kosa4321

Task: {653C5B11-BAA9-4161-862F-E9883E0B6AB8} - System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4 => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.exe [2014-07-17] (P-HD) <==== ATTENTION

Task: {A8A47D0B-9AC6-49C7-B980-814239119846} - System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11 => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.exe [2014-07-17] (P-HD) <==== ATTENTION

Task: {AFB2825A-811D-4926-A51E-BBB82B92E855} - System32\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3 => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.exe [2014-07-17] (P-HD) <==== ATTENTION

Task: {C697B381-4833-415D-A3FD-CAAA38D7E787} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {E237FB0B-F2A1-4FE7-9198-A5E4CCD4398D} - \5cb9b097-d74b-44f5-a55d-7af3d7a7e7ea-11 No Task File <==== ATTENTION

Task: C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.job => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.exe <==== ATTENTION

Task: C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.job => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.exe <==== ATTENTION

Task: C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.job => C:\Program Files (x86)\P-HD-V1.4\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.exe <==== ATTENTION

Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

Task: {F5986409-40E2-47F5-B5E1-7187EB0C907C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001UA => C:\Users\Abi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-13] (Facebook Inc.)

Task: {F5FB97AD-E632-4894-A338-B1D28553F7E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001Core => C:\Users\Abi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-13] (Facebook Inc.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001Core.job => C:\Users\Abi\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2373459085-1094487338-3103877305-1001UA.job => C:\Users\Abi\AppData\Local\Facebook\Update\FacebookUpdate.exe

() C:\ProgramData\IBUpdaterService\ibsvc.exe

HKLM-x32\...\Run: [tuto4pc_pl_5] => [X]

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C25A002682EAEA6D&affID=119676&tsp=4971

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=0

BHO: grreatsaver -> {BE84127E-28DF-A836-D6CC-6C621D810140} -> C:\Program Files (x86)\grreatsaver\2I.x64.dll ()

BHO-x32: grreatsaver -> {BE84127E-28DF-A836-D6CC-6C621D810140} -> C:\Program Files (x86)\grreatsaver\2I.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll No File

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

Task: {D74C80F5-9717-4B3B-A6C9-87AA40C1FEA7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe

Task: {822EC145-73BC-4289-8F79-87204CCD3A7B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe

FF user.js: detected! => C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\user.js

FF SearchPlugin: C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\searchplugins\babylon.xml

FF Extension: General Crawler - C:\Users\Abi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-06-03]

FF Extension: P-HD-V1.4 - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-07-17]

FF Extension: 7Go - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\7go@7go.com.xpi [2013-10-07]

FF Extension: PlusWinks - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\pluswinks@PlusWinks.xpi [2013-07-20]

FF Extension: BonanzaDeals - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2014-01-01]

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (No Name) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blelaljgakacjdeaggpjilljobdmboff [2014-07-21]

FF Extension: GoPhotoIt - C:\Users\Abi\AppData\Roaming\Mozilla\Firefox\Profiles\kcm40lfr.default\Extensions\gophoto@gophoto.it.xpi

CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Abi\AppData\Roaming\7go\7go.crx [2013-07-30]

CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Abi\AppData\Roaming\PlusWinks\PlusWinks.crx [2013-05-30]

CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx

S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]

S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe

R4 kl1; system32\DRIVERS\kl1.sys [X]

R4 KLIF; system32\DRIVERS\klif.sys [X]

R4 klkbdflt; system32\DRIVERS\klkbdflt.sys [X]

R4 klmouflt; system32\DRIVERS\klmouflt.sys [X]

R4 kltdi; system32\DRIVERS\kltdi.sys [X]

R4 kneps; system32\DRIVERS\kneps.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-4.job

C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-11.job

C:\Windows\Tasks\aa0c88a0-b2ee-4822-8fc3-7799d68112b0-3.job

C:\Windows\Tasks\5cb9b097-d74b-44f5-a55d-7af3d7a7e7ea-11.job

C:\Users\Abi\AppData\Local\Temp\6_Offer_6.exe

C:\Users\Abi\AppData\Local\Temp\c0dgfv0w.dll

C:\Users\Abi\AppData\Local\Temp\DownloadManager.exe

C:\Users\Abi\AppData\Local\Temp\Shockwave_Installer_FF.exe

ShortcutWithArgument: C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3 Beta 4.lnk -> C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe (Mozilla Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe (Mozilla Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 3 Beta 4\Mozilla Firefox (Tryb awaryjny).lnk -> C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe (Mozilla Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 3 Beta 4\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox 3 Beta 4\firefox.exe (Mozilla Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD5000BEVT-24A0RT0_WD-WXH1A80N9470N9470&ts=1370266894

Reboot:

C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Reboot:

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x104B00D1B1ABCF01
Reboot:

C:\ProgramData\FullRemove.exe
Task: {4C80EC9B-8575-43DA-B028-99123EF7A09A} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon No Task File <==== ATTENTION
Task: {B2590F7B-63A3-4F71-8D83-2652363044D6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d No Task File <==== ATTENTION
Task: {D70275AD-1E36-408E-8A29-D89E06CEAD30} - \{CC7AA7E6-0D0E-485E-B2EF-05B5FA8498BD} No Task File <==== ATTENTION
C:\Users\admin\AppData\Local\Temp\Quarantine.exe

Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\USER\AppData\Local\13154\a25729.exe <==== ATTENTION
System32\Tasks\AmiUpdXp => C:\Users\USER\AppData\Local\13154\a25729.exe
C:\Program Files\PCDApp\sgm.exe
C:\Program Files\PCDApp\libidn-11.dll
C:\Program Files\PCDApp\zlib1.dll
C:\Program Files\PCDApp\libpdcurses.dll
C:\Program Files\PCDApp\libgcc_s_dw2-1.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
FF NewTab: chrome://quick_start/content/index.html
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-29]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: http://istart.webssearches.com/web/?type=ds&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS&q={searchTerms}
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [65846 2014-06-28] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Program Files\PCDApp
C:\Program Files\SupTab
C:\ProgramData\IePluginServices
C:\ProgramData\WindowsMangerProtect
C:\Windows\Tasks\AmiUpdXp.job
C:\Users\USER\AppData\Local\13154
C:\Users\USER\BESTplayer.exe
[2013-09-11 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\PC Suite
[2014-07-05 00:38:48 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\webssearches
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://istart.webssearches.com/?type=sc&ts=1404513516&from=amt&uid=TOSHIBAXMK5055GSX_79RJS13JSXX79RJS13JS
Reboot:

S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

C:\Program Files\Enigma Software Group

C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

C:\Windows\System32\Tasks\{CC7AA7E6-0D0E-485E-B2EF-05B5FA8498BD}

C:\Users\admin\AppData\Roaming\1J1F1H1E2Y2Z1P1C1B2W1L1T2ZtF1E1I

C:\Users\admin\Downloads\Winamp Full 5.666.3516 [1].exe

C:\Users\admin\Downloads\WinKeyFinder175_[www.programosy.pl]

C:\Users\admin\Downloads\WinKeyFinder175_[www.programosy.pl].zip

C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon

C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d

[2012-02-24 13:55:25 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

Reboot:

Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\...\Winlogon: [shell] userinit.exe, [x ] () <=== ATTENTION
Run: [wsctf.exe] => wsctf.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {1b867a3e-f7b4-11e3-a15d-d084d408c786} - H:\g6jk.exe
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {58436ba9-1bb3-11e3-a018-0013d394575a} - H:\g6jk.exe
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {58cd2157-49f1-11e3-a065-8f86c81a3695} - H:\g6jk.exe
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {c4e18074-f9ea-11e2-9fdc-0013d394575a} - H:\EXPLORER.EXE
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {c4e18076-f9ea-11e2-9fdc-0013d394575a} - H:\g6jk.exe
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {c4e18077-f9ea-11e2-9fdc-0013d394575a} - I:\EXPLORER.EXE
HKU\S-1-5-21-1220945662-1958367476-682003330-1003\...\MountPoints2: {ce2ece1f-1609-11e3-a00f-0013d394575a} - H:\EXPLORER.EXE
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8C3A005345000000&affID=128491&tsp=5190
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8C3A005345000000&affID=128491&tsp=5190
BHO: SaveSense -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: SaveSense -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\SaveSense\SaveSenseIE.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-03] (SaveSense)
S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-03] (SaveSense)
C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X]
S4 IntelIde; No ImagePath
U0 mfewfpk;
U1 WS2IFSL;
Reboot:

Task: {25A6EC9B-7D8D-4520-9426-85180A9EEEB8} - System32\Tasks\4320 => Wscript.exe C:\Users\JA\AppData\Local\Temp\launchie.vbs //B

Task: {304E4752-CFC9-4B54-923B-6BF23386BEA0} - \QtraxPlayer No Task File <==== ATTENTION

Task: {716C595D-2265-47A0-8587-06CDBF511198} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION

Task: {E2D34351-2564-4416-A6B4-73C0725AD049} - System32\Tasks\{EE3D62CB-3607-4656-892F-F7EB4C4761F9} => Firefox.exe

C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-1427198255-2518711745-748073939-1000\...\Policies\system: [DisableChangePassword] 0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S1 SASDIFSV; \??\C:\Users\JA\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]

S1 SASKUTIL; \??\C:\Users\JA\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

S1 VIAPFD; \SystemRoot\System32\Drivers\VIAPFD.SYS [X]

S3 zgwhsmdm; system32\DRIVERS\gwhsmdm.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26871035.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75853406.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26871035.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75853406.sys => ""="Driver"

Reboot:

C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
S3 TBPanel; No ImagePath
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [X]
S2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [X]
FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {E427D921-9F08-476d-9177-8F73E02EF7FC} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Reboot:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
Reboot:

Free Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - Somoto Ltd) <==== ATTENTION
Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team) <==== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Program Files\Enigma Software Group
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\FullRemove.exe
C:\Users\Justyna\AppData\Local\PUTTY.RND
HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\...\Run: [AQQ] => D:\programy\aqq\WAPSTE~1\AQQ.exe
HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe
HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\...\Run: [Facebook Update] => "C:\Users\Justyna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
Reboot:

C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe

FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)

FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)

S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-24] (BonanzaDeals)

S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-24] (BonanzaDeals)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=MaxtorX6L160M0_L3DE22RH&ts=1393434361&type=default&q={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=MaxtorX6L160M0_L3DE22RH&ts=1393434361&type=default&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=MaxtorX6L160M0_L3DE22RH&ts=1393434361

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388677090&from=wpm0102&uid=MaxtorX6L160M0_L3DE22RH&q={searchTerms}

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FzztC0AyCyBtC0CtCzyyDyDtAtAyByCtN0D0Tzu0CyCyCtAtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=313826854&ir=

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=MaxtorX6L160M0_L3DE22RH&ts=1393434361&type=default&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A0FC00E04CE7E9FD

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=MaxtorX6L160M0_L3DE22RH&ts=1393434361&type=default&q={searchTerms}

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FzztC0AyCyBtC0CtCzyyDyDtAtAyByCtN0D0Tzu0CyCyCtAtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=313826854&ir=

ShortcutWithArgument: C:\Documents and Settings\User\Menu Start\Programy\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=MaxtorX6L160M0_L3DE22RH&ts=1373113996

ShortcutWithArgument: C:\Documents and Settings\User\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Uruchom przeglądarkę Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=MaxtorX6L160M0_L3DE22RH&ts=1373113996

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml

CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\DOCUME~1\User\USTAWI~1\DANEAP~1\mysearchdial-speeddial.crx [2013-10-24]

CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\DOCUME~1\User\USTAWI~1\DANEAP~1\mysearchdial-speeddial.crx [2013-10-24]

S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]

S4 IntelIde; No ImagePath

S3 massfilter_lte; \??\C:\WINDOWS\system32\drivers\massfilter_lte.sys [X]

U1 WS2IFSL;

S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]

S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]

S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]

S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]

S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]

C:\Documents and Settings\User\Moje dokumenty\Transmission(31167).exe

C:\Documents and Settings\All Users\Dane aplikacji\Babylon

C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive

C:\Documents and Settings\All Users\Dane aplikacji\WPM

C:\Documents and Settings\User\Dane aplikacji\0C1I1L1R1J0M1P0I1G

C:\Documents and Settings\User\Dane aplikacji\Babylon

C:\Documents and Settings\User\Dane aplikacji\Desk 365

C:\Documents and Settings\All Users\Dane aplikacji\eSafe

C:\Documents and Settings\All Users\Dane aplikacji\IePluginService

C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer

C:\Documents and Settings\User\Dane aplikacji\WebCake

C:\Documents and Settings\User\Dane aplikacji\eIntaller

C:\Documents and Settings\User\Dane aplikacji\DSite

C:\Documents and Settings\User\Dane aplikacji\eDownload

C:\Documents and Settings\User\Dane aplikacji\File Scout

C:\Documents and Settings\User\Dane aplikacji\mysearchdial

C:\Documents and Settings\User\Dane aplikacji\SupTab

C:\Documents and Settings\User\Dane aplikacji\SwvUpdater

C:\Documents and Settings\User\Dane aplikacji\Unity

Reboot:

Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION

Free Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - Somoto Ltd) <==== ATTENTION

Web Assistant 2.0.0.573 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.573 - IncrediBar) <==== ATTENTION

Media Player Classic - Home Cinema v1.4.2499.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC Team) <==== ATTENTION

HKU\S-1-5-21-1797806156-4127936074-2174673735-1000\...\Run: [AdobeBridge] => [X]

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

URLSearchHook: HKCU - (No Name) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - No File

URLSearchHook: HKCU - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033

SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://pl.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type=odc414&p={searchTerms}

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_29_ff&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FyCzy0FtBtA0FyDyBzyzztN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0AyBtD0B0ByDtGzytA0FtCtGyEtAzzzztG0A0AyEyEtGyCzz0F0A0B0AyC0AtDzz0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzz0F0FtCyBtC0DtGyB0B0A0DtGtB0E0CtDtGyC0EyCtBtGyCyCzy0B0F0Czz0ByCyByEyB2Q&cr=1530523135&ir=

C:\Program Files (x86)\globalUpdate

C:\Users\Justyna\AppData\Local\globalUpdate

C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys

C:\Windows\system32\Drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gw64.sys

AlternateDataStreams: C:\ProgramData\Temp:8530A643

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKCU - No Name - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

R1 {5178f938-0bd5-47c1-8242-71f6e3e72925}Gw64; C:\Windows\System32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gw64.sys [61120 2014-07-09] (StdLib)

R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61120 2014-07-18] (StdLib)

C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

C:\Program Files (x86)\Mozilla Firefox

C:\ProgramData\374311380

Reboot:

C:\Windows\sed.exe

C:\Windows\grep.exe

C:\Windows\zip.exe

C:\Windows\SWREG.exe

C:\Windows\SWSC.exe

C:\Windows\PEV.exe

C:\Windows\MBR.exe

C:\Users\k8\AppData\Local\{6680DA16-2056-409F-B751-BE901EBC73DA}

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U3 mfeavfk01; No ImagePath

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKLM-x32 - DefaultScope value is missing.

C:\Users\k8\AppData\Roaming\AVG

Reboot:

HKLM-x32\...\Run: [help] => C:\Users\SIWY\AppData\Roaming\InstallDir\help.exe

HKU\S-1-5-21-982367207-1440490565-2568245623-1001\...\Run: [wfirewall] => C:\Users\SIWY\AppData\Roaming\wfirewall\alg.exe

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-27]

C:\Users\SIWY\AppData\Roaming\wfirewall

Reboot:

Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\genesis_07131148.lnk
ShortcutTarget: genesis_07131148.lnk -> C:\users\mateusz\appdata\local\genesis_07131148\genesis_07131148.exe (No File)
Shortcut: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\genesis_07131148.lnk -> C:\users\mateusz\appdata\local\genesis_07131148\genesis_07131148.exe (No File)
Genesis (HKCU\...\genesis_07131148) (Version:  - ) <==== ATTENTION
Reboot:

HKU\S-1-5-21-129265271-3525497852-1072832283-1001\...\Run: [genesis_07131148] => c:\users\mateusz\appdata\local\genesis_07131148\genesis_07131148.exe [2199552 2014-07-13] (croquemitaine)

Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\genesis_07131148.lnk

ShortcutTarget: genesis_07131148.lnk -> C:\Users\Mateusz\AppData\Local\Genesis_07131148\Genesis_07131148.exe (croquemitaine)

Genesis (HKCU\...\genesis_07131148) (Version:  - ) <==== ATTENTION

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

SearchScopes: HKLM-x32 - DefaultScope value is missing.

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

CHR Plugin: (Google Update) - C:\Users\Mateusz\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File

C:\Users\Mateusz\AppData\Local\Genesis_07131148

C:\Users\Mateusz\AppData\Local\EmieUserList

C:\Users\Mateusz\AppData\Local\EmieSiteList

reboot:

Task: {DB45BCA3-413C-408E-B6B0-583F01871E90} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION

HKU\S-1-5-21-982367207-1440490565-2568245623-1001\...\Run: [help] => C:\Users\SIWY\AppData\Roaming\InstallDir\help.exe [81920 2010-11-21] ( )

HKU\S-1-5-21-982367207-1440490565-2568245623-1001\...\Run: [wfirewall] => C:\Users\SIWY\AppData\Roaming\wfirewall\alg.exe [81920 2014-06-02] ( )

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\system.pif ( )

Startup: C:\Users\SIWY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif ( )

SearchScopes: HKLM - {0CEEE379-BFE6-4B45-8C64-3632C458CFEB} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - DefaultScope value is missing.

S3 btmaux; system32\DRIVERS\btmaux.sys [X]

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

C:\ProgramData\AVG

C:\Users\SIWY\AppData\Local\AVG

C:\Users\SIWY\AppData\Local\Avg2014

C:\Users\SIWY\AppData\Roaming\InstallDir

C:\Users\SIWY\AppData\Roaming\OpenCandy

C:\Users\SIWY\AppData\Roaming\wfirewall

reboot: