CloseProcesses:
WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
ShortcutWithArgument: C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ALCHEM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://navsmart.info
ShortcutWithArgument: C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navsmart.info
ShortcutWithArgument: C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ALCHEM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://navsmart.info
ShortcutWithArgument: C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\ALCHEM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://navsmart.info
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navsmart.info
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92872 2016-07-30] (WinMount International Inc)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.)
U3 idsvc; Brak ImagePath
U3 wpcsvc; Brak ImagePath
Task: {083F776B-B52A-41F6-9F00-C8501118D8E1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {28D7820A-3BA2-40E9-858E-3046295A2E42} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {4A85E4C6-5ADD-438F-A5E6-1C987C645B43} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {4BA9140F-42E4-4F14-BA6D-388F9FB4EF99} - System32\Tasks\b2929b72a96a471893ecaa9c51368bae => C:\Program Files (x86)\2j7E0C1\rzxE0E0.bat [2016-07-30] ()
Task: {4FA8FCEF-08B1-4712-B3BA-015DD64EA06D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {513F3584-ADA5-4CAA-9023-46FD458BF356} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {51917499-61A4-4502-860A-273061CB7DBA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {590993D8-F37F-4D1D-961E-6A7B944DE1FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {66D23134-FD89-4C2C-A068-174D24C48A4B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {712ECAE7-8F98-4CA8-A5BE-E360BDF7617F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {846EB02C-7843-4EAB-B3BE-C9B0896BB6E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {A4F538AB-607F-4751-B4BC-7A7FFD5E75A4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AE9A6890-9B4E-4076-A0D5-37FE2A648B35} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B09769FD-BE7C-43A0-B543-693E70B4F42A} - System32\Tasks\OnlineIO => C:\Program Files\Online-IO\Online.exe [2016-07-21] (Microleaves Ltd)
Task: {B177628C-A214-4573-8E0A-A16D5E620E8E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {B36517B9-236D-48CE-83AC-0945D4CE0C64} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B8274553-1CB6-4815-86B7-FC471B135DD1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C41F8D10-A628-4977-8DB7-EF10E6245E63} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D2275ECE-A658-44D5-818F-5EDADCE47708} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D7524836-BB8A-459E-9A4A-6FF769339B19} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D7D2BA5A-4F25-4769-B565-F0DC553FAAAD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {DA21479E-7A0C-4C24-B5B6-37816C69D021} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E0E2E97A-1D02-4A97-AA7F-4DBEA3CF8900} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E3172048-92D9-472B-B44D-E20BE3C9C99D} - System32\Tasks\Phujitythase Engine => C:\Program Files (x86)\Shuqogeclaale_\Phujitythaseengplb.exe
Task: {E6A5DFA9-ED0B-421F-9E86-CCB5E254B41D} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
Task: {E8CC4162-4C8A-4271-8017-78C97707E2FD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F44713AD-1E53-4A61-8336-BE94BE6BB97B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {FBF98844-1063-4AE1-8737-CDF2F150EB21} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-07-30] ()
HKU\S-1-5-21-2538737369-596069251-4272499049-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2538737369-596069251-4272499049-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe /AUTORUN
HKU\S-1-5-21-2538737369-596069251-4272499049-1000\...\MountPoints2: {a3d1e2af-3105-11e4-9913-806e6f6e6963} - "G:\incs4o.EXE"
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center
C:\Program Files\Online-IO
C:\Program Files\żěŃą
C:\Program Files (x86)\2j7E0C1
C:\ProgramData\WindowsMsg
C:\Users\Alchemy Studio\AppData\Local\app
C:\Users\Alchemy Studio\AppData\Local\guquentligolysergeph
C:\Users\Alchemy Studio\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
C:\Users\Alchemy Studio\AppData\Local\UCBrowser
C:\Users\Alchemy Studio\AppData\Roaming\*.*
C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk
C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC???.lnk
C:\Users\Alchemy Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacja Wyświetl mój ekran\Przykładowy plik konfiguracyjny.lnk
C:\Windows\ehome
C:\WINDOWS\system32\drivers\KuaiZipDrive.sys
C:\WINDOWS\system32\drivers\ucguard.sys
C:\WINDOWS\system32\Drivers\etc\hp.bak
C:\Windows\system32\Tasks\Microsoft\Windows\Media Center
Folder: C:\Users\Alchemy Studio\AppData\Local\Apps\2.0
Zip: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.lnk
CMD: netsh advfirewall reset
Hosts:
EmptyTemp: