CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM-x32\...\Run: [gmsd_gb_004010035] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {12dd5c96-81f3-11e6-82dd-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {1430da78-adea-11e7-830f-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {143cb3d2-9b86-11e7-830c-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {3151893a-e007-11e7-8336-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {6b9959bd-6be7-11e7-8306-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {6ead553e-ec80-11e7-8353-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {9a393dc7-326c-11e7-82fb-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {a3e589b2-364d-11e8-83ec-206a8aa9f532} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {bc2efa37-34fe-11e6-82c6-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {bc2efcb5-34fe-11e6-82c6-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {bc2efce9-34fe-11e6-82c6-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {e4215058-e885-11e4-824c-806e6f6e6963} - "D:\AutoRun\AutoRunX\AutoRunX.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {efdebc5d-df10-11e7-8332-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\MountPoints2: {fd0ea591-c62d-11e7-8313-206a8aa9f532} - "E:\HiSuiteDownLoader.exe" AppInit_DLLs-x32: c:\progra~3\{7e859~1\201~1.9\nali.dll => c:\ProgramData\{7E859646-2E07-47C0-9F81-37424F03E4CC}\2.0.1.9\nali.dll [606720 2015-07-15] () AppInit_DLLs-x32: c:\progra~3\{7e859~1\1172~1.1\nali.dll => Brak pliku GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1430950433&z=eb15f493ccfc46a740a08ffg1zaceebtfw9ebz2e1o&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXP1E7490W7X90W7X&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1430950433&z=eb15f493ccfc46a740a08ffg1zaceebtfw9ebz2e1o&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXP1E7490W7X90W7X&q={searchTerms} HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_kmpswt_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyDyBtCzztC0AyByBzytBzy0B0DyBtN0D0Tzu0StCyEtCzztN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtByCtByDtB0AyBtGyBtAyCtCtGyEyD0AyBtGyD0F0CtCtG0CtD0FtCyCtC0Dzy0C0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzzzzyCyE0D0BtGyEyCtCyDtGyEzyyB0FtG0ByC0CzztG0AyDtCtCyBzytAzzyEtD0EtC2QtN0A0LzuyE%26cr%3D1185266999%26a%3Dwncy_kmpswt_15_47%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_kmpswt_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyDyBtCzztC0AyByBzytBzy0B0DyBtN0D0Tzu0StCyEtCzztN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtByCtByDtB0AyBtGyBtAyCtCtGyEyD0AyBtGyD0F0CtCtG0CtD0FtCyCtC0Dzy0C0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzzzzyCyE0D0BtGyEyCtCyDtGyEzyyB0FtG0ByC0CzztG0AyDtCtCyBzytAzzyEtD0EtC2QtN0A0LzuyE%26cr%3D1185266999%26a%3Dwncy_kmpswt_15_47%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-db8db7db&q={searchTerms} SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_29&cd=2XzuyEtN2Y1L1QzuyCtDyDyBtCzztC0AyByBzyyDzy0B0DyBtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAyE0F0D0CtAyD0EtGtCyD0EtCtG0A0FtAyEtGtA0CtDyDtGtByEyCtAtCyD0F0DyEyD0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyC0EtA0EyBzztG0E0EtA0FtGyE0ByBtCtG0A0EzzyEtG0C0BtAyE0B0C0B0DyEzz0C0F2QtN0A0LzuyE&cr=1880234349&ir= SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3102615040-3944751782-1148747084-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325157&octid=EB_ORIGINAL_CTID&ISID=ME4EAC15F-C0D0-4C75-995A-6FB481EDD665&SearchSource=58&CUI=&UM=8&UP=SP803F9D53-1F14-4941-8F90-6455233B74B7&D=072015&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3102615040-3944751782-1148747084-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_kmpswt_15_47¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyDyBtCzztC0AyByBzytBzy0B0DyBtN0D0Tzu0StCyEtCzztN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtByCtByDtB0AyBtGyBtAyCtCtGyEyD0AyBtGyD0F0CtCtG0CtD0FtCyCtC0Dzy0C0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzzzzyCyE0D0BtGyEyCtCyDtGyEzyyB0FtG0ByC0CzztG0AyDtCtCyBzytAzzyEtD0EtC2QtN0A0LzuyE%26cr%3D1185266999%26a%3Dwncy_kmpswt_15_47%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-3102615040-3944751782-1148747084-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-db8db7db&q={searchTerms} BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku CHR Extension: (Prezentacje Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Dokumenty Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Dysk Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Arkusze Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Zakładki iCloud) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Prezentacje Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Dokumenty Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Dysk Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Avast SafePrice) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Arkusze Google) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Twitcher Twitter Account Switcher) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmngpagflejjoblmmamaonmnkghjmebh [2015-08-19] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== UWAGA CHR Extension: (Avast Online Security) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (dregol New Tab) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-07-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA CHR Extension: (Twitcher Twitter Account Switcher) - C:\Users\CR-7\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmngpagflejjoblmmamaonmnkghjmebh [2015-08-19] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== UWAGA CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] HKU\S-1-5-21-3102615040-3944751782-1148747084-1001\...\ChromeHTML: -> <==== UWAGA ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {4EFAFB7F-7275-4704-AC7A-1866A1BD2C83} - System32\Tasks\Microsoft\Windows\Maintenance\OverLook Updater => C:\Users\CR-7\AppData\Local\A1BD3141-C013-DE45-A986-3805F2555D16\Runner.exe <==== UWAGA Task: {FAA6E891-215B-4508-B5F5-ACF0D8B385A7} - System32\Tasks\avastBCLRestart_chrome.exe => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Web.lnk C:\Users\CR-7\AppData\Roaming\Microsoft\Windows\SendTo\Android (ALLPlayer Pilot).lnk C:\Users\CR-7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk Reg: reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}" /f Reg: reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}" /f RemoveProxy: CMD: ipconfig /flushdns