BA-47F1-BFC6-093E4E594ABB} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\SOFTON~1\UNWISE.EXE -c /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
    Task: {68376999-415D-4337-A778-C7F7EA6AEF42} - System32\Tasks\{80A71AD5-C2FB-4DBE-A230-F2DB628EF0D0} => C:\Windows\system32\pcalua.exe -a "C:\Users\Norbert\Desktop\Deluxe Ski Jump 2.1P (DSJ).up.by.Genocide\Deluxe Ski Jump 2.1P (DSJ).exe" -d "C:\Users\Norbert\Desktop\Deluxe Ski Jump 2.1P (DSJ).up.by.Genocide"
    Task: {76AC66F3-6CAA-484B-B7B9-1C7BF4BE500D} - System32\Tasks\{E0628788-2D1B-4FE7-B70C-B6FB83D1ABD7} => C:\Windows\system32\pcalua.exe -a F:\NVSETUP.exe -d F:\
    Task: {7C200AAA-E52F-45DD-88B2-9254F400C081} - System32\Tasks\{A7ACF3F4-B042-4DA2-B2A5-8560B38C4BDA} => E:\Deluxe Ski Jump 3\DSJ3.exe
    Task: {88A5BCCC-2005-4939-82D3-4E61838832F1} - System32\Tasks\{A3445F5C-B42C-48E0-BBFD-742BB7E43868} => D:\Power\powerpoint_viewer_2003.exe
    Task: {8E10BBF9-6448-4E80-8366-1FD24F4DB4E2} - System32\Tasks\{52D1307F-C490-4CD6-A6D9-6280FF909835} => C:\Windows\system32\pcalua.exe -a "C:\Users\Norbi\Desktop\Firefox Setup 3.6.exe" -d C:\Users\Norbi\Desktop
    Task: {94F8F78E-B1CA-4238-A6D2-B36D5B31F42E} - System32\Tasks\{A1A09DDC-A7B8-4E63-A2C6-CA43CCC2EA70} => D:\Power\powerpoint_viewer_2003.exe
    Task: {99C6394A-EA36-4D13-89F9-ABA24B18983F} - System32\Tasks\{2552E5E9-0A79-4A72-9434-8A4A46F66FCF} => C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE [2009-04-16] (Microsoft Corporation)
    Task: {E4589FBD-000A-41BD-9297-153301282963} - System32\Tasks\{64595C9E-2662-4CF6-8DD8-271958AC28D5} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.0.0.126/pl/abandoninstall?page=tsProgressBar
    Task: {E4ED2540-6CEF-4932-BC28-05A297AEC9F5} - System32\Tasks\{9C72F49A-C22D-476A-A4B4-B8FF9835414C} => C:\Windows\system32\pcalua.exe -a "E:\Deluxe Ski Jump 3\Setup.exe" -d "E:\Deluxe Ski Jump 3"
    Task: {F01754A1-E913-490E-975B-F21CBFD093F2} - System32\Tasks\{035CA752-E8D1-419A-B0AD-DA804539C66D} => E:\Deluxe Ski Jump 3\DSJ3.exe
    Task: {F50FCE7C-BD72-48F9-AB46-35C1D394CBEB} - System32\Tasks\{2785C829-FD40-44CB-B201-B7C07E1A087D} => C:\Windows\system32\pcalua.exe -a C:\Users\Norbi\Desktop\aresregular211_installer.exe -d C:\Users\Norbi\Desktop
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-2827710728-2484637411-2087708467-1001\...\MountPoints2: {46588679-47ed-11df-be13-00241d6a1f59} - K:\autorun_PES2008.exe
    HKU\S-1-5-21-2827710728-2484637411-2087708467-1001\...\MountPoints2: {571077b7-333f-11e3-aed9-00241d6a1f59} - H:\LGAutoRun.exe
    AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-09-22] ()
    AppInit_DLLs: C:\PROGRA~1\MUSICT~1\Datamngr\mgrldr.dll => Brak pliku
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll <==== UWAGA
    HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...Czu1L1C1H1B1QtCtDtA&cr=1318201291&ir=
    HKU\S-1-5-21-2827710728-2484637411-2087708467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.pl/ig
    HKU\S-1-5-21-2827710728-2484637411-2087708467-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    URLSearchHook: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 - (Brak nazwy) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0DyC0AtC0FyDzytDyEyCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1318201291&ir=
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0DyC0AtC0FyDzytDyEyCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1318201291&ir=
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
    SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
    SearchScopes: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    BHO: Brak nazwy -> {15a0413e-9f45-4d45-9a75-2c20b15b5b51} -> Brak pliku
    BHO: Brak nazwy -> {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} -> Brak pliku
    BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Users\Norbert\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll => Brak pliku
    Toolbar: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Toolbar: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> Brak nazwy - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - Brak pliku
    Toolbar: HKU\S-1-5-21-2827710728-2484637411-2087708467-1001 -> Brak nazwy - {32099AAC-C132-4136-9E9A-4E364A424E17} - Brak pliku
    FF user.js: detected! => C:\Users\Norbi\AppData\Roaming\Mozilla\Firefox\Profiles\qsf31vek.default\user.js [2017-08-28]
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\qsf31vek.default -> Mysearchdial
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\qsf31vek.default -> Bing
    FF Extension: (Bing Search) - C:\Users\Norbi\AppData\Roaming\Mozilla\Firefox\Profiles\qsf31vek.default\Extensions\bingsearch.full@microsoft.com [2015-04-21] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Norbi\AppData\Roaming\Mozilla\Firefox\Profiles\qsf31vek.default\searchplugins\Ask.xml [2013-10-01]
    FF SearchPlugin: C:\Users\Norbi\AppData\Roaming\Mozilla\Firefox\Profiles\qsf31vek.default\searchplugins\Mysearchdial.xml [2013-10-25]
    CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0DyC0AtC0FyDzytDyEyCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1318201291&ir=","hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-876&v=a9397-122&t=4"
    CHR HKLM\...\Chrome\Extension: [ddkpepdilbfaccbiljmaflabkcbgjfin] - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Paulina\AppData\Local\mysearchdial-speeddial.crx [2013-10-25]
    CHR HKU\S-1-5-21-2827710728-2484637411-2087708467-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    S3 AresChatServer; D:\Ares\chatServer.exe [X]
    S2 DatamngrCoordinator; C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X]
    EmptyTemp:

    0