CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Program Files (x86)\CyberLink\Shared files\brs.exe () C:\Users\DonTheWolfVonPI\AppData\Local\Hisuite\userdata\hwtools\hdbtransport.exe HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.) HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\Run: [go] => C:\Users\DonTheWolfVonPI\AppData\Local\Go!\Application\go.exe --no-startup-window HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {3b23a0fc-0511-11e8-af21-3085a90b0874} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {3cbce080-b050-11e7-aee5-3085a90b0874} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {6ba8d86d-cbcd-11e7-aef5-3085a90b0874} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {b22b25da-eb5a-11e7-af06-3085a90b0874} - "E:\_AUTORUN\AUTORUN.EXE" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {bf3d6e2d-0b31-11e8-af25-3085a90b0874} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\MountPoints2: {fadd7d61-c18f-11e7-aeed-3085a90b0874} - "E:\HiSuiteDownLoader.exe" GroupPolicy: Ograniczenia <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA Tcpip\..\Interfaces\{26080f07-b80e-4c57-a64f-4bfa9208027d}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{4e9eaef2-02ca-4b5b-b957-e49d3007ea82}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{929e0b70-d065-4c50-a7cf-f694be8e74c6}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{aec7c39d-c2d3-46d5-805f-9166d534e020}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{eb3a66a0-aa0e-4f7d-9c1a-3918ce2cf003}: [DhcpNameServer] 192.168.0.1 BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141" U3 idsvc; Brak ImagePath 2017-12-30 11:40 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\DonTheWolfVonPI\GOUfeyKDU.exe 2017-12-30 11:40 - 2017-03-18 21:59 - 000001242 _____ () C:\Program Files (x86)\Common Files\sAobRsbsywWy 2017-03-18 21:59 - 2017-03-18 21:59 - 000001242 _____ () C:\Program Files (x86)\Common Files\sAobRsbsywWy.bat 2017-12-30 11:40 - 2017-03-18 21:59 - 000000078 _____ () C:\Users\DonTheWolfVonPI\AppData\Roaming\KAOEiSvAEsF 2017-03-18 21:59 - 2017-03-18 21:59 - 000000078 _____ () C:\Users\DonTheWolfVonPI\AppData\Roaming\KAOEiSvAEsF.bat 2017-12-30 11:40 - 2017-03-18 21:59 - 000001235 _____ () C:\Users\DonTheWolfVonPI\AppData\Roaming\mNiTTEx 2017-03-18 21:59 - 2017-03-18 21:59 - 000001235 _____ () C:\Users\DonTheWolfVonPI\AppData\Roaming\mNiTTEx.bat FilesInDirectory: C:\Users\DonTheWolfVonPI\AppData\Local\*.exe;*.dll;*.ini;*.bat FilesInDirectory: C:\Users\DonTheWolfVonPI\AppData\Roaming\*.exe;*.dll;*.ini;*.bat FilesInDirectory: C:\Program Files (x86)\Common Files\*.exe;*.dll;*.ini;*.bat ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku ContextMenuHandlers2: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Brak pliku Task: {0BEA3679-7D60-43D0-B322-1E178E24AF2E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {153D5502-577E-4F9A-9044-C0AE94EFBF00} - System32\Tasks\Opera scheduled Autoupdate 1514659098 => C:\Users\DonTheWolfVonPI\AppData\Local\Programs\Opera\launcher.exe [2018-03-08] (Opera Software) Task: {22B7224D-88FF-459A-894C-5F13C71540D0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30CBC242-DBC7-449E-9CF1-9128904A8959} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {34811350-B473-4C17-9E36-5FD7E1981528} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3544FAE7-3A6B-4792-99DB-65859259A75B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {37959512-D028-4F31-8383-786DFABE48A2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {383B8D1C-7B84-4A4A-9AB5-AE8758852B0D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {463EBC06-6A01-4F95-944A-1A7721482EB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {4A153AC6-44BA-44D7-A629-63505127C475} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4B00142D-E4E7-453C-8361-ABEECD81861F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {4C4B9B4E-98F1-4054-83F3-10468CA1B647} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4F23BFD0-12E8-4264-840C-B3823BEA5224} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {50822AC3-6F01-4290-A01B-EDA342BF983D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {508CB764-EBDB-43B9-B0DB-0F1022A5E916} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {544BC198-27D7-417E-9E3C-7BEAE2EFC90A} - System32\Tasks\eBGESUuI => C:\WINDOWS\SysWOW64\uivyeACt.bat [2017-03-18] () <==== UWAGA Task: {55661743-03FF-4001-9A67-2CBA62127B46} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA Task: {5710A90D-A9C8-4DB1-95FB-FB1D20EC543B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {5A4F8C7F-32CE-4A91-828D-98F6B6B36A99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {5EC03D5F-4B9F-499F-91DC-36ED778FE42D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {67223BE0-E10A-4468-BC6B-5D2A4210951F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {7200ED0E-B445-4102-B9BF-8BE8670E11F1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA Task: {79097029-758A-4382-AA0A-666C442889A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {7D1EBC77-ECA7-45E7-A2A7-54C55620BB3E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {7EB53C94-76D3-49D3-922D-039420AA54E0} - \CCleanerSkipUAC -> Brak pliku <==== UWAGA Task: {99EE7E36-128F-4628-ABC8-8C37DA45A739} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A1A598BD-E798-4F72-B12D-1899E490806B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A27A9CFA-8B0E-4B3F-93FB-D9CEDE3CB2C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {A2DC4700-C92D-419E-9D50-9C2660C1ECCD} - System32\Tasks\OIERyGoYoGu => C:\Users\DonTheWolfVonPI\AppData\Roaming\KAOEiSvAEsF.bat [2017-03-18] () <==== UWAGA Task: {A8C01358-382D-4765-86D8-D823E875B2C5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {AE02496F-129E-4904-856B-49F009501239} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AE7BF74D-B1C8-4851-A31B-A44C3581793B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B7832E3E-2E86-46C0-BC7A-F39132E329F0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C018DC72-19F9-4548-94D1-CE5205008E68} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CF33EAAB-EC78-430C-A226-67039F3547E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {D50E7EE9-1857-4DAB-81DE-6174F58E72B9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E1126340-B7C5-45C6-8E26-AF0AFC35E10D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {F83AD70B-4537-4B37-9276-074D5DC0F1F5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe C:\Users\DonTheWolfVonPI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40] AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432] HKLM\...\StartupApproved\Run32: => "WinampAgent" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-90319417-1379731500-3216062870-1000\...\StartupApproved\Run: => "go" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk C:\Users\DonTheWolfVonPI\Documents\Euro Truck Simulator 2\readme.rtf.lnk C:\Users\DonTheWolfVonPI\Desktop\Programy\Any Audio Converter.lnk C:\Users\DonTheWolfVonPI\Desktop\Programy\CCleaner.lnk C:\Users\DonTheWolfVonPI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go!.lnk C:\Users\DonTheWolfVonPI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Crossout Launcher.lnk C:\Users\DonTheWolfVonPI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk C:\Users\DonTheWolfVonPI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Go!.lnk Hosts: CMD: ipconfig /flushdns