CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {27deb8e1-a897-11e4-8258-40f02fe8165a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {29bfc4ae-a58b-11e4-8257-3065ec30deaf} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {29bfc4f1-a58b-11e4-8257-3065ec30deaf} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {2ed71660-d381-11e4-827c-3065ec30deaf} - "F:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {2ed719a9-d381-11e4-827c-3065ec30deaf} - "H:\Autorun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {3c79adcd-edf4-11e5-82d8-3065ec30deaf} - "E:\iLinker.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {ac809fca-bfae-11e7-844f-40f02fe8165a} - "J:\.\StartModem.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {bad75c9f-0953-11e5-8292-3065ec30deaf} - "F:\setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {c9c5a26d-53d4-11e6-82f7-3065ec30deaf} - "E:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {cab98aa2-02d7-11e5-8292-3065ec30deaf} - "F:\setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {cab98bb6-02d7-11e5-8292-3065ec30deaf} - "J:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {cab9900f-02d7-11e5-8292-3065ec30deaf} - "H:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {ddc6a797-f8d3-11e4-828f-3065ec30deaf} - "D:\Autorun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {ddc6a981-f8d3-11e4-828f-3065ec30deaf} - "F:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {ddc6ac84-f8d3-11e4-828f-3065ec30deaf} - "F:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {e28223a6-199a-11e6-82e3-3065ec30deaf} - "Q:\setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {e3b7ccdd-6634-11e6-830b-3065ec30deaf} - "E:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {e3b7cda3-6634-11e6-830b-3065ec30deaf} - "G:\Install.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {e47973a3-ad64-11e4-8261-40f02fe8165a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {e47973e1-ad64-11e4-8261-40f02fe8165a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\MountPoints2: {fb8a7520-7a3c-11e6-831e-3065ec30deaf} - "H:\Setup.exe" 
HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-11]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\user\AppData\Local\Facebook\Games\FacebookGameroom.exe (Brak pliku)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2015-01-31]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
CHR HKU\S-1-5-21-2390899136-229835132-1058128049-1001\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHHo2wMx2WO_50-KG68lF2x6DqPNIbWpZgQqf7B1V2hUtRh95m1zWSMUjEx5G9etV6xC6p7YXhZCUzaVsmsVxk-bHqtjIAKZTKO4I2kyjjyVsu2jdUufCQfFzOte3o5VSpP0tvUtcfi8gLOa24RRnrPsNutkYbsyipos023gkbXjOvrlloGw,,
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
S3 ALG; C:\Windows\SysWOW64\alg.exe [0 2016-01-26] () <==== UWAGA (zerobajtowy plik/folder)
S3 wuauserv; C:\Windows\SysWOW64\wuaueng.dll [0 2016-01-26] () <==== UWAGA (zerobajtowy plik/folder)
S4 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe -service [X]
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [X]
S3 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
S3 RMSvc; "C:\Program Files\Acer\Acer Quick Access\RMSvc.exe" [X]
S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 Update Special Box; "C:\Program Files (x86)\Special Box\updateSpecialBox.exe" [X]
S2 Util Special Box; "C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe" [X]
U5 Chngr; C:\CSGO_Changer_OBT6\bin\Flo\Chngr81.sys [0 2017-10-29] () <==== UWAGA (zerobajtowy plik/folder)
S1 arsbfohe; \??\C:\Windows\system32\drivers\arsbfohe.sys [X]
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-05-05 16:38 - 2017-05-05 16:38 - 000014506 _____ () C:\Users\Administrator\AppData\Local\Temp\bgiiej.exe
2017-05-05 17:14 - 2017-05-05 17:14 - 000012970 _____ () C:\Users\Administrator\AppData\Local\Temp\mixwum.exe
2017-04-28 20:02 - 2017-04-28 20:02 - 000019626 _____ () C:\Users\Administrator\AppData\Local\Temp\mrtp.exe
2017-05-05 17:14 - 2017-05-05 17:14 - 000012970 _____ () C:\Users\Administrator\AppData\Local\Temp\rgigb.exe
2017-05-01 09:31 - 2017-05-01 09:31 - 000014506 _____ () C:\Users\Administrator\AppData\Local\Temp\rqgn.exe
2017-04-28 20:02 - 2017-04-28 20:02 - 000053930 _____ () C:\Users\Administrator\AppData\Local\Temp\winiwuv.exe
2018-01-03 15:54 - 2018-01-03 16:02 - 000000000 _____ () C:\Users\user\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
2018-01-03 15:55 - 2018-01-03 15:55 - 000000045 _____ () C:\Users\user\AppData\Local\Temp\9f18ab2c787f9e79a01c935f1a08ad8b.dll
GameLauncher (HKU\S-1-5-21-2390899136-229835132-1058128049-1001\...\GameLauncher) (Version:  - ) <==== UWAGA
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gtavicecity\gtavicecity on the Web.lnk -> hxxp://yandex.ru/?clid=14036
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\Users\Administrator\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\Administrator\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\Users\Administrator\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Administrator\AppData\Roaming:NT2 [432]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\user\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\user\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\Users\user\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\user\AppData\Roaming:NT2 [432]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2390899136-229835132-1058128049-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
EmptyTemp: