CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-477634370-3830861378-262435411-1000\...\Run: [hoffxvppyx] => explorer "hxxp://mcamega.ru/?utm_source=uoua03&utm_content=b5d515c02d3f251035eb7c407507a726&utm_term=4FAFCBD7A298DC3AD6974797D7820D60&utm_d=20180117" <==== UWAGA
HKU\S-1-5-21-477634370-3830861378-262435411-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-477634370-3830861378-262435411-1000\...\MountPoints2: {0d9afed2-936a-11e7-9ba6-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-477634370-3830861378-262435411-1000\...\MountPoints2: {947b14c0-936a-11e7-aedd-0019dbcee39d} - E:\AutoRun.exe
HKU\S-1-5-21-477634370-3830861378-262435411-1000\...\MountPoints2: {ec14457f-c305-11e7-a72d-806e6f6e6963} - E:\HiSuiteDownLoader.exe
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{B9E44179-B413-4E91-958A-5318D4C69F11}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203,192.168.1.1
Tcpip\..\Interfaces\{DF81F71F-E553-4BA7-94F1-E8A37D4E79E7}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203
HKU\S-1-5-21-477634370-3830861378-262435411-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mcamega.ru/?utm_source=startpage03&utm_content=6f499d7ffc995534f8ab9fdd9b86672d&utm_term=f18ed4b28f14510a5941f43bf1de8965&utm_d=17012018
HKU\S-1-5-21-477634370-3830861378-262435411-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-477634370-3830861378-262435411-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-477634370-3830861378-262435411-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BBDCB4C49-4E20-4466-B122-852D90F0F0BB%7D&gp=855500
FF Homepage: Mozilla\Firefox\Profiles\1zlr5bp0.default -> about:newtab
FF Plugin HKU\S-1-5-21-477634370-3830861378-262435411-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
S2 SvcHost Service Host; "C:\Windows\Microsoft\svchost.exe" -k LocalService [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [X]
S3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys [X]
2018-01-19 15:09 - 2018-01-19 15:09 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-19 15:01 - 2018-01-19 15:06 - 000000000 ____D C:\AdwCleaner
Task: {2834F85A-38B4-4A71-B824-5F1568FDD66D} - System32\Tasks\curl => C:\Users\Barti\AppData\Roaming\curl\curl_7_54.exe <==== UWAGA
Task: {8AC01578-7577-490C-BE01-4F0AF4B50C79} - System32\Tasks\curls => C:\Users\Barti\AppData\Roaming\curl\curl.exe <==== UWAGA
C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
EmptyTemp: