CloseProcesses: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="services32.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers => ""="Service" U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [24184 2014-07-24] () [File not signed] HKLM\...\Run: [wxpdrv] => C:\Windows\services32.exe [1204736 2011-10-31] (Cronosoft) HKLM\...\Run: [tray_ico] => [X] HKLM\...\Run: [tray_ico0] => C:\Windows\update.tray-14-0\svchost.exe HKLM\...\Run: [tray_ico1] => C:\Windows\update.tray-7-0\svchost.exe HKLM\...\Run: [tray_ico2] => [X] HKLM\...\Run: [tray_ico3] => [X] HKLM\...\Run: [tray_ico4] => [X] HKLM\...\Run: [fst_pl_131] => [X] HKLM\...\RunOnce: [removeSearchqutoolbar] => cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=scpp&ts=1411803067&from=wpm0226&uid=WDCXWD5000AAKS-00V0A0_WD-WCAWFC35827658276 ShortcutWithArgument: C:\Users\Nowa Era\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=scpp&ts=1411803067&from=wpm0226&uid=WDCXWD5000AAKS-00V0A0_WD-WCAWFC35827658276 ShortcutWithArgument: C:\Users\Nowa Era\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=scpp&ts=1411803067&from=wpm0226&uid=WDCXWD5000AAKS-00V0A0_WD-WCAWFC35827658276 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=scpp&ts=1411803067&from=wpm0226&uid=WDCXWD5000AAKS-00V0A0_WD-WCAWFC35827658276 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = C:\Program Files\Common Files\AVG Secure Search C:\Program Files\ExpressFiles C:\Program Files\FLVM Player C:\Program Files\FoxTabPDFReader C:\Program Files\MyFree Codec C:\Program Files\Opera C:\Program Files\PCDApp C:\Program Files\predm C:\Program Files\QuestBasic C:\Program Files\SmartTweak Software C:\Program Files\SupTab C:\Program Files\v9Soft C:\Program Files\WinZipper C:\ProgramData\Breowsse2isavee C:\ProgramData\InstallMate C:\ProgramData\MaegnaiPIc C:\ProgramData\Search-NewTab C:\ProgramData\TEMP C:\ProgramData\WindowsProtectManger C:\ProgramData\WPM C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deinstalator Strony V9.lnk C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnniPici C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartTweak Software C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtualmt2 C:\Users\bbbb\AppData\Local\5e981d0d C:\Users\bbbb\AppData\Local\SWDS C:\Users\bbbb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk C:\Users\bbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run C:\Users\bbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17 C:\Users\bbbb\Desktop\OK.url C:\Users\bbbb\Desktop\Otwórz lokalicacje pliku worms3d.lnk C:\Users\Nowa Era\AppData\Local\Akamai C:\Users\Nowa Era\AppData\Local\MoboGenie C:\Users\Nowa Era\AppData\Local\NVIDIA Corporation C:\Users\Nowa Era\AppData\Local\Opera C:\Users\Nowa Era\AppData\Local\Opera Software C:\Users\Nowa Era\AppData\Local\Oxy C:\Users\Nowa Era\AppData\Local\Pokki C:\Users\Nowa Era\AppData\Roaming\newnext.me C:\Users\Nowa Era\AppData\Roaming\Opera C:\Users\Nowa Era\AppData\Roaming\Opera Software C:\Users\Nowa Era\AppData\Roaming\Oxy C:\Users\Nowa Era\AppData\Roaming\TornTV.com C:\Users\Nowa Era\AppData\Roaming\TuneUp Software\TU2013\StartUp Manager\Wyłącz obiekty\Oxy.lnk C:\Users\Nowa Era\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk C:\Users\Nowa Era\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker C:\Users\Nowa Era\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player C:\Users\Nowa Era\AppData\Roaming\Microsoft\Windows\SendTo\МойМир@Mail.ru.lnk C:\Users\Nowa Era\Desktop\FLVM Player.lnk C:\Users\Nowa Era\Documents\Mobogenie C:\Users\Hasło!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames C:\Users\Hasło!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU C:\Users\Hasło!!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk C:\Users\Hasło!!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\*.lnk C:\Windows\$NtUninstallKB48234$ C:\Windows\proc_list1.log C:\Windows\services32.exe C:\Windows\ShellNew\EXCEL12.XLSX C:\Windows\ShellNew\MSPUB.PUB C:\Windows\ShellNew\PWRPNT12.PPTX C:\Windows\System32\Drivers\aswHwid.sys Reg: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /t REG_SZ /d "" /f CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: netsh winsock reset CMD: dir /a "C:\Program Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\bbbb\AppData\Local CMD: dir /a C:\Users\bbbb\AppData\LocalLow CMD: dir /a C:\Users\bbbb\AppData\Roaming CMD: dir /a "C:\Users\Nowa Era\AppData\Local" CMD: dir /a "C:\Users\Nowa Era\AppData\LocalLow" CMD: dir /a "C:\Users\Nowa Era\AppData\Roaming" EmptyTemp: