CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-3640241414-2537619284-2301328848-1002\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Krzysztof\AppData\Local\Temp\ALLRemote.exe [2305896 2018-12-08] (ALLPlayer ) <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1476273906&z=c8751465124076a75d8cd8dg2zfm3q8ofm2c3bbb8c&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9BGC30545&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476273906&z=c8751465124076a75d8cd8dg2zfm3q8ofm2c3bbb8c&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9BGC30545
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1476273906&z=c8751465124076a75d8cd8dg2zfm3q8ofm2c3bbb8c&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9BGC30545&q={searchTerms}
HKU\S-1-5-21-3640241414-2537619284-2301328848-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1476273906&z=c8751465124076a75d8cd8dg2zfm3q8ofm2c3bbb8c&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9BGC30545
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3640241414-2537619284-2301328848-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
FF Homepage: Firefox\Firefox\Profiles\w31tszh2.default -> hxxp://www.searchinme.com/?type=hp&ts=1477064390974&z=&from=official&uid=ST1000LM024XHN-M101MBB_S32XJ9BGC30545
FF SearchPlugin: C:\Users\Krzysztof\AppData\Roaming\Firefox\Firefox\Profiles\w31tszh2.default\searchplugins\searchinme.xml [2016-09-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-3640241414-2537619284-2301328848-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Easthas\Application\chrome.exe <==== UWAGA
S2 0238911538335014mcinstcleanup; C:\WINDOWS\TEMP\023891~1.EXE -cleanup -nolog [X]
SafeFinder (HKLM-x32\...\{149E2403-2CB7-4DA1-A8C0-14746849F702}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
WorldofTanks (HKLM-x32\...\WorldofTanks) (Version:  - ) <==== UWAGA
HKU\S-1-5-21-3640241414-2537619284-2301328848-1002\...\ChromeHTML: -> "C:\Program Files (x86)\Easthas\Application\chrome.exe" "%1" <==== UWAGA
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {3FA502F2-03A4-410C-A371-B68902C4A9B5} - System32\Tasks\BossseedUpdateTaskMachineUA => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== UWAGA
Task: {8009BDC1-3E31-407F-A5B8-D7BF9E036166} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {DB32FA45-C6FA-4922-9ED8-9D98A199E429} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== UWAGA
C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION\AION.lnk
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
FirewallRules: [UDP Query User{D7FEA97D-89AF-4D71-8A7F-9FA2FA54AADC}C:\users\krzysztof\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\krzysztof\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh
FirewallRules: [TCP Query User{52C95C19-7A70-4505-BD2A-4CC474BDF71E}C:\users\krzysztof\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\krzysztof\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh
FirewallRules: [{61ED915A-3D23-4ADF-A91A-33A826A06EFC}] => (Allow) LPort=8317
C:\users\krzysztof\appdata\local\gamerhash
C:\Program Files (x86)\Easthas
C:\Program Files (x86)\Bossseed
C:\Users\Krzysztof\Desktop\GamerHash.lnk
C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launcher\Launcher.lnk
C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 v1.2.0\2-click run\Farming Simulator 15 v1.2.0\Farming Simulator 15.lnk
C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run\Farming Simulator 15 v1.2.0\Farming Simulator 15.lnk
C:\Users\mkuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
CMD: ipconfig /flushdns
RemoveProxy: