CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-1771593470-3012635902-189330645-1001\...\Policies\Explorer: [NoCDBurning] 1
CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1448954022&z=a2b4d0712fc373eb4beed53g8zbz9b6t8w5z1e7cce&from=cor&uid=SAMSUNGXHN-M500MBB_S2R7J1MBA08844
CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1448954022&z=a2b4d0712fc373eb4beed53g8zbz9b6t8w5z1e7cce&from=cor&uid=SAMSUNGXHN-M500MBB_S2R7J1MBA08844"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
StartMenuInternet: Google Chrome.FQJL2ROJX4EHU2XMXWODR2DFLE - C:\Users\Aniolek\AppData\Local\Google\Chrome\Application\chrome.exe
U3 idsvc; Brak ImagePath
„Windows Live Essentials“ (HKLM-x32\...\{F70350F0-4979-4321-915D-0C947AE45A48}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
„Windows Live Mail“ (HKLM-x32\...\{E5D458F4-4B41-444D-907D-083692D1D675}) (Version: 16.4.3508.0205 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (HKLM-x32\...\{345C8936-4812-4293-8EFD-CF570D955D12}) (Version: 16.4.3508.0205 - „Microsoft Corporation“) Hidden
Fotogaléria (HKLM-x32\...\{08466673-3905-4437-93E8-34A221B7CA4E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{AEA7CE08-09DC-4186-99FD-66A26F3B8B21}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foto-galerija (HKLM-x32\...\{21DB4773-B510-45A8-A929-C1A625A911AB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{BE2DE42A-6696-4EE7-9E59-B9385F339DD3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{DB98CF74-83DF-4513-8450-95C6711E88CE}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{92E22997-3614-4ED9-9D53-C6C09B105BE9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{F38BCC33-D42A-44EB-B62F-B3BB89B29FAF}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{06738361-EB60-40D7-84BC-7807ED7EF282}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{8D977EAA-DF3E-4054-A98D-F27AEB0248DD}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{6DFF6F1B-F876-4007-AC82-42D5DDF0E090}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotos (HKLM-x32\...\{1998BD95-54C6-4F31-8D85-FE9FCF5DE51D}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{207DA277-6A6D-4863-B535-129931D2BB21}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie foto (HKLM-x32\...\{FCF46EBE-4637-4A0D-8CE2-C39897A2D7E1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerija fotografija (HKLM-x32\...\{FD5D64EB-DC61-4026-AF47-585B39F19341}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{FA12037C-B6FA-4825-86BC-D58AA6A9CC24}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pošta Windows Live (HKLM-x32\...\{9D30784B-4FA7-4BF7-B6D4-D6A494E2A366}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (HKLM-x32\...\{FA6BC7A5-85B3-4DC2-825C-D508E386151A}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Valokuvavalikoima (HKLM-x32\...\{245C4CCD-8829-469C-9278-2BA330BEB8F4}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (HKLM-x32\...\{032CB0D7-FDBF-4CA9-901B-A4C1B01B1777}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{7A9122B2-CF90-4ACB-8E10-AA83F725916B}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{44B4333A-60A6-4FFC-BCC5-B0ECA23D2AAB}) (Version: 16.4.3508.0205 - Корпорация Майкрософт) Hidden
Фотоальбом (HKLM-x32\...\{CE4EEFE0-85E0-436E-95C5-BCB2EE30C976}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотогалерия (HKLM-x32\...\{87E79A55-EBF1-472F-BCAD-4A631B9A69A5}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (HKLM-x32\...\{234BD64C-99F4-42B5-837F-82F00E37A7E1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
גלריית התמונות (HKLM-x32\...\{B1AC8AF0-2979-4DF8-AE26-B1D543F3543F}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
بريد Windows Live (HKLM-x32\...\{7A546E5C-0906-42CC-92DF-B2E787FFA7D2}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
معرض الصور (HKLM-x32\...\{6F77C156-7660-4CEC-8793-97D80D5BFEC0}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
사진 갤러리 (HKLM-x32\...\{25D4B03F-B207-418B-9A0F-6AD5042B38AE}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (HKLM-x32\...\{7DB15F28-5E38-476A-A773-EA07EAEAB1B3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (HKLM-x32\...\{25716F85-7DB7-4CB4-8BD3-1992DBA3F59C}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Brak pliku
ContextMenuHandlers1_S-1-5-21-1771593470-3012635902-189330645-1001: [GGDriveMenu] -> [CC]{E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
ContextMenuHandlers4_S-1-5-21-1771593470-3012635902-189330645-1001: [GGDriveMenu] -> [CC]{E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
Task: {00E7F80F-7E5F-47C1-A0F3-D2246E4B8766} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
Task: {09A8C641-B84E-4EBF-95B2-1502405DFF51} - \chroomiumCheckTask -> Brak pliku <==== UWAGA
Task: {12B13B46-9E64-4F39-8326-17C1FAB0A144} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1B6A46D7-E892-4235-A149-8985B97C8324} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {310A86B5-A07F-4FF3-832D-4CD08C398D01} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {344EAFBE-8375-434D-8FBB-53953272F59A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {367297CF-B2E1-4A8C-B90C-83599A87A9FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {3C970A32-CFDE-46A5-BD16-7CAC39F3D3D5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3F304C6E-2675-4D2C-A568-47CDEAF32D0B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {40E6CDD5-A40A-43D9-9D5A-24E8CE50ABD4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {496A4B77-D6EF-4A7C-AAAA-5E0D98FBE48E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5231B725-2DAA-43EA-A371-45D212AB3B34} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {5DCC5B28-E923-4A8E-B421-09C7747AE9FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {5F3B346E-0FFA-4ED2-B930-D9B7D699D981} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {619474E1-61DE-4E22-8B2B-1E4793293BD7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63399EE5-AE76-4E24-8A1A-999935410D77} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {724BFA4E-D1B4-4472-A52A-6FC8B238BF7C} - \chroomiumBrowserUpdateUA -> Brak pliku <==== UWAGA
Task: {787EBF90-A9C9-4742-9C30-1A42651B2123} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {7F978A5D-F4E4-40D8-99DA-8719DA227869} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {7FDC3036-EBEE-4C65-AFBA-C3E948AA573F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84D5E53F-782D-4EEA-BDB6-A5F8D62341CB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {86D27268-F458-49B6-85EB-EBE9357BE635} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88E7AEB7-4C13-4D48-8842-1509C10F2FCA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {90AF358A-91B8-45C5-8AB6-ED096E397E9B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {993E4A37-DC1A-4276-A037-5F019F54A4D3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B5D00D0-A8D2-4CD8-B35D-B4C7EAD87FAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B875EAE-684D-4027-9B4C-65630BB4531F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {A231A617-9C5B-4252-B784-2D298BF46295} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A2E5E71F-BA8A-44B9-9EA1-AE765FF34548} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD2613C7-B978-47DF-8FA0-957A42C6F84C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {B91A3298-498D-438A-9B3A-4B4BF43E5C70} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD18847F-398A-4A91-8475-0EEEA97B8A8C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE61AA06-3A60-4051-8177-8849973EC06D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {C1BEDFBA-B43A-44C0-8C31-B3C070BE0C45} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3D13D3D-B475-4D9C-A029-8BCE6F71DC96} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D2638BDA-729C-4555-A614-7C499A00139D} - \chroomiumBrowserUpdateCore -> Brak pliku <==== UWAGA
Task: {D596AF73-A7F9-442E-8388-E89A1207957F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {E53DF8D7-D988-4D2C-834B-96A4F170D6F2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {FA33E493-1353-47CA-A453-7DCD06A5F1C0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC [334]
MSCONFIG\startupfolder: C:^Users^Aniolek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
C:\Users\Aniolek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
CMD: netsh advfirewall reset
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}