CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\maro\AppData\Roaming\ur0l0ankdj4\tvbpugmu5zr.exe Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {4F9736B9-68C8-48D2-8B94-10115F7FA46C} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {78BBD74E-4FF0-4D48-BFE7-431CF268C9A9} - System32\Tasks\{019149B5-28B3-4D91-A2E7-AD81B91E7D02} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -c -remove -runfromtemp Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сеnt Вrоwser.lnk C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Сent Вrowser.lnk C:\Users\Public\Desktop\Вrоther Utilitiеs.lnk C:\Users\maro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f9cb17000d7fedd\Cent Browser.lnk HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Run: [8654320] => C:\Users\maro\AppData\Roaming\ur0l0ankdj4\tvbpugmu5zr.exe [615599 2018-05-27] (ZA3 ) HKU\S-1-5-21-2733974409-696436795-1696199612-1004\...\Run: [4642551] => C:\Users\maro\AppData\Roaming\abw31lmiwa5\2sd5l54wrxi.exe [615599 2018-05-28] (ZA3 ) HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Corporation) GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms} HKU\S-1-5-21-2733974409-696436795-1696199612-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/ SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2733974409-696436795-1696199612-1004 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2733974409-696436795-1696199612-1004 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_ye9Gzw4oVd4hIuDhExDC9LZyZwjMJ_SYddkPbpL6beCduMsoN-Bjjhe-pZm-2E0xVZyTMv6n8zIy7NKS_dNbvJi-Whwe38dEwXazZSnQm689YBbOzzp6akxnjPbTzf1s8-xfED5joxqwF28PJML77t_EUg,,&q={searchTerms} CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10644480 2018-05-23] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA R2 WNetworkMgmt; C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe [6232185 2018-05-22] () [Brak podpisu cyfrowego] <==== UWAGA U3 dmwappushsvc; Brak ImagePath 2018-05-28 00:11 - 2018-05-28 00:54 - 000000000 ____D C:\Program Files (x86)\NExnNAYCpUUn 2018-05-28 00:11 - 2018-05-28 00:49 - 000000000 ____D C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR 2018-05-28 00:11 - 2018-05-28 00:29 - 000000000 ____D C:\Program Files (x86)\EPVqpVJyVSWU2 2018-05-28 00:11 - 2018-05-28 00:28 - 000000000 ____D C:\Program Files (x86)\KCGHGVOnU 2018-05-28 00:11 - 2018-05-28 00:28 - 000000000 ____D C:\Program Files (x86)\JAcqddADqIE 2018-05-28 00:11 - 2018-05-28 00:25 - 000000000 ____D C:\Program Files (x86)\SvnSzzIscGyUC 2018-05-28 00:10 - 2018-05-28 00:55 - 000000000 ____D C:\Program Files\NA95Q9L6FZ 2018-05-28 00:10 - 2018-05-28 00:10 - 000000000 ____D C:\Users\maro\AppData\Roaming\abw31lmiwa5 2018-05-27 23:40 - 2018-05-27 23:40 - 000000266 __RSH C:\Users\maro\ntuser.pol 2018-05-27 23:38 - 2018-05-28 00:54 - 000000000 ____D C:\Program Files\E0K2R0XGIM 2018-05-27 23:38 - 2018-05-27 23:38 - 000000266 __RSH C:\ProgramData\ntuser.pol 2018-05-27 23:38 - 2018-05-27 23:38 - 000000000 ____D C:\Users\maro\AppData\Roaming\ur0l0ankdj4 CMD: ipconfig /flushdns CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Users\maro\AppData\Roaming" CMD: dir /a "C:\Users\User\AppData\Local"