03 Gru 2015, 16:58
03 Gru 2015, 17:04
03 Gru 2015, 18:53
03 Gru 2015, 22:13
Task: {22A12935-253D-44C3-BF10-A47DCD87B799} - System32\Tasks\Anafre => C:\PROGRA~1\GROOVE~1\Jennodka.bat
C:\PROGRA~1\GROOVE~1
Task: {2CACA492-A401-46DF-BC82-F05C63C41F5D} - System32\Tasks\{A4307585-E699-4009-9729-DCE59CEDED4E} => pcalua.exe -a "C:\Users\tomek i monika\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=cmi
C:\Users\tomek i monika\AppData\Roaming\mystartsearch
Task: {2D147925-6982-4F40-97D9-CE058E0CD3B9} - \WordSurfer Auto Updater 1.10.0.19 Core Brak pliku <==== UWAGA
Task: {34B41D2E-C5A9-466A-9393-F9C8B2D3DC4C} - \WordSurfer Auto Updater 1.10.0.19 Pending Update Brak pliku <==== UWAGA
Task: {47EDD33D-DD69-4E82-AF70-6734AD8F526D} - System32\Tasks\psv_dtgq2wu3 => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\ptwtw4c4.xmp.reg" & del "C:\ProgramData\Saophase\ptwtw4c4.xmp.reg" & SCHTASKS /Delete /TN "psv_dtgq2wu3" /F <==== UWAGA
Task: {49300FB2-1156-4D29-8C79-5A0F12FB96D4} - System32\Tasks\psv_scrt2ugm => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\4lw3vb5w.jkx.reg" & del "C:\ProgramData\ExtTag\4lw3vb5w.jkx.reg" & SCHTASKS /Delete /TN "psv_scrt2ugm" /F <==== UWAGA
Task: {59C1444B-804D-41B3-9B7D-9076430B98F2} - System32\Tasks\psv_0u51yomb => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\oow3hlmb.as1.reg" & del "C:\ProgramData\Saophase\oow3hlmb.as1.reg" & SCHTASKS /Delete /TN "psv_0u51yomb" /F <==== UWAGA
Task: {5F3FED77-D640-4823-B076-1E7E26148B3E} - System32\Tasks\Fruit => Rundll32.exe "C:\Users\tomek i monika\AppData\Local\Fruit\{A416A85B-0F01-095F-29F8-9241840959C2}\Fruit.dll",#3
C:\ProgramData\Saophase
C:\ProgramData\ExtTag
Task: {60E8E45E-2E41-4C38-A4D7-B4168C75496B} - System32\Tasks\psv_rws1ckar => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\uayfp353.grh.reg" & del "C:\ProgramData\Saophase\uayfp353.grh.reg" & SCHTASKS /Delete /TN "psv_rws1ckar" /F <==== UWAGA
Task: {704B2741-5DFC-4F5B-A42D-4750133F4834} - System32\Tasks\psv_ygqzecia => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\5si3t2ig.4si.reg" & del "C:\ProgramData\Saophase\5si3t2ig.4si.reg" & SCHTASKS /Delete /TN "psv_ygqzecia" /F <==== UWAGA
Task: {757F0DDA-42C7-46D6-B27D-3402B1ACECE7} - System32\Tasks\psv_gi5c2reb
Task: {7C0B2756-C73A-4362-83BC-0D6A29B53341} - System32\Tasks\psv_abn4bfpk => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\czayzn5d.2pq.reg" & del "C:\ProgramData\ExtTag\czayzn5d.2pq.reg" & SCHTASKS /Delete /TN "psv_abn4bfpk" /F <==== UWAGA
Task: {83F4B0BE-90D3-4ECE-A761-BE9A187B5860} - System32\Tasks\psv_qmmagguf => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\40iqioji.cjj.reg" & del "C:\ProgramData\Saophase\40iqioji.cjj.reg" & SCHTASKS /Delete /TN "psv_qmmagguf" /F <==== UWAGA
Task: {895C06D7-ACA1-4AF0-9E8E-10E793428D3F} - System32\Tasks\psv_3joee5n0 => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\cjpgide3.r0k.reg" & del "C:\ProgramData\Saophase\cjpgide3.r0k.reg" & SCHTASKS /Delete /TN "psv_3joee5n0" /F <==== UWAGA
Task: {9791066C-CAB0-4573-A991-280E4A2A9087} - System32\Tasks\psv_glx22uce => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\n45sgq3y.wsu.reg" & del "C:\ProgramData\ExtTag\n45sgq3y.wsu.reg" & SCHTASKS /Delete /TN "psv_glx22uce" /F <==== UWAGA
Task: {9849A74F-E3CB-486A-A218-BC42CAEC188C} - System32\Tasks\psv_digsjvpf => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\scoh3pfq.t1l.reg" & del "C:\ProgramData\Saophase\scoh3pfq.t1l.reg" & SCHTASKS /Delete /TN "psv_digsjvpf" /F <==== UWAGA
Task: {BB8D6E90-0DEB-431F-BFF4-C6AEC535F19D} - System32\Tasks\{29E85FB9-3F1E-45BC-B7CB-88EBDAD2EAB5} => pcalua.exe -a "C:\Users\tomek i monika\AppData\Roaming\istartpageing\UninstallManager.exe" -c -ptid=cmi
C:\Users\tomek i monika\AppData\Roaming\istartpageing
Task: {C01082E5-6F39-4D51-A7A2-9CF3148C28EA} - System32\Tasks\psv_z0l5g3ih => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\jaqdjhz4.nwx.reg" & del "C:\ProgramData\ExtTag\jaqdjhz4.nwx.reg" & SCHTASKS /Delete /TN "psv_z0l5g3ih" /F <==== UWAGA
Task: {C1657A6F-528D-43EA-934F-0C4D4D8CC3FC} - System32\Tasks\{B0998AD3-0200-4F19-B040-A68D861EF5D6} => pcalua.exe -a "C:\Users\tomek i monika\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=obw
C:\Users\tomek i monika\AppData\Roaming\istartsurf
Task: {CDDD4F35-9B5E-49EE-80AA-9AF1D9508FD5} - System32\Tasks\psv_531uwinr => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\natmedne.ntk.reg" & del "C:\ProgramData\ExtTag\natmedne.ntk.reg" & SCHTASKS /Delete /TN "psv_531uwinr" /F <==== UWAGA
Task: {D18D7B01-5343-4455-949B-3FF8F7CF6F68} - System32\Tasks\psv_z4zhzv2n
Task: {E6BEA368-F698-467A-8E41-5E1CAC570D95} - System32\Tasks\psv_p2uefr1b => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\3bjfro0j.4rc.reg" & del "C:\ProgramData\ExtTag\3bjfro0j.4rc.reg" & SCHTASKS /Delete /TN "psv_p2uefr1b" /F <==== UWAGA
Task: {E76BC66F-E430-4E7B-BC01-9841F7FC854D} - System32\Tasks\Video Rest => Rundll32.exe "C:\Users\tomek i monika\AppData\Local\Video Rest\{A416A85B-0F01-095F-29F8-9241840959C2}\VideoRest.dll",#3
Task: {F27F02DC-E098-4245-AB1C-CE145DC43F7C} - System32\Tasks\psv_1pucvim3 => cmd.exe /c regedit.exe /s "C:\ProgramData\Saophase\24eo0ynd.fpg.reg" & del "C:\ProgramData\Saophase\24eo0ynd.fpg.reg" & SCHTASKS /Delete /TN "psv_1pucvim3" /F <==== UWAGA
Task: {F93DD00C-0F9D-45DC-AC4D-9DC6D4912C1E} - System32\Tasks\psv_c4kdi0ec => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\rqn0dkm5.tnn.reg" & del "C:\ProgramData\ExtTag\rqn0dkm5.tnn.reg" & SCHTASKS /Delete /TN "psv_c4kdi0ec" /F <==== UWAGA
C:\Users\tomek i monika\AppData\Local\Video Rest
C:\Users\tomek i monika\AppData\Local\Fruit
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
FF Extension: Great Find - C:\Users\tomek i monika\AppData\Roaming\Mozilla\Firefox\Profiles\dqb1irz0.default\Extensions\{097e11a6-d004-4407-a0d5-8e3e54e19744}.xpi [2015-09-04] [Brak podpisu cyfrowego]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
CHR Extension: (MyStart New Tab) - C:\Users\tomek i monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\peefembmkccmkodbcpgilfjgkligpbba [2015-12-03]
CHR Extension: (Video Rest) - C:\Users\tomek i monika\AppData\Local\Video Rest\Component [2015-12-03]
2015-11-30 19:14 - 2015-11-30 19:14 - 00000000 ____D C:\Users\tomek i monika\AppData\Roaming\ToheEepoldo
2015-11-30 19:13 - 2015-12-03 17:10 - 00000000 ____D C:\Program Files\groover301120151853
2015-11-30 17:55 - 2015-11-30 19:13 - 00056480 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-11-03 09:01 - 2015-11-04 09:40 - 00001338 _____ C:\Users\tomek i monika\Desktop\Wyczyść rejestr za darmo!.lnk
2015-11-30 17:40 - 2015-10-15 14:26 - 00000000 ____D C:\Program Files\edd8aaef-0db2-4c2f-b9e6-25fd5272994a
2015-11-30 17:38 - 2015-10-17 14:29 - 00000000 ____D C:\Program Files\8b51f0b5-2be1-4f02-9a35-fe3bd79ef074
2015-11-30 17:38 - 2015-09-04 08:48 - 00000000 ____D C:\Program Files\1de968f0-15ad-423d-a501-dbc810d59023
EmptyTemp:
03 Gru 2015, 23:15
04 Gru 2015, 20:29
2015-11-30 17:55 - 2015-11-30 19:13 - 00056480 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
Reboot:
05 Gru 2015, 23:05
06 Gru 2015, 21:40
Files to delete:
C:\Windows\system32\Drivers\cherimoya.sys
Folders to delete:
C:\AdwCleaner
06 Gru 2015, 22:14
06 Gru 2015, 22:35
06 Gru 2015, 22:52
09 Gru 2015, 18:21