CloseProcesses:
CreateRestorePoint:
C:\Program Files\SFK
R2 SSFK; C:\Program Files\SFK\SSFK.exe [411648 2015-09-04] (TODO: <公司名>) [Brak podpisu cyfrowego]
HKLM\...\Run: [mbot_pl_014010068] => [X]
HKLM\...\Run: [gmsd_pl_005010068] => [X]
HKLM\...\Run: [gmsd_pl_005010069] => [X]
HKLM\...\Run: [gmsd_pl_005010070] => [X]
HKLM\...\Run: [rec_pl_65] => [X]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1441381045&z=e623de5bbc775031e7aaaeeg9zez5gccab5e1q4e1q&from=slbnew&uid=HitachiXHTS545050B9A300_110203PBN403M7F0XE3EX
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\extensions\defsearchp@gmail.com
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\aijsq4bo.default-1440617259547\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=1441381045&z=e623de5bbc775031e7aaaeeg9zez5gccab5e1q4e1q&from=slbnew&uid=HitachiXHTS545050B9A300_110203PBN403M7F0XE3EX
CHR Extension: (CinemaP-1.9cV23.08) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartse...PBN403M7F0XE3EX
OPR Extension: (CinemaP-1.9cV23.08) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-23]
OPR Extension: (High Stairs) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\fgebpiphakabkmklhijpogchbgpmebjg [2015-08-26]
S4 funimilo; C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041\knsv596A.tmp [640000 2015-08-28] () [Brak podpisu cyfrowego]
2015-09-04 17:37 - 2015-09-04 17:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\mystartsearch
2015-09-04 17:34 - 2015-09-04 17:34 - 00000000 ____D C:\Program Files\predm
2015-08-26 19:04 - 2015-09-04 11:40 - 00000000 ____D C:\ProgramData\DWinManProD
2015-08-26 19:04 - 2015-08-26 19:04 - 00000124 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-25 10:29 - 2015-08-25 10:29 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsc868F.tmp
2015-08-24 12:20 - 2015-08-24 12:20 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsiCE96.tmp
2015-08-23 10:39 - 2015-08-25 15:21 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-23 10:39 - 2015-08-25 15:21 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-23 10:39 - 2015-08-25 15:21 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-23 10:38 - 2015-08-23 10:37 - 00613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsi7192.tmp
2015-08-23 10:34 - 2015-08-23 10:34 - 00000862 _____ C:\Windows\Tasks\SmartWeb Upgrade Trigger Task.job
2015-08-23 10:34 - 2015-08-23 10:34 - 00000456 _____ C:\Windows\Tasks\WordSurfer Auto Updater 1.10.0.19 Core.job
2015-08-23 10:06 - 2015-09-04 17:54 - 00072009 _____ C:\Windows\WindowsUpdate.log
2015-08-23 09:58 - 2015-08-23 09:58 - 00001006 _____ C:\Windows\Tasks\ED9LQt0xEB9HY7EmP.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00001002 _____ C:\Windows\Tasks\70u8DEbO6VurusO.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00000484 _____ C:\Windows\Tasks\B034E4DE-F959-4289-9CDE-821E262C615.job
2015-08-23 09:58 - 2015-08-23 09:58 - 00000000 ____D C:\Program Files\6949a848-fd16-4950-ad3a-5f859cf2add1
2015-08-23 09:57 - 2015-09-04 11:46 - 00000000 ____D C:\Program Files\A0BE2F10-1440316630-E011-A207-B94D9617E041
2015-08-23 09:57 - 2015-08-23 09:57 - 00000958 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-23 09:57 - 2011-12-30 13:15 - 00000864 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-23 09:55 - 2015-08-23 12:15 - 00000000 ____D C:\ProgramData\update
2015-08-23 09:55 - 2015-08-23 10:03 - 00000000 ____D C:\ProgramData\OWinManProO
2015-08-23 09:55 - 2015-08-23 09:55 - 00000000 _____ C:\Windows\prleth.sys
2015-08-23 09:55 - 2015-08-23 09:55 - 00000000 _____ C:\Windows\hgfs.sys
2014-05-30 18:37 - 2014-12-18 17:54 - 0000538 _____ () C:\Users\admin\AppData\Roaming\2YplpIcfiT30Bc7aFbBeJ0p
2014-11-06 19:43 - 2014-11-06 19:43 - 0233878 _____ () C:\Users\admin\AppData\Roaming\4ED62FBB88120ACF19637B80059756A2
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe
2014-10-27 03:05 - 2014-10-27 03:05 - 0233878 _____ () C:\Users\admin\AppData\Roaming\905CCF79278916E91590A8BAEDE53B11
2014-11-28 13:57 - 2014-11-28 13:57 - 0235348 _____ () C:\Users\admin\AppData\Roaming\906F7D600B4E574A1AA55C353BB6C948
2014-12-03 09:39 - 2014-12-09 03:13 - 0003951 _____ () C:\Users\admin\AppData\Roaming\C5C18FE1D82F4BB7F86E28860CE82AE7
2014-05-29 20:25 - 2014-05-29 20:25 - 0288937 _____ () C:\Users\admin\AppData\Roaming\CFEE7ADD9DAB7D3D84D0081B8E64C659
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
2014-05-29 20:25 - 2014-05-29 20:25 - 0288937 _____ () C:\Users\admin\AppData\Roaming\F38F8A1EAD8B6C42A4DC220CDF125C5D
2014-08-03 20:21 - 2014-12-09 03:13 - 0003951 _____ () C:\Users\admin\AppData\Roaming\F6E244C4484D18AF95FFD2EB6D0DAC6C
2014-11-12 11:37 - 2014-12-18 17:54 - 0000191 _____ () C:\Users\admin\AppData\Roaming\hNUpv8W6fTq9DSEoNXIgpr5pwk
2014-05-29 20:25 - 2014-12-16 11:49 - 0000315 _____ () C:\Users\admin\AppData\Roaming\MyRxSSBFZ6SaaKk934Be4MX93LE
2014-09-25 01:54 - 2014-12-18 17:55 - 0000016 _____ () C:\Users\admin\AppData\Roaming\UXFKTkPgyk7mHcaAHlZzHGwPI1a3zsM
2015-08-25 10:29 - 2015-08-25 10:29 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsc868F.tmp
2015-08-23 10:38 - 2015-08-23 10:37 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsi7192.tmp
2015-08-24 12:20 - 2015-08-24 12:20 - 0613255 _____ (CMI Limited) C:\Users\admin\AppData\Local\nsiCE96.tmp
2015-08-26 19:04 - 2015-08-26 19:04 - 0000124 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-01 14:07 - 2015-09-01 14:07 - 0000000 _____ () C:\ProgramData\temp
Task: C:\Windows\Tasks\70u8DEbO6VurusO.job => C:\Users\admin\AppData\Roaming\70u8DEbO6VurusO.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
C:\Program Files\AnyProtectEx
Task: C:\Windows\Tasks\B034E4DE-F959-4289-9CDE-821E262C615.job => C:\Users\admin\AppData\Local\B034E4DE-F959-4289-9CDE-821E262C615\B034E4DE-F959-4289-9CDE-821E262C615.exe
Task: C:\Windows\Tasks\ED9LQt0xEB9HY7EmP.job => C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe <==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== UWAGA
C:\Users\admin\AppData\Roaming\ED9LQt0xEB9HY7EmP.exe
Task: C:\Windows\Tasks\SmartWeb Upgrade Trigger Task.job => C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe <==== UWAGA
C:\Users\admin\AppData\Local\SmartWeb
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F